A trust-minimized IoT data processing system running inside Cartesi Rollups with dual encryption and W3C DID authentication.
Railway Deployment: Live on Railway with all Cartesi services operational
Machine Hash: 0xcd3444ae83dff94c89bd653a4bf7cb76ac3198108237b7f5310c9eb959818698
Docker Image: modernsociety/lcore-iot-node:v1.8 (amd64)
Contract Integration: v1.8 contracts deployed on KC-Chain
End-to-End Tested: IoT device registration and sensor data flow validated
IoT-L{CORE} is an advanced IoT data processing platform that combines the security of blockchain technology with the flexibility of traditional computing. The system processes sensor data from IoT devices through a verifiable pipeline, ensuring data integrity while maintaining privacy through dual encryption.
graph TB
subgraph "IoT Devices"
D1[Device 1<br/>ARM PSA + JWT]
D2[Device 2<br/>ARM PSA + JWT]
D3[Device N<br/>ARM PSA + JWT]
end
subgraph "Gateway Layer"
GW[Gateway<br/>Validation & PII Strip]
end
subgraph "Cartesi Rollups"
RN[Rollups Node<br/>PostgreSQL]
subgraph "RISC-V Virtual Machine"
APP[lcore-node Application]
subgraph "Core Components"
API[GraphQL API<br/>Port 8000]
AUTH[W3C DID + IETF JOSE<br/>Device Authentication]
ENC[Dual Encryption<br/>AES-256-GCM + XChaCha20]
DB[SQLite Database<br/>Encrypted IoT Data]
CR[Cartesi Integration<br/>advance_state / inspect_state]
end
end
end
subgraph "Blockchain Layer"
KC[KC-Chain<br/>Stylus Contracts<br/>10Γ Gas Efficiency]
end
subgraph "External Access"
DAPP[External dApps<br/>GraphQL Queries]
MON[Monitoring<br/>Grafana + Prometheus]
end
D1 --> GW
D2 --> GW
D3 --> GW
GW --> RN
RN --> APP
APP --> AUTH
APP --> ENC
APP --> DB
APP --> CR
CR --> KC
KC --> DAPP
APP --> API
API --> DAPP
APP --> MON
- Dual Encryption: AES-256-GCM + XChaCha20-Poly1305 with deterministic nonces
- Device Authentication: W3C DID + IETF JOSE with ES-256 signatures
- Pure Rust Cryptography: No OpenSSL dependencies, 100% RISC-V compatible
- Hardware Integration: ARM PSA hardware security module ready
- 10Γ Gas Efficiency: Stylus Rust contracts vs traditional Solidity
- Optimized Processing: Custom RISC-V binary with 12.6MB footprint
- Fast Queries: SQLite with <10ms device lookups
- Scalable Architecture: Handles 10k+ devices per deployment
- KC-Chain: Custom Arbitrum Orbit chain with Stylus contracts
- Cartesi Rollups: Off-chain computation with on-chain verification
- GraphQL API: Modern query interface for external dApps
- Real-time Monitoring: Grafana + Prometheus integration
The IoT-L{CORE} system processes data through a secure, verifiable pipeline:
- Device Layer: IoT devices sign sensor data with ES-256 and wrap in JWT tokens
- Gateway: Validates JWT signatures, strips PII, forwards to rollups
- Storage: Rollups node stores inputs in PostgreSQL and feeds to Cartesi VM
- Processing: VM performs dual encryption, stores in SQLite, computes analytics
- Output: Generates vouchers/notices for Stylus contracts and external dApps
- Input/output tracking and rollup state management
- External dApp query optimization
- Historical data for analytics
-- Device management
CREATE TABLE devices (id, public_key, did_document, created_at);
CREATE TABLE device_counters (device_id, counter_value, last_update);
-- Encrypted sensor data
CREATE TABLE sensor_data (device_id, encrypted_payload, timestamp, nonce);
-- Computed analytics
CREATE TABLE analytics (device_id, computed_stats, period_start, period_end);- Authentication: ES-256 with pure-Rust p256 (no ring, no josekit)
- Encryption Stage 1: AES-256-GCM with device-specific keys
- Encryption Stage 2: XChaCha20-Poly1305 with context-specific keys
- Key Derivation: SHA-256 with deterministic, counter-based nonces
- Architecture: RISC-V 64-bit with MARCHID 19
- Memory: 128MB RAM + 68MB root filesystem + 20MB application
- Binary: 12.6MB optimized Rust application
