EarnOS
Sovereign Proof v4.0.0

Sovereign Proof Engine

Production-grade cryptographic proof system verifying user activity across 110 consumer apps. Custom MPC-TLS protocol built from scratch — all 6 phases working end-to-end. Zero marginal cost per proof.

110
Providers
232+
Endpoints
2,540+
Tests
23
Packages
~92K
Lines
$0
Per Proof
How It Works
Verify Facts, Not Raw Data
Users prove account ownership and activity metrics across consumer apps without sharing credentials. The system produces cryptographically signed attestations verifiable on-chain.
1

User Initiates Verification

User taps "Verify" in the app and selects a provider — Uber, Strava, Spotify, or any of 110 supported apps. No API keys or credentials are shared with EarnOS.

2

Secure Login via WebView

User logs into the provider through a sandboxed WebView. EarnOS never sees the password — session cookies are captured locally on the user's device.

3

Cryptographic Proof Generation

The attestor server fetches data over TLS, evaluates thresholds against the provider schema (e.g. "50+ rides", "4.5+ rating"), and generates a proof. In MPC-TLS mode, the TLS session is split so no single party holds the full key material.

4

Dual Cryptographic Signing

The attestor signs the attestation with both Ed25519 and ECDSA secp256k1. Dual signing enables independent verification off-chain and on-chain via EVM smart contracts.

5

Submission & Verification

The signed proof is submitted to the REST API. Anyone can verify it independently — including on-chain via EarnOSVerifier.sol with attestation revocation support.

Proof Modes
Three Modes, One Pipeline
Each mode serves different trust and performance tradeoffs. The Universal Proof SDK routes across EarnOS and 4 partner providers with intelligent fallback.
Direct

Direct Mode

Attestor fetches data using session cookies over TLS. Sees plaintext, extracts metrics, signs attestation. Simple, fast — the production default for trusted deployments.

~2s latency, 1,220 proofs/s throughput
Ed25519 + ECDSA secp256k1 dual signing
Proxy-TLS

Proxy-TLS Mode

SDK opens a CONNECT tunnel through the attestor. TLS terminates at the provider — the attestor never sees plaintext. AES-GCM ciphertext binding verifies response integrity.

Attestor sees ciphertext only
All 110 providers prefer this mode
MPC-TLS

MPC-TLS Mode

Two-party computation splits the TLS session between prover and verifier. Neither party alone holds the full key material. Custom protocol built from scratch — not a TLSNotary fork.

~10s E2E, all 6 phases production-ready
Half-gate GC with AES-NI (~35x faster)
Full X.509 chain validation, 149 CA roots
Structural Advantages
Defensible by Design
Eight structural advantages that compound over time — from cryptographic depth to zero marginal cost economics.
01

Zero Marginal Cost

The system runs on fixed-cost infrastructure. Adding more proofs costs nothing until scaling thresholds. At scale, EarnOS is 241x cheaper than running proofs solely on external providers.

02

Custom MPC-TLS From Scratch

Half-gate garbled circuits with AES-NI acceleration, Boolean SHA-256/AES circuits, two-party ECDHE, oblivious transfer — built from the circuit level up. Estimated $3–5.5M replacement cost.

03

Full Vertical Integration

Backend (Rust crypto + TypeScript), frontend (React Native SDK + UI kit), infrastructure (Railway + CF), admin tooling, and on-chain verification — all owned. No dependency on third-party networks.

04

Multi-Provider Abstraction

Universal Proof SDK routes across 5 proof providers with 4 strategies (cost/trust/speed/coverage). Top-20 apps free via EarnOS, long-tail falls back to partner providers.

05

Multi-Mode Flexibility

Three proof modes serve different trust/performance tradeoffs. Direct for speed, Proxy-TLS for privacy, MPC-TLS for cryptographic guarantees. Tuned per-provider.

06

Provider Moat

110 hand-curated JSON schemas with validated extraction rules, test fixtures, and health monitoring. Each integration is manual engineering. The moat widens with every new provider.

07

Mobile-First SDKs

React Native SDK + full UI kit with Expo managed workflow. Native MPC-TLS module (Rust FFI iOS + JNI Android). Web SDK, Chrome extension, WASM binary.

08

Self-Healing Providers

AI-powered schema repair system detects provider API changes, diagnoses failures, and auto-generates updated extraction rules — maintaining 110 integrations without manual intervention.

