Inclusion vs execution proofs
The four ordered integrity gates, the anchored-root pinning contract, and the MOCK-by-default execution-proof caveat are in Protocol · Verification, provenance & anchoring.
DIG uses two distinct kinds of proof. They answer different questions, run on different timescales, and you'll meet them in different places.
Inclusion proofs — synchronous, per read
An inclusion proof is a Merkle proof that accompanies every served resource. It proves the exact ciphertext bytes you received belong to a specific generation's root — the root that is anchored on-chain. The client checks it synchronously, on every read, before decrypting — so a host can never substitute or tamper with content without detection.
- Question answered: "are these the genuine bytes for this root?"
- Where: every dig RPC content read carries one. → Proofs & security · Streaming
- Cost: free, instant, client-side.
Execution proofs — asynchronous, attesting faithful serving
An execution proof is a ZK / risc0 execution receipt that attests a node faithfully ran the serving logic over a period — a stronger, aggregate guarantee about a node's behaviour than any single read can give. These are expensive to produce, so they are asynchronous and gated on the hub control plane, which budgets the prover jobs.
- Question answered: "did this node serve honestly over time?"
- Where: requested/budgeted via the hub
/v1control plane; produced by the risc0 prover backend. - Cost: expensive; rate-limited and gated.