In January 2025 I published my first paper, with Eric Boniardi and Alison Haire — arXiv 2501.05374. The title is deliberately dry: "Validation of GPU Computation in Decentralized, Trustless Networks." What it actually is: the reason I believe Lattice Protocol can exist at all.
Let me start with the problem, because the problem is more interesting than the solution.
The awkward question
Say you rent time on a GPU somewhere you have never been, owned by someone you will never meet, to run a model that matters to you. The machine sends back a result. How do you know it actually ran your computation — and not a cheaper approximation, or nothing at all?
This is not paranoia. It is the live question under every GPU marketplace and every federated-compute network. If you cannot answer it, "decentralized AI compute" is just trust with extra steps.
The obvious answer is to run the job again yourself and compare. That fails almost immediately. GPU computation is not bit-for-bit deterministic — floating-point operations reorder, hardware differs, and two honest machines produce slightly different numbers for the same work. Exact recomputation flags everyone as a cheater. It is the wrong mental model.
What doesn't work, first
I want to be honest about the dead ends, because the field is full of them.
You could demand special hardware — trusted execution environments that attest to what they ran. That works, and it narrows you to machines with the right silicon and the right firmware, which is a small and expensive slice of the world. You could encrypt the whole computation with fully homomorphic encryption, except current FHE approaches add so much overhead that real model inference becomes impractical. Each of these buys a guarantee by giving up the open network.
We wanted the guarantee without giving up the open network.
Three weak signals make a strong one
The paper's answer is to stop hunting for one perfect proof and combine several imperfect ones. We describe three probabilistic methods — model fingerprinting, semantic similarity analysis, and GPU profiling — that each catch a different kind of lie. Fingerprinting checks that the output carries the statistical signature of the right model. Semantic similarity checks that the result means what it should, even when the exact bits differ. Profiling watches the physical fingerprint of the work — the timing and behavior a real computation leaves behind.
None of the three is conclusive alone. Together they collapse into a binary reference model and a ternary consensus — accept, reject, or flag for a closer look — that gives you computational integrity without trusting any single machine and without requiring trusted-execution-environment hardware.
That is the whole trick: integrity from agreement among weak signals, instead of certainty from one expensive one.
Theory before product
I am an engineer by temperament; I like building the thing. But you cannot build a trustless compute network on the hope that nobody cheats. The theory had to come first — the argument that verification is possible on ordinary hardware — before the architecture made any sense.
So the order matters. The paper is not marketing for Lattice. It is the foundation under it: theory, then architecture, then product. And the verification problem it describes is the same one that decides whether multi-institution research — rare-disease work that needs many hospitals' compute without centralizing anyone's patient data — can run on a federated network or stays locked inside single buildings.
The title is dry on purpose. The question under it is not: can you trust a computer you will never see? We think the answer is yes, and we wrote down why. Almost everything I am building now sits on top of that yes.