Provider Coverage
110 Apps, Ready to Prove
Every provider integration is a hand-curated JSON schema with validated extraction rules, test fixtures, and threshold operators. 15 categories spanning the top consumer apps.
Banking & Credit
16
Chase, Venmo, PayPal, Coinbase, Robinhood
Social Media
8
Twitter/X, Instagram, TikTok, LinkedIn, Reddit
Fitness
7
Strava, Peloton, Garmin, Fitbit, Whoop
Food Delivery
5
DoorDash, Uber Eats, Instacart, Grubhub
Hotel Booking
5
Airbnb, Booking.com, Marriott, Hilton, Expedia
Messaging
5
WhatsApp, iMessage, Discord, Telegram
Entertainment
4
Spotify, YouTube, Netflix, Twitch
Online Shopping
4
Amazon, eBay, Walmart, Target
Ride Sharing
3
Uber, Lyft, Grab
Online Gaming
3
Steam, Epic Games, PlayStation
Travel
10
Airlines, rail, car rental
+ 4 More
40
Crypto, professional, music, education
Spotify
Netflix
YouTube
Twitch
Amazon
eBay
Walmart
Target
Uber
Lyft
Grab
DoorDash
Instacart
Grubhub
Coinbase
Robinhood
Venmo
PayPal
Chase
Credit Karma
Strava
Peloton
Garmin
Fitbit
Whoop
Instagram
X / Twitter
TikTok
LinkedIn
Reddit
Discord
Telegram
WhatsApp
Airbnb
Booking.com
Marriott
Hilton
Expedia
Steam
Epic Games
PlayStation
GitHub
+ 68 more providers across crypto, travel, professional, music & education
The Economic Edge
Zero marginal cost per proof
Every external proof provider charges $0.02–$0.10 per verification. EarnOS owns its attestor infrastructure — the marginal cost of every proof is effectively zero. At scale, this is the difference between millions in cost and a rounding error.
EarnOS at 1M proofs/month
$83
Infrastructure only — zero per-proof fees
Nearest competitor at 1M proofs/month
$20,000+
Per-proof fees — structurally unavoidable
At Scale, The Gap Widens
VolumeEarnOS (Direct)EarnOS (MPC-TLS)External ProvidersAdvantage
100K/mo$43$60$2,000–$10,00046–232x
1M/mo$83$173$20,000–$100,000241–1,205x
10M/mo$155$460$200K–$1M1,290x+
100M/mo$540$2,800$2M–$10M3,700x+
Replacement Cost
MPC-TLS Engine
$1.5–3M
Custom Rust crypto: garbled circuits, Boolean circuits, ECDHE 2PC, OT, session orchestrator. 12–18 months, 3–5 engineers.
Application Layer
$0.9–1.7M
Attestor server, API, 110 schemas, SDKs (RN + Web + Chrome), admin dashboard, CI/CD, infrastructure.
On-Chain + WASM
$0.3–0.6M
Solidity contracts, WASM bindings, React Native native modules, Universal Proof SDK routing.
Total estimated replacement cost: $3M – $5.5M 24–36 engineer-months
Proof Ecosystem
Five Providers, One SDK
EarnOS doesn't just build its own proof infrastructure — it orchestrates the entire web proof ecosystem. The Universal Proof SDK routes across five providers with intelligent strategy-based selection, giving every app access to the broadest proof coverage available anywhere.
Universal Proof SDK

One API call. Five proof providers. Intelligent routing.

createProofPipeline() — a single function call handles provider selection, fallback chains, and cost optimization across all five providers.

Strategy: Cost
Routes to the cheapest available provider. EarnOS in-house for top-20 apps ($0), partner providers for long-tail coverage.
Strategy: Trust
Prioritizes providers with the strongest cryptographic guarantees. MPC-TLS and ZK-based providers ranked highest.
Strategy: Speed
Routes to the provider with lowest latency for the given schema. Direct mode EarnOS for sub-2s proofs where available.
Strategy: Coverage
Maximizes provider coverage with automatic fallback chains. If one provider is down, the next takes over seamlessly.
Partner Providers
EarnOS
EarnOS Primary
Proprietary attestor infrastructure. 110 schemas, 3 proof modes, zero per-proof cost. Top-20 apps route here by default.
Reclaim
Reclaim Protocol Partner
Proxy + client-side ZK approach. Broadest schema catalog in the ecosystem with 20,000+ templates. Default fallback for long-tail providers.
Opacity
Opacity Network Partner
MPC-TLS with economic security via EigenLayer/Jito staking. Semi-decentralized notary network for high-trust verification requirements.
vLayer
vLayer Partner
Verifiable data infrastructure for smart contracts. Web proofs, email proofs, and time-travel queries with on-chain verification.
Primus
Primus Labs Partner
Dual-mode MPC-TLS + Proxy-TLS with QuickSilver IZK proofs. TEE-hosted attestors via Phala Network with staking/slashing guarantees.
Self-Healing Providers
When a provider changes their API, the system detects the failure, diagnoses the root cause, and auto-generates an updated schema — maintaining 110 integrations without manual intervention. Costs ~$25/month.

