Abstract
Artificial intelligence carries two externalities its users never consented to: their data is read by machines they do not control, and each inference burns grid electricity of unknown carbon intensity inside datacenters they cannot see. This paper presents Grove, a decentralized compute network that closes both gaps in a single mechanism. Jobs execute inside confidential enclaves, the Veil, so operators never observe prompts, data, or outputs; a carbon-aware scheduler, the Watt, routes each job to nodes on verified clean energy; and every completed job returns a Green Compute Certificate that binds a privacy attestation to a carbon attestation, settled on-chain against a staked, slashable operator. The network exposes an OpenAI-compatible endpoint that returns not only an answer but cryptographic proof the answer was computed privately and cleanly. We describe the motivation, architecture, proof mechanism, job lifecycle, incentive model, and the $GROVE token that secures and coordinates the protocol.
Keywords: decentralized AI, confidential computing, DePIN, trusted execution environments, carbon-aware scheduling, verifiable compute, x402, tokenomics.
1. Introduction
Large-scale AI is becoming one of the fastest-growing new electricity loads on the planet, and the default posture of centralized compute providers is: trust us, do not look at the meter, and do not look at the data. Two problems compound. First, every prompt, document, and embedding sent to a hosted model is, in principle, readable by the infrastructure that serves it. Second, each inference draws real energy of unknown carbon intensity, while "carbon-neutral" claims are typically annual, portfolio-level, and untraceable to any individual workload.
Grove is a decentralized compute network that closes both gaps at once. Its thesis is that "cheaper tokens" is no longer a durable moat: as datacenter electricity demand rises steeply toward 2030 and privacy regulation tightens worldwide, verifiable clean and verifiable private becomes the differentiator. Grove is a bet that the network which proves both, on every single call, wins.
1.1 Contributions
- A network architecture that unifies confidential execution and carbon-aware scheduling behind a single OpenAI-compatible interface.
- The Green Compute Certificate, a per-job artifact that binds two independent proofs, privacy and carbon, to one staked, slashable node.
- An incentive model in which token pressure scales with real compute demand rather than speculation.
2. Background and Motivation
2.1 The privacy problem
Confidential computing, trusted execution environments (TEEs), fully homomorphic encryption (FHE), and secure multi-party computation (MPC), can seal execution so that even the host cannot read the workload. In practice these guarantees are fragmented across providers and rarely tied to a portable, verifiable receipt a buyer can audit. For regulated domains (health, legal, finance) and any team with proprietary data, "send it to someone else's GPU" remains a non-starter without such a receipt.
2.2 The carbon problem
Grid carbon intensity varies by hour and location by roughly an order of magnitude: the same job run in a different place or hour can be far cleaner. Yet almost no compute today is routed on that signal, and none of it ships a per-job, hour-matched certificate. Hourly, serialized energy accounting exists in energy markets but has not been fused with compute scheduling.
2.3 Why now
Three trends converge: a decentralized-compute (DePIN) supply of GPUs is emerging; per-call payment rails such as x402 make agent-native, subscription-free settlement practical; and demand for confidential inference is rising with regulation. Grove sits at the intersection of decentralized AI, confidential computing, carbon accounting, and agent payments.
3. System Overview
Grove is a two-sided marketplace whose sides never see each other: demand (apps and agents requesting AI) and supply (node operators contributing GPUs). Between them sit five layers:
| Layer | Responsibility |
|---|---|
| Intelligence | Serves models: chat, embeddings, agents, coding, multimodal, fine-tuning; exposes the OpenAI-compatible API. |
| Veil | Executes each job in a TEE/FHE enclave; emits a privacy attestation. |
| Watt | Reads live grid intensity, routes to clean nodes, meters energy, mints certificates. |
| Network | Pooled GPUs; staking, reputation, redundancy, and canary checks keep work honest. |
| Settlement | Per-call payment over HTTP 402 in stablecoin or $GROVE; buyback & burn, operator rewards. |
4. The Veil and the Watt
4.1 The Veil: confidential execution
Each job is dispatched into a sealed enclave on the chosen node. The operator supplies compute but cannot read the prompt, working data, or output. On completion the enclave produces a privacy attestation: a signed statement, rooted in hardware attestation or a cryptographic proof, that the workload ran in an approved confidential environment. Techniques in scope include TEEs, FHE for select workloads, and MPC.
