Proven Network is a companion network designed to complement and extend the capabilities of the Radix distributed ledger technology (DLT). The network aims to enable a new generation of Web3 decentralized applications (dApps) that can provide user experiences comparable to traditional Web2 applications while maintaining strong privacy and security guarantees.

• Overview
• Core Components
• Off-ledger Compute
• Storage System
• Global Messaging Infrastructure
• Trust Model
• Network Verification
• Application Code Verification
• User Identity Verification
• Storage Types
• Storage Contexts
• Use Cases
• Decentralization Status
• Development Tools
• Frontend Integration

Overview

The Proven Network provides three primary categories of services: off-ledger auditable compute, encrypted storage, and a global messaging infrastructure. The compute layer utilizes a WebAssembly (WASM)-based virtual machine that operates within trusted execution environments (TEEs), ensuring complete privacy and protection against tampering, even from hardware operators. This system employs a serverless model where developers only pay for actual usage, with the ability to scale to zero when inactive.

Unlike many blockchain-adjacent services, Proven Network explicitly does not aim to be decentralized, permissionless, or censorship-resistant, as these features are already provided by the underlying Radix DLT. Instead, it positions itself as an alternative to traditional cloud service providers like Cloudflare, Vercel, or AWS Lambda, but with additional cryptographic security guarantees and specialized tooling for Radix developers.

The network's trust model is built on three main pillars: verification of network node software, verification of application code, and verification of end-user identity. This model utilizes remote attestation and public build logs to ensure transparency and auditability of all system components. For user identity, the system integrates directly with Radix's native Persona system and uses ROLA (Radix OAuth-Like Authentication) for session management, eliminating the need for additional private key management.

The platform supports various use cases including multiplayer game servers, oracle services, asset-based access control, scheduled transactions, GDPR-compliant applications, decentralized identity verification, private DAO voting mechanisms, and automated trading systems. These applications can leverage the network's infrastructure to maintain on-ledger asset management while performing complex computations off-ledger in a secure and verifiable manner.

Core Components

Off-ledger Compute

Proven Network's compute layer operates on a WASM-based virtual machine that runs within trusted execution environments (TEEs). This architecture ensures that all computations remain private and tamper-proof, protecting against interference even from the hardware operators themselves. The system implements a serverless computing model where developers are charged only for actual usage, with the ability to scale to zero during periods of inactivity.

The compute environment utilizes the WebAssembly Component Model, allowing developers to write components that can be verified and executed within the network's secure environment. These components can be written in languages that compile to WebAssembly and interact with the system through WASIP2 interfaces, providing access to specialized components for storage, messaging, and Radix DLT interaction.

Storage System

The storage infrastructure comprises four distinct types of storage solutions, each designed for specific use cases. The key-value storage system supports UTF-8 string keys with arbitrary byte values up to 1MB, offering immediate consistency. Blob storage removes the size limitation but operates on an eventual consistency model. The platform also includes a distributed SQLite implementation for relational data storage and a specialized keychain storage for managing cryptographic material.

These storage systems can operate in three distinct contexts: application, identity, and NFT. The application context provides global state storage accessible across all users, while the identity context ties data to specific user personas authenticated through ROLA. The NFT context binds storage access to token ownership, automatically transferring data access when the associated NFT changes hands.

Global Messaging Infrastructure

The messaging infrastructure serves as the connective tissue between the network's various components, linking the TEE-based compute layer, encrypted storage systems, and Radix-native on-ledger events. This system provides cryptographically-authenticated channels that extend to edge devices, enabling real-time trust-minimized compute and collaboration between users.

The messaging system supports both HTTP-based components and direct integrations through the platform's SDK. HTTP endpoints can be created to interface with third-party systems such as OAuth providers, with support for JWT-based authorization to maintain secure access to session-based storage resources. The infrastructure ensures that all communications maintain the same level of security and verifiability as the compute and storage components, creating a cohesive and secure environment for decentralized applications.

