Architecture · Proofs
The proof system
Every state transition is proven with zero-knowledge and verified on Ethereum. This page states what is proven, by whom, and what we will not yet claim.
What is proven
What is proven.
A validity proof attests that a batch of transitions took the chain from one committed state to the next under the protocol's rules — every transition, not a sample.
claim
State transition correctness.
The proof witnesses that each transaction in a batch was executed correctly against the prior state root, yielding the posted next state root.
scope
Validity, not fraud.
Acceptance depends on a verified proof, not on a challenge window elapsing. An invalid transition cannot produce a verifying proof.
The prover
The prover's role.
The prover takes the execution trace and produces a succinct proof of correctness. Producing a proof is expensive; verifying one is cheap — that asymmetry is the design.
input
Execution trace
The ordered transitions and the prior committed state.
output
Succinct proof
A proof object verifiable in time independent of batch size.
property
Soundness
A verifying proof for an incorrect transition is computationally infeasible.
On naming
The specific prover and proof system are named only where confirmed for public reference. Until then we describe properties, not products — see the spec for the exact construction.Read the proof specificationZero-knowledge
Zero-knowledge privacy.
A verifier learns that a transition is valid without learning the data behind it. Correctness is public; the underlying state can stay private.
What a verifier learns.
That the proof verifies against the prior and next state roots under the protocol rules. Nothing more is required to accept the transition.
What stays private.
The contents a sovereign chooses not to disclose. Privacy is preserved at each cross-border hop; neither sovereign surrenders control of its data.
Verification
Verification on Ethereum.
The proof is checked by a verifier contract on Ethereum. Acceptance there is what finalises the transition — finality is settlement, not signalling.
Each verified proof corresponds to a settlement event you can open on L1.
Honesty
Open problems, and what we will not claim yet.
An operator and a researcher judge a network by what it refuses to assert. Here is the unfinished work, stated plainly.
What we will not claim yet
- — Exact proving times, proof sizes, and verification gas are // indicative — confirm until benchmarked and published.
- — Trusted-setup assumptions, if any, and the post-quantum posture are stated in the spec, not summarised away here.
- — We do not describe the proof system as "AI-powered"; the prover is a cryptographic construction, audited and specified.
- — Audit status governs every security claim. Unaudited components are labelled as such.see audits →
Read the construction in full, then judge it.full spec ↗
Read the construction. Verify the proof.
The proof system is specified end-to-end, and every verified transition is a settlement you can open.