4.2 The Watt: carbon-aware routing
The scheduler treats carbon intensity as a first-class routing input. Given a job and its latency budget, it prefers nodes that (a) attest a renewable energy source and (b) sit on a low-intensity grid at that hour. Non-urgent batch work can be deferred to greener hours. Every completed job is metered (energy drawn, estimated CO₂) and issued a certificate as described next.
5. The Green Compute Certificate
The certificate is the core of the protocol. It binds two independent proofs to a single job so that neither can be claimed without the other: (i) a privacy attestation that the job ran in a confidential enclave, and (ii) a carbon attestation of the node's energy source and the grid intensity at the hour of execution. Both reference a staked, slashable node, so a false attestation is an economically punishable act rather than a marketing liberty.
{"job_id": "ea_9f3a...","node_id": "node-7f3a", // staked, slashable"model": "open-llm-8b","privacy": {"mode": "TEE", // TEE | FHE | MPC"attestation": "0x...", // hardware/crypto proof"data_exposed": false},"carbon": {"energy_source": "solar","grid_gco2_per_kwh": 41, // live, hour-matched"energy_kwh": 0.0123,"est_gco2": 0.50},"hour": "2026-07-03T14:00Z","serial": "GCC-000128401", // no double-counting"status": "verified", // verified|fallback|degraded"settlement": { "rail": "x402", "asset": "GROVE" }}
Certificates are queryable in a public explorer and can be retired on-chain, giving buyers an audit-ready trail for both compliance (privacy) and ESG (carbon). The joint, verifiable, slashable guarantee is the protocol's central claim to defensibility: copying either proof alone is easy; reproducing the bound pair together with a node network already producing it is not.
6. Job Lifecycle
- Request. A client calls the OpenAI-compatible endpoint (or an agent sub-contracts a task) and attaches a per-call x402 payment.
- Match. The scheduler selects a node meeting the privacy requirement and latency budget while minimizing carbon intensity.
- Seal & run. The job executes inside the enclave; the operator never sees the data.
- Verify. Redundant re-execution and random canaries police result integrity; attestations are collected.
- Certify. A Green Compute Certificate is minted and returned with the result.
- Settle. Payment finalizes on-chain; protocol fees route to buyback & burn and to operator rewards, weighted by a clean-energy multiplier.
7. Network, Token, and Incentives
7.1 Supply side
Anyone with a capable, ideally renewable-powered GPU can join as a node. Operators post a $GROVE slashing bond and earn for verified work, not idle uptime, with a bonus multiplier for a cleaner energy mix. Reputation (uptime, latency, privacy proofs, carbon) is public, so buyers route to the best and operators compete to climb.
7.2 Token parameters
| Supply | 1,000,000,000 $GROVE |
| Launch | Fair launch |
| Liquidity | 95% |
| Marketing / Team | 5% |
| Tax | 0 / 0 |
| Chain | Robinhood Chain |
$GROVE is used to (i) pay for compute at a fee discount versus stablecoin, (ii) stake as a node bond, (iii) accrue value via fee-funded buyback & burn, and (iv) govern protocol parameters (fee splits, carbon standards, model whitelists, treasury).
7.3 Value-capture flywheel
Demand for private/green AI → jobs paid via x402 → protocol fee → buyback & burn (supply ↓) plus operator rewards → more clean GPUs join & stake (supply locked) → more capacity and lower latency → cheaper, greener service → more demand. Token pressure scales with real compute demand: more usage both burns supply and locks more of it in staking.
8. Roadmap
Phase 0, Points
Bootstrap supply; nodes earn points for verified work behind a centralized gateway. A live playground demonstrates the certificate end-to-end.
Phase 1, Private inference
OpenAI-compatible API, carbon-aware routing, Green Compute Certificates, x402 payments, node staking.
Phase 2, Studio & marketplace
No-code agents, model hub with green labels, coding copilot, multimodal, certificate explorer, reputation leaderboard.
Phase 3, Decentralization
Distributed fine-tuning/training, BYOM hosting, compute-to-data, governance, progressive removal of the centralized gateway.
9. Conclusion
Intelligence is becoming infrastructure. Whoever owns that compute owns the defaults, for our privacy and for the planet's carbon budget. Grove is the argument, in code and in incentives, that AI can be private and clean and provable, and that the network which proves both, on every single call, is the one worth owning. $GROVE is a claim on that network.