Trust Model

Network Verification

The network's trust architecture is built entirely on nodes operating within trusted execution environments. Developers and third parties can independently verify the network by running the build process, which produces measurements capturing the complete state of the application software, Linux kernel, and RAMFS disk state. These measurements are fundamental to the trust architecture, enabling all parties to verify and audit the network's mechanisms through remote attestation.

Network nodes must demonstrate to existing network participants that they are running identical code in the same configuration before they can become data replicas or execute computational workloads. The node software architecture treats all external services, including its parent host and infrastructure operator, as untrustworthy. This zero-trust approach requires all external communications to be cryptographically secured based on a root of trust embedded within the auditable codebase.

Application Code Verification

Application code verification is handled through a comprehensive build process that occurs entirely within the TEE. Network nodes will only execute code that they have either built themselves or code that has been signed by verified peers. The build process targets the WebAssembly component model, with nodes providing virtualized capabilities to guest code through WASIP2 interfaces.

To maintain transparency, the network publicly hosts the complete build log and all source code inputs. Configuration settings for messaging, storage access, and external service interactions are permanently encoded during the build step. While private environment variables (such as API keys) can be used, their presence (though not their contents) is recorded in the auditable output. Application updates are permitted but invalidate existing user sessions, ensuring users must explicitly trust new versions before they can interact with identity-keyed state.

User Identity Verification

User identity verification in Proven Network is uniquely integrated with the Radix DLT Persona system, eliminating the need for independent identity management. The system utilizes ROLA (Radix OAuth-Like Authentication) for session-level cryptographic bindings between users and applications. This integration creates a seamless developer and user experience without requiring additional private key management.

The session creation process establishes a four-way binding between a user device-generated Ed25519 key, ROLA-originated proofs from their wallet, remote attestation of the TEE environment, and the current version of the application code and configuration. If a session signing key is lost, users can easily generate a new one by logging in again through the Radix Connect button, with ROLA proofs granting access to the same private storage resources when the same Radix Persona is used.

Storage Types

The storage architecture encompasses four distinct storage types, each designed for specific use cases. The key-value storage system functions similarly to Redis, requiring UTF-8 string keys while accepting arbitrary byte values up to 1MB, with immediate consistency guarantees. Blob storage removes the size limitation but operates on an eventual consistency model. The platform includes a distributed SQLite implementation for relational data storage, and a specialized keychain storage system for handling cryptographic material that can only be used indirectly through system-level components for ledger interactions.

Storage Contexts

Storage contexts define the accessibility and scope of stored data. The application context provides global state storage that remains consistent across all users and is available in all execution modes. The identity context binds data to specific user personas authenticated through ROLA, ensuring data privacy on a per-user basis. The NFT context ties storage access to token ownership, with data access automatically transferring to new owners upon NFT transfer. Both identity and NFT contexts require valid JWT authentication for HTTP endpoint access.

Use Cases

Proven Network enables a wide range of decentralized applications that require complex off-chain computation while maintaining secure integration with on-chain assets and identity. These applications leverage the network's combination of trusted execution environments, secure storage, and real-time messaging capabilities.

In the gaming sector, developers can create multiplayer game servers with sophisticated rule sets computed in real-time off-ledger while managing in-game assets on-ledger. This architecture is particularly valuable for GameFi applications that require imperfect information between players or games whose rule sets are too complex to compute through consensus-based mechanisms alone.

The platform supports oracle services that bridge the gap between on-chain and off-chain environments by leveraging existing internet PKI infrastructures. These oracles can securely pull information from web-based APIs with full audit logs, enabling applications such as prediction markets. The use of hardware-based trust models allows these oracles to operate significantly more cost-effectively than their crypto-economic counterparts.

For content distribution and communication, applications can implement sophisticated access control systems that gate content such as songs, videos, or private messaging based on ledger state. This allows for token-gated content platforms where access rights are directly tied to asset ownership on the Radix ledger.

