Proof TTL

OZKi proving system has the concept of proof TTL (time to live). This is an important security feature which is used to determine the age of a proof.

Timestamp

To implement the proof TTL concept, every OZKi proof must have a timestamp at the time of proof generation. The timestamp is the number of miliseconds since January 1, 1970. Every OZKi proof function must take a timestamp input parameter, which is passed in by the caller. The timestamp value is also passed to the timestamp output parameter so that the verifier can check the proof timestamp.

The timestamp mechanism applies to both signed and unsigned proof. In the case of signed proof, the oracle service sets the timestamp. In the case of unsigned proof, the user sets the timestamp.

Age and Expired Proof

The age of a proof is therefore the delta of the current time and the proof timestamp. A proof with age which has exceeded the TTL is considered an expired proof. An expired proof will fail the proof verification process. By default, the OZKi proof verifier sets the TTL to be 5 minutes.

Once a proof is generated, the proof can be used exactly once before it expires. OZKi will detect and refuse proof which has been used more than once before it expires. OZKi proof verifier keeps a small database which temporarily stores proofs which have been successfully verified.

Proof Verification Process

OZKi proof verifier performs the validation on the proof as follows:

1. Checks if the proof is in the proof cache database. If it is found in the database, this means that the proof has been used more than once before it expires. This proof will be rejected.

2. Performs zkp cryptographic proof verification on the proof and its output. Proof and output which has been tampered with or generated with incorrect proof function will fail this process.

3. Checks the timestamp of the proof and determine its age. If the age has exceeded the configured TTL (by default 5 minutes), then the proof will be rejected.

4. Let the application determine additional checking on the output params. OZKi allows application-specific logic to determine if this proof should be accepted or rejected based on the values of the proof's public output parameters. Proof which has passed this final check is considered a successfully-verified proof.

5. Proof which has been successfully verified through the first four steps will be temporarily stored in the proof cache database with automatic expiration set to the TTL.