Title: Secure Submission Pipeline via Private Docker Repositories with Encrypted Access

[aliyuldashev]

🚨 Problem Overview

Currently, malicious actors are exploiting public Docker repositories by searching for challenge-specific names. Once discovered, they continuously monitor these repositories for updates and are able to copy newly submitted solutions.

There are also additional detection methods being used, which we prefer not to disclose publicly for security reasons.

---

🔐 Proposed Solution

We propose migrating all miner submissions to private Docker Hub repositories to ensure confidentiality and fairness.

• Each miner maintains a single private repository
• Different tags are used for separate challenges and submission versions
• Miners provide read-only Personal Access Tokens (PATs)
• Tokens are secured using asymmetric encryption
• Validators do NOT have access to the private key
• Only the scoring server can decrypt and access submissions securely

---

🛡️ Security Advantages

• Eliminates the current attack vector used for submission theft
• Ensures submissions remain private until evaluation
• Protects against malicious or compromised validators
• Creates a trust-minimized and secure pipeline

---

✅ Why This Matters

This change strengthens the integrity of the entire subnet by protecting honest miners and ensuring fair competition. It also future-proofs the system against evolving exploit strategies.

---

🚀 Let’s Move Forward

We believe this is a critical upgrade for the network’s security and fairness.

If you care about protecting your work and maintaining a level playing field, this is the direction we should take.

💬 We’d love your feedback, thoughts, and support to push this forward together!