In the realm of automation, the platform enables programmatic triggering of on-ledger transactions based on timers or cron schedules. Developers can also create trading bots and autonomous agents that react to on-ledger events, ranging from simple dollar-cost averaging tools to complex real-time DeFi trading strategies.

For organizations requiring strong compliance measures, Proven Network supports applications that must adhere to global data regulations, with features ensuring requirements like the "Right to be Forgotten" are embedded in auditable code. The platform also facilitates the creation of trust-minimized DID (Decentralized Identity) issuers and verifiers that can serve as integration points for legacy or Web2 identity providers.

In the context of decentralized governance, the network enables DAOs (Decentralized Autonomous Organizations) to implement private voting capabilities while maintaining the ability to enact voting results on-ledger. This includes the capability to deploy new smart contracts, enabling true decentralization of control over decentralized applications.

For applications requiring advanced cryptographic operations, the platform can serve as a secure environment for computing zero-knowledge proofs for resource-constrained devices such as mobile phones, with the results being verifiable on-ledger. This capability bridges the performance gap between lightweight clients and computationally intensive cryptographic operations.

These use cases demonstrate how Proven Network complements the Radix DLT by providing secure, scalable off-chain computation and storage while maintaining the security and verifiability guarantees expected in decentralized systems.

Decentralization Status

Proven Network explicitly defines itself as non-decentralized, with decentralization, permissionlessness, and censorship resistance being stated non-goals of the project. This architectural decision reflects the network's design philosophy of complementing rather than competing with the Radix DLT, which already provides these characteristics for asset management and contract governance.

Instead of pursuing decentralization, the platform positions itself as an alternative to traditional cloud service providers such as Cloudflare, Vercel, AWS Lambda, and Google Cloud Platform's Cloud Functions for hosting off-ledger backend systems. The network's primary objective is to deliver comparable quality of service, performance, and developer experience to these centralized platforms while adding an additional layer of cryptographic security and verifiability to off-ledger computation.

This design choice means that the platform can only provide the same level of censorship resistance guarantees as other serverless alternatives. However, the network compensates for this limitation by ensuring that all off-ledger computation remains as verifiable and auditable as on-ledger computation, creating a transparent and trustworthy environment for application deployment.

Future development plans include research into a federated architecture that would allow application developers to self-host their own Proven nodes. These nodes would be scoped to specific applications and could function as either primary or failover infrastructure. However, this federation capability remains a future consideration, with current development focused on establishing and stabilizing the core network infrastructure.

Development Tools

Frontend Integration

Proven Network provides a frontend SDK called the Proven dApp Toolkit, which integrates with the existing RadixDappToolkit to enable developers to build decentralized applications. The toolkit is available as a Node.js package (@proven-network/proven-dapp-toolkit) and can be installed via standard package managers.

The integration process requires modifications to the standard RadixDappToolkit initialization, allowing applications to simultaneously access both Radix and Proven Network functionality. A key requirement for proper integration is the inclusion of proof requests for personas and, optionally, for accounts when making data requests through the wallet API.

For backend development, the platform supports the WebAssembly Component Model, allowing developers to create verifiable components that run within the network's trusted execution environments. These components can be written using languages that compile to WebAssembly and interact with the system through WASIP2 interfaces.

HTTP-based components can be created by implementing the wasi:http/proxy interface, enabling integration with third-party systems such as OAuth providers. These components support JWT-based authentication through the Authorization header, allowing secure access to session-based storage resources.

Developers working with storage systems have access to multiple storage types through the platform's APIs, including key-value storage, blob storage, relational storage via distributed SQLite, and specialized keychain storage for cryptographic operations. Each storage type can be accessed through different contexts (application, identity, or NFT) depending on the application's requirements.

The development environment emphasizes security and verifiability, with all application code being built within trusted execution environments and verified through a public build process. This ensures that deployed applications maintain the same level of trust and auditability as the underlying network infrastructure.