Skip to main content

Trust & Privacy

What You Verify

ZecNames is designed so you can verify everything that matters without trusting anyone:

  • Each registration has a ZK proof — name valid, fee paid, signature correct, state transition correct
  • Each proof is pinned to a Zcash transactiontxid and block_height are committed in the proof, verifiable on any Zcash node
  • The Merkle root is deterministic — any indexer processing the same blocks must produce the same root
  • Merkle proofs verify every resolution — the API returns a membership proof with every name lookup
  • Proofs form a chainroot_0 --> root_1 --> root_2 --> ... --> root_current

What You Trust

  1. The Zcash blockchain works — transactions are final and can't be altered
  2. Standard cryptography is sound — SHA-256, Ed25519, SP1 STARKs
  3. The escrow operator processes payouts honestly — the operator holds the escrow spending key (future: multi-sig or trustless escrow)

What If an Indexer Is Malicious?

Can't fake a registration. Each proof commits a Zcash txid that must exist on-chain, and the Ed25519 signature inside the proof must be valid.

Can't hide registrations. The registrar's Incoming Viewing Key (IVK) is public. Anyone can scan the registrar address, decrypt all memos, and compare against the proof chain. Omissions are detectable.

Can't go down permanently. All registration data lives on the Zcash blockchain. The code is open source. Anyone can reconstruct the full registry from block zero.

Private Resolution via Tor

When you resolve a name through the clearnet API, the server can see your IP address — meaning it could learn who is looking up which name. For privacy-conscious users, the ZNS API is also available as a Tor hidden service:

http://fdf3n3xrm2a7vy5iljdghznajti4qibjcpp4eyqluaqvqtdgsaxyvwid.onion

Using Tor, the server never sees your real IP and your ISP only sees that you're using Tor — not that you're resolving Zcash names.

Access via Tor Browser:

http://fdf3n3xrm2a7vy5iljdghznajti4qibjcpp4eyqluaqvqtdgsaxyvwid.onion/v1/resolve/alice

Access via command line (with Tor running locally):

curl --socks5-hostname 127.0.0.1:9050 http://fdf3n3xrm2a7vy5iljdghznajti4qibjcpp4eyqluaqvqtdgsaxyvwid.onion/v1/status

The .onion address connects to the same API server and returns the same data — including Merkle proofs for verification. The only difference is that your query is private.