✅ Proof of Forwarding

Zor replaces trust with proof.

Every relay must produce a zero-knowledge proof that it actually forwarded encrypted packets — without revealing what those packets contained or where they came from.

🧠 The Process

1. Each relay receives an encrypted batch from the previous hop.

2. It decrypts one onion layer, computes a hash of the input and output, and signs a lightweight receipt.

3. These receipts are verified inside a Vault (running in a TEE).

4. The Vault confirms the sequence of hashes, ensuring that each relay did its job correctly.

Only verified relays are rewarded with ZEC. No valid proof → no payment → no incentive to cheat.

🔒 TEE-Backed Verification

All verification happens inside Trusted Execution Environments (like SGX, SEV, or Nitro enclaves). These secure hardware enclaves keep proofs, balances, and encryption keys sealed off even from the node operator. They provide verifiable attestation, so anyone can confirm that the Vault software hasn’t been modified.

📊 Proof Chain Integrity

Each relay’s receipt connects cryptographically to the next:

hash_out(n) == hash_in(n+1)

This continuity forms a proof chain, an auditable but private ledger of network activity. When a proof chain is complete, the Vault releases ZEC payments automatically.

It’s trustless bandwidth verification — a blockchain-style incentive layer for network traffic.