Distributed systems in heterogeneous, Byzantine-fault-tolerant cloud environments lack a robust, hardware-rooted trust foundation. Method: This paper proposes TNIC, a Trusted Network Interface Card architecture that establishes a formally verified, silicon-based root of trust at the hardware layer. TNIC introduces the first NIC-level minimal trusted computing base (TCB), decoupling security functions from the CPU and integrating hardware-accelerated trusted networking stacks with migratable attestation and non-repudiation mechanisms. It enables strong network-layer isolation, extends trusted execution environments (TEEs), and provides a unified API framework. Results: Four quantitatively evaluated trusted systems built upon TNIC achieve up to 6× higher end-to-end performance compared to CPU-centric TEE solutions—while preserving mathematically provable security—thereby significantly alleviating the longstanding performance–security trade-off bottleneck in trusted computing.

We introduce TNIC, a trusted NIC architecture for building trustworthy distributed systems deployed in heterogeneous, untrusted (Byzantine) cloud environments. TNIC builds a minimal, formally verified, silicon root-of-trust at the network interface level. We strive for three primary design goals: (1) a host CPU-agnostic unified security architecture by providing trustworthy network-level isolation; (2) a minimalistic and verifiable TCB based on a silicon root-of-trust by providing two core properties of transferable authentication and non-equivocation; and (3) a hardware-accelerated trustworthy network stack leveraging SmartNICs. Based on the TNIC architecture and associated network stack, we present a generic set of programming APIs and a recipe for building high-performance, trustworthy, distributed systems for Byzantine settings. We formally verify the safety and security properties of our TNIC while demonstrating its use by building four trustworthy distributed systems. Our evaluation of TNIC shows up to 6x performance improvement compared to CPU-centric TEE systems.