three different kinds of hiding, kept separate
What each tier actually protects.
“Your method stays yours” means three different things across the tiers, and honesty requires stating which. T2 protects by license and sandbox: the verifier node does run your container, so the operator could in principle inspect it; the protection is legal and operational, not cryptographic. T3 protects by never sending the method at all: only a certificate travels, and an open kernel checks it. T0 protects nothing and is labeled exactly so.
| tier | who can see the method | where it runs | protection type | what the badge proves |
|---|---|---|---|---|
| T1 · fully open | everyone (public) | runs in the node sandbox on public inputs | none; everything is public and re-runnable | reproducibility of every claim, end to end |
| T2 · receipt-verified | the verifier node only, inside an attested sandbox | sealed container, re-executed under a verification-only license | LEGAL (license) + operational (sandbox, no exfil); NOT cryptographic secrecy from the operator | pass/fail on each claim; hash-commitment timestamp as priority evidence |
| T3 · proof-carrying | no one; the method never leaves your machine | only a certificate travels; the open kernel checks it | TECHNICAL: the verifier sees a certificate, not the method | the certificate's statement, checked by a public kernel of a different kind |
| T0 · attested only | n/a; not re-executed | nothing is run | identity + timestamp only | that a signed artifact existed at a time; NOT that it reproduces |
If a verifier can re-execute a sealed container, the verifier’s operator has custody of it during the run. T2’s guarantee is that custody is bounded by license and by a hermetic sandbox, not that the operator is cryptographically blind. Choose T3 when that distinction matters to you.