Title: Trust Assurance Framework · RFP · EthSystems

URL Source: https://original.es-internal.pages.dev/rfps/rfp-trust-assurance/

Markdown Content:
---
description: Institutions evaluating privacy solutions ask &#34;what am I trusting?&#34; before &#34;how fast is it?&#34; Currently, there's no standardized way to compare trust assumptions across ZK rollups, TEE-based systems, MPC protocols, and FHE implementations. Each vendor describes trust differently, making apples-to-apples comparison impossible.
title: Trust Assurance Framework · RFP · EthSystems
image: https://original.es-internal.pages.dev/og.png
---

[Skip to content](#main-content) 

# RFP: Trust Assurance Framework

## Why It Matters

* Turns "privacy marketing" into something closer to SOC2-style assurance narratives
* Enables institutional risk teams to evaluate solutions using familiar frameworks
* Unblocks procurement decisions that stall on "we don't understand the trust model"

## Scope

### In-Scope

* Standardized "assurance card" template covering:
  * Trust roots (sequencer, prover, DA committee, TEE manufacturer)
  * Cryptographic assumptions (hardness assumptions, parameter choices)
  * Upgrade/admin key risks
  * Hardware trust surface (for TEE-based systems)
  * Failure modes (censorship, data withholding, key compromise)
  * Side-channel and metadata leakage surface
* Assurance cards for major privacy approaches:
  * ZK rollups (Aztec-style)
  * TEE-based privacy (SGX/SEV/Nitro)
  * MPC coordination
  * FHE computation
* Controls mapping: what institutions can mitigate via audits, attestation, key management

### Out-of-Scope

* Full security audits of specific implementations
* Legal/compliance assessments
* Performance benchmarking (see [Benchmark Dashboard](/use-cases/rfp-benchmark-dashboard/))

## Deliverables

* Assurance card template (markdown format, compatible with EthSystems Map patterns)
* 4-6 completed assurance cards for major privacy system types
* "Red team scenarios" document (3-5 attack scenarios per system type)
* Controls mapping guide for institutional risk teams

## Dependencies

**Requires:**

* Access to public documentation for major privacy systems
* Review of existing threat models (where published)

**Enables:**

* Informed institutional procurement decisions
* Foundation for [Benchmark Dashboard](/use-cases/rfp-benchmark-dashboard/) trust dimensions
* Input to custody and compliance RFPs

## See Also

* [Pattern: TEE-Based Privacy](/patterns/pattern-tee-based-privacy/)
* [Pattern: Threshold Encrypted Mempool](/patterns/pattern-threshold-encrypted-mempool/)
* [Vendors](../vendors/) — Systems to analyze
* [GitHub Issue #27](https://github.com/ethsystems/map/issues/27) — Performance and trust assumptions mapping

#### Referenced by

RFPs1
* [Living Benchmark Dashboard](/rfps/rfp-benchmark-dashboard/)

×

```json
{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://ethsystems.org/#organization","name":"EthSystems","url":"https://ethsystems.org/","logo":"https://ethsystems.org/icon-maskable.png","sameAs":["https://x.com/eth_systems","https://www.linkedin.com/company/ethsystems/","https://github.com/ethsystems"]},{"@type":"WebSite","@id":"https://ethsystems.org/#website","url":"https://ethsystems.org/","name":"EthSystems","publisher":{"@id":"https://ethsystems.org/#organization"}}]}
```