- Configuration: JSON-based (v0.16.1) with automatic addressing
- Encryption: AES-256-GCM ~1GB/s, XChaCha20 ~800MB/s
- Database: SQLite WAL ~10k inserts/second
- Signatures: ES-256 verification ~1k/sec/core
- Memory: <200MB total footprint
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Install Cartesi CLI
npm install -g @cartesi/[email protected]
# Install Foundry (for testing)
curl -L https://foundry.paradigm.xyz | bash# Clone the repository
git clone <your-repo-url>
cd lcore-node
# Copy and configure environment
cp build.env.example build.env
# Edit build.env with your credentials:
# - Alchemy RPC endpoints
# - Supabase database credentials
# - Wallet mnemonic# Build the Cartesi machine
cartesi build
# Test the contracts (requires configured build.env)
../tests/simple-cartesi-test.sh
# Submit IoT device registration
cast send 0xC1f612D9ad2270e31BF41fAdBb92f79B63649133 \
"addInput(address,bytes)" \
0xB7B462b81A10A24e1976C9029Ef8FfBdCFc1a96a \
"0x7b22616374696f6e223a2272656769737465725f646576696365227d" \
--mnemonic "your twelve word mnemonic" \
--rpc-url https://rpc.devnet.alchemy.com/your-key \
--gas-limit 600000# Build production Docker image
cartesi deploy build --platform linux/amd64
# Deploy to Railway using the built image
# Set environment variables from build.env.example# Run with Docker Compose
docker-compose up -d
# Monitor with Grafana
open http://localhost:3000# Cartesi Infrastructure
INPUT_BOX="0xC1f612D9ad2270e31BF41fAdBb92f79B63649133"
CARTESI_DAPP="0xB7B462b81A10A24e1976C9029Ef8FfBdCFc1a96a"
AUTHORITY="0x2521B03071F4FcB63414D35126ac58FdC19FFdA5"
MACHINE_HASH="0xcd3444ae83dff94c89bd653a4bf7cb76ac3198108237b7f5310c9eb959818698"
# Stylus Contracts (Optional)
DEVICE_REGISTRY="0xc3cf289e7d0167a857c28662e673ca7a06d3a461"
IOT_PIPELINE="0xc58451db383aaadac88895bf20d7e08db2c92b41"# Check inputs processed
cast call $INPUT_BOX 'getNumberOfInputs(address)(uint256)' $CARTESI_DAPP --rpc-url $RPC_URL
# Test GraphQL (Railway deployment)
curl -X POST https://your-railway-app.railway.app/graphql \
-H "Content-Type: application/json" \
-d '{"query": "{ inputs { edges { node { index } } } }"}'- Traffic Monitoring: Real-time traffic flow analysis
- Environmental Sensors: Air quality, noise, temperature tracking
- Infrastructure: Smart lighting, parking, waste management
- Manufacturing: Equipment monitoring and predictive maintenance
- Supply Chain: Asset tracking with cryptographic provenance
- Energy: Smart grid monitoring and optimization
- Precision Farming: Soil sensors, weather stations, crop monitoring
- Livestock: Health tracking, location monitoring
- Resource Management: Water usage, irrigation optimization
# Device registration
mutation {
registerDevice(
deviceId: "device-001",
didDocument: "did:example:123456789..."
) {
id
deviceId
createdAt
}
}
# Query sensor data
query {
devices {
id
deviceId
lastSeen
analytics {
computedStats
periodStart
}
}
}GET /health- System health checkPOST /graphql- GraphQL API endpointGET /metrics- Prometheus metrics
# Run locally for testing
LOCAL_MODE=true cargo run
# Test GraphQL endpoint
curl http://localhost:8000/health- Cartesi Snapshot: Pre-built RISC-V machine state
- Docker Images: Multi-architecture container support
- Monitoring: Grafana dashboards and Prometheus alerts
- Scaling: Kubernetes-ready deployment configurations
- Cartesi: https://cartesi.io/
- KC-Chain: Custom Arbitrum Orbit chain
- W3C DID Specification: https://www.w3.org/TR/did-core/
- IETF JOSE Standards: https://tools.ietf.org/html/rfc7515
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Follow Rust conventions and
cargo clippyrecommendations - Ensure all tests pass before submitting PR
- Update documentation for any API changes
- Use conventional commit messages
This project is licensed under the MIT License - see the LICENSE file for details.
Built with β€οΈ from Modern Society Labs