Transparency dashboard
open-opticon's claim is "don't trust me, check." This page collects the state that lives outside the maintainer's control — contracts on a public chain, an append-only log anchored on that chain, and byte-reproducible build measurements. Every value below links to its independent source; some are read live from Ethereum Sepolia in your browser.
The dual-root check, the zk-receipt verifier, and the transparency-log anchor are deployed on a public testnet anyone can call. A read-only eth_call to HonestEarQuorum.verdict(…) returns the agreed verdict (2, 1) = alarm_tone, presence — the ZK proof and the device P-256 signature, bound to the same nonce and the same audio, agreeing on a chain you don't control. The audio was never on-chain.
| Contract | Address (Sepolia) |
|---|---|
| HonestEarQuorumZK + device P-256, audio+nonce-bound 2-of-2 | 0x31695C1842d558b396Ec8fE07E595D24cBabe487 |
| HonestEarVerifierRISC Zero Groth16 receipt for the pinned image id | 0xFEBFAdf633a79a3dB1e0e02D5a26656a3a05ED36 |
| CheckpointAnchorRFC 9162 consistency, verified on-chain (SHA-256 precompile) | 0x742Ad4567bE9c1EFB1F89D3B42EED160C04b6b86 |
| RiscZeroGroth16VerifierRISC Zero's verifier contract | 0x956CD96147D71530892730cBBab1109E2EA7aCC9 |
Your browser calls latestSize() and latestRoot() on the anchor via a public RPC and compares them to the transparency-log checkpoint committed in this repo. If they match, the public ledger agrees with the log's published root.
Testnet, honestly. This is a public-testnet proof-of-concept deployed from a disposable key — real on a real chain, but not a production deployment. For a production chain you'd reuse RISC Zero's canonical audited verifier router rather than a self-deployed one. Verify any of this yourself, view-only and free, with bash onchain/call-sepolia.sh.
Device endorsements go into an append-only Merkle log. A signed checkpoint is three lines — origin, size, base64 root — and a consistency proof shows the log only ever grew (no rewrite, no fork). That same proof is checked on-chain by CheckpointAnchor, so even the log operator can't equivocate without the public ledger rejecting it.
$ make sim # builds he-log $ he-log consistency --log L --index 3 # RFC 9162 proof 3 → current $ cd onchain && forge test --match-contract CheckpointAnchorTest [PASS] test_AnchorsConsistentExtension # the 3→5 proof, checked on-chain [PASS] test_RejectsForkedRoot # a rewrite is rejected [PASS] test_RejectsRollback
The new root (size 5) above is the exact value the live anchor read returns — that's the agreement the dashboard checks for you.
The host artifacts (the C simulator/detector and the Go verifier tools) are built twice, in two trees at different paths, with deterministic flags, and every binary's SHA-256 is compared. Identical hashes prove the output depends only on the source — not the path, the clock, or the machine. CI runs this on every push, publishes the manifest, and attaches a SLSA build-provenance attestation to it.
$ make repro REPRODUCIBLE all host artifacts are byte-identical across two trees $ gh attestation verify repro-manifest.txt --repo NubsCarson/open-opticon ✓ verification succeeded # the manifest's GitHub build provenance
The latest manifest is on the CI runs page (each run's summary + the repro-manifest artifact). The OP-TEE TA measurement is re-derivable from source with the documented deterministic build; the zk guest image id is a toolchain- and revision-locked measurement (pinned to its rzup toolchain + guest snapshot, not a from-any-checkout rebuild) — see REPRODUCIBLE.md.
Nothing here asks for your trust.