Trust Model and Privacy
What You Trust
- The Zcash blockchain works. Transactions are final and can't be altered.
- The IVK decrypts all memos to the registrar address. Guaranteed by Zcash's cryptographic design.
- SHA-256, Blake2b, and elliptic curve cryptography are secure. The internet depends on this.
- The SP1 proof system is sound. SP1 uses STARKs (no trusted setup) at the core, with an optional Groth16 SNARK wrapper for compact proofs.
- The indexer code is correct. Open source, auditable, runnable by anyone.
- The escrow operator is honest. The escrow wallet's spending key is held by the ZNS operator. Future mitigation: multi-sig escrow, time-locked payouts, or ZSA-based escrow.
What You Don't Trust
- Any specific indexer operator (SP1 proofs are verifiable)
- Any specific server, API, company, or foundation
What If an Indexer Is Malicious?
- Can't fake a proof. SP1 proofs are mathematical guarantees.
- Can't hide registrations. The viewing key is public. Any discrepancy between indexers is immediately visible.
- Can't go down permanently. All data is on-chain. The code is open source. Anyone can reconstruct the registry from scratch.
Front-Running
The IVK is public by design -- anyone monitoring the Zcash mempool can see pending registration names. In practice, front-running risk is low: blocks are ~75 seconds apart, no MEV infrastructure exists, and an attacker needs their tx mined in the same block or earlier.
What's Public vs Private
| What | Visibility | Why |
|---|---|---|
Name exists (alice.zec) | Public | That's the point |
| Resolved address | Public | Needed for sending ZEC |
| Owner pubkey | Public | Ownership is pubkey-based |
| Registration transaction | Public | IVK is published |
| Marketplace listing price | Public | Stored in DB |
| Payments sent to alice.zec | Private | Shielded transactions |
| Who sent payments | Private | Shielded sender |
| Marketplace buyer identity | Private | Shielded BUY to escrow |