Jump to Content

Connecting verifiable queries to smart contracts with Proof of SQL on BigQuery

December 11, 2023
Scott Dykstra

Co-founder and Chief Technology Officer, Space and Time

Lucas Fontaine

Customer Engineer, Google Cloud

Try Gemini 1.5 models

Google's most advanced multimodal models in Vertex AI

Try it

Editor’s note: Today we hear from Space and Time, whose decentralized data warehouse and novel zero-knowledge (ZK) proof for SQL operations was recently integrated into BigQuery. Read on to learn more about how Space and Time is working to improve Blockchain-based smart contracts for the Web3 space, and how to use their technology within the Google Cloud data ecosystem.

Blockchain transactions, which are executed by smart contracts, are cryptographically secured and can be independently verified by any participant in the network. As such, blockchain has vast implications for industries like financial services, supply chain, and healthcare, where the integrity, traceability, and transparency of data is critical. In fact, we believe a blockchain-based Web3 has the potential to revolutionize how these sectors manage data, conduct transactions, and interact with consumers.

However, smart contracts are limited in the types of data they can access, the amount of storage they can leverage, and the compute functions they can perform. Without the help of external solutions, smart contracts can only execute very basic if/then logic against certain data points that exist natively onchain. In order to power enterprise use cases, such as dynamic energy pricing or automated banking compliance, smart contracts need a way to access offchain data and compute.

The data that drives smart contracts often exists offchain in SQL databases and data warehouses, where it’s analyzed and aggregated before being sent to a contract onchain. This allows the smart contract to operate more efficiently and at scale, but poses a dire problem: without a way to verify this data or the processing of it, smart contracts are vulnerable to manipulation, which can result in a contract executing incorrectly, causing value loss onchain.

Solution: Deploying Proof of SQL in BigQuery

Enter Proof of SQL, a zero-knowledge (ZK) proof that enables tamperproof data processing at scale and provides cryptographic proof that query results have been processed as expected against untampered data. Proof of SQL combines ZK technology with traditional database processing to advance Web3 use cases, including:

  • Verifiable asset exchanges
  • Data-driven decentralized finance (DeFi)
  • Complex earning schemes for Web3 play-to-earn games
  • Dynamic tokenized real-world assets (RWAs)

Proof of SQL lets developers connect ZK-verified query processing over data in Google Cloud to their smart contracts. This enables smart contracts to execute based on more complex, data-driven logic without the costly risk of tampering.

As a ZK-proof attached to SQL databases, Proof of SQL cryptographically proves to a client that both query execution and underlying tables have not been tampered with. With Proof of SQL, the root of trust is established by creating virtual ‘tamperproof tables’ inside the target attached database. As data gets added to these tables by clients, special hashes (or 'commitments’) are updated. Later, when validating a query and associated ZK-proof, these commitments are used to confirm its validity. By enabling SK proof for SQL operations with BigQuery, customers can cryptographically ensure that query results were computed accurately and on untampered data.


Figure 1: Proof of SQL architecture

Proof of SQL is composed of two interoperating components: the Prover, which generates the proof-of-query execution, and the Verifier, which validates the generated proof. When a client ingests data into the database, that data is routed to the Verifier. The Verifier creates a commitment to the data, stores it for later use, then routes the data to the database.

When the client sends a query request, that request is routed to the Prover. The Prover parses the query, computes the correct result, and produces a proof of query execution. It then sends both the query result and the proof back to the Verifier.

Once the Verifier has this proof, it uses the commitment to check the proof against the result and verify that the Prover has produced the correct result for the query request. This query result is then routed back to the client along with a ‘success’ flag. If the proof does not pass, the Verifier sends a failure message instead.

Solution details: Architecture and integration


Figure 2: Proof of SQL on BigQuery

To enable Proof of SQL to work with BigQuery, a Space and Time Prover node is connected adjacent to the BigQuery engine. When a request for a tamperproof SQL query reaches BigQuery and is directed to the Prover, the result, accompanied by its proof of correctness, is generated. This proof-result pair can either be verified by the Space and Time Gateway, or through a client-side library. The latter shifts the root of trust to the user, which some clients prefer, while others choose to delegate verification to the Space and Time Gateway, which carries out this role on their behalf.

To enable Space and Time’s Proof of SQL service to ZK-prove that queries against BigQuery data were executed accurately and that the underlying data hasn’t been tampered with, a client must simply:

  1. Allow the Space and Time Gateway to be positioned in front of BigQuery as a proxy or load server: BigQuery users have the flexibility to label certain tables as 'tamperproof'. For tables that require tamperproof queries, