Security Guarantees
The ZK proof system prevents the indexer from cheating in any way:
| Attack | Why it fails |
|---|---|
| Fabricate a registration | Proof commits a txid -- must exist on-chain. Ed25519 signature must be valid. |
| Charge the wrong fee | value_zat committed in proof, verifiable against the blockchain transaction. |
| Double-register a name | SMT non-membership proof fails inside the zkVM. |
| Tamper with state | old_root / new_root chaining breaks; SP1 proof won't verify. |
| Reorder registrations | Each proof pinned to block_height + txid. |
Censorship
The one thing an indexer could do is censor -- ignore a valid registration. But this is detectable: the registrar's Incoming Viewing Key is public, so anyone can scan the registrar address and find omissions.
Verifying Proofs Yourself
Proofs are standard SP1 compressed proofs. Verify them with the SP1 SDK:
use sp1_sdk::{ProverClient, SP1ProofWithPublicValues};
let client = ProverClient::from_env();
let (_, vk) = client.setup(ELF);
let proof = SP1ProofWithPublicValues::load("proof.bin")?;
client.verify(&proof, &vk)?;
The verification key is deterministic -- derived from the guest program binary. Anyone can reproduce it.