Compute you can verify. Protocol you can read.
oxide is an open protocol for verifiable compute. No servers to trust, no opaque runtimes, no silicon lottery. Your code runs on untrusted hardware and the proof comes with the result.
[ THE PROTOCOL ]
The contract is twelve lines. If you can't read it in one sitting, it isn't a protocol, it's a product.
// [INFO] every job is a triple. nothing more. job := { code, input, witness } // [INFO] the prover binds code + input to a transcript. commit(job) ⇒ digest := H(code ‖ input) // [INFO] execution happens on untrusted hardware. // the runtime is risc-v. nothing exotic. execute(job) ⇒ output, trace // [INFO] the result is useless without the proof. prove(trace) ⇒ π // [NOTE] recursive stark, ~1.2ms median // [INFO] anyone can verify in milliseconds, on any device. verify(digest, output, π) ⇒ bool // [EXAMPLE] the only thing you trust is math.
[ THE PROOFS ]
three steps · zero trustCOMMIT
You sign the code and the input together. The protocol records a digest. Nobody can swap the binary later, not even the operator running it.
EXECUTE
Any node in the network can run the job. The runtime is plain risc-v. There is no special hardware, no enclave, no vendor lock-in. The trace is captured as it runs.
VERIFY
The output ships with a recursive stark proof. A thousand-line verifier confirms it in milliseconds, on a phone if you want. The result is true, or it does not exist.
- I. Trust is a debt. Proof is a payment.
- II. A black box is not a runtime, it is a story.
- III. If you can't read the source, it's not yours.
- IV. Open the protocol or get out of the way.
[ THE RUNTIME ]
Bring any binary that compiles to risc-v or wasm. The runtime does the rest. No SDK, no wrapper, no sidecar.
# [EXAMPLE] submit a job, get a verifiable result. $ oxide submit ./hello.elf --input data.bin [INFO] committing job → 7f3a91c2… [INFO] dispatched to 3 prover nodes [INFO] proof π received in 1.184ms [INFO] verified locally ✓ $ oxide verify result.bin --proof π.bin ok. true.