Detect

Continuous synthetic testing every 6 hours. Circuit breaker patterns detect schema breakage automatically.

Diagnose

AI-powered failure classification — API endpoint change, schema drift, auth flow update, or rate limiting.

Repair

Playwright traffic capture + AI schema extraction generates updated rules, fixtures, and operators.

Recover

Updated schema validated and deployed. Provider auto-re-enabled. Full cycle without manual intervention.

Agent pays for itself in ~30 hours of preventing a single provider fallback to external providers
Development Timeline
From First Commit to Production MPC-TLS
30+ releases across 4 major versions. From MVP foundation to production-grade MPC-TLS with all 6 protocol phases working end-to-end.
v4.0.0 — Current
MPC-TLS Production Activation
Bincode serialization (~400-800ms improvement), protocol version negotiation, per-provider backend selection, Phase 6 Reveal & Attestation complete — all 6 phases working E2E (~10s).
110 providers2,540+ tests~92K lines
v3.3–3.11
Production Deployment & Observability
Full production stack on Railway + Cloudflare. Admin dashboard (8 pages). Real-time test results. Load tested to 1,220 proofs/s. iOS native MPC-TLS build.
Railway + CFAdmin Dashboard1,220 proofs/s
v3.0.0
TLS Handshake Complete
Split GC key schedule. Handshake key reconstruction, server decryption + cert verification, client Finished. 19-step SDK pipeline. p50=5.2s.
19-step SDKp50=5.2s
v3.0 alpha–rc
Production Proofs & 110 Schemas
E2E MPC-TLS orchestration, real AES-GCM verification, attestation signing. 85→110 provider schemas across 15 categories.
110 schemasAES-GCM verified
v2.5–2.9
Client SDK, WASM & Hardening
MpcTlsClient state machine. WASM binary. Web Worker execution. ZeroizeOnDrop. AES-NI GC hash (~35x faster). 50-concurrent stress test. React Native native module.
WASM~35x faster GC
v2.0–2.4
MPC-TLS Primitives & GC Key Schedule
Half-gate garbled circuits (AES-NI). Boolean SHA-256 + AES-128 circuits. P-256 ECDHE 2PC. napi-rs bindings. Attestor MPC-TLS session handler.
Rustnapi-rs
v1.5–1.9
Universal SDK, Schemas & Web Platform
Persistent proofs. Universal Proof SDK (5 providers). HybridProofOrchestrator. On-chain EarnOSVerifier.sol. Chrome extension. 42→55 providers.
Universal SDKSolidity
v1.0–1.4
MVP Foundation
Ed25519 attestation, 24 providers, WebSocket protocol, REST API, React Native SDK + UI, Docker deploy. Banking providers. Proxy-TLS. IZK backend. WebSocket relay.
Foundation24 providers
Production Readiness
Deployed, Tested, Monitored
Infrastructure
Railway (API + Attestor + Postgres), CF Worker edge proxy, CF Pages admin dashboard. Auto-deploy on push to main.
Testing
2,540+ tests across Vitest, Rust, Foundry, Playwright, napi, schema validation. 13 CI jobs, all green.
Performance
1,220 proofs/s sustained. p95=10ms (direct). MPC-TLS ~10s E2E. Zero memory leaks over 50 concurrent sessions.
Security
ZeroizeOnDrop on key material. OT input validation. X.509 chain validation (149 CA roots). Dual signing.
Observability
Admin dashboard (8 pages). MetricsCollector, EventBus, WebSocket events, circuit breaker. Provider health monitoring.
On-Chain
EarnOSVerifier.sol with ECDSA verification + revocation. AttestationLib for JCS reconstruction. 34 Foundry tests.
What's Next
Roadmap
Next

Android Native MPC-TLS

NDK build for the Rust MPC-TLS crate targeting Android arm64. Expo dev build with native module integration.

Next

Self-Healing Providers

AI agent for automated schema repair. Traffic capture, failure diagnosis, and schema extraction when providers change APIs.

Next

Mainnet Deployment

Deploy EarnOSVerifier.sol to Ethereum L2 mainnets. On-chain attestation verification and revocation.

Planned

Chrome Web Store

Submit the hardened Chrome extension (MV3) to the Chrome Web Store for public distribution.

Planned

MPC-TLS Default Mode

Graduate MPC-TLS from pilot to default backend for all high-value providers.

Planned

On-Device Testing

Native MPC-TLS on real iOS and Android devices via Expo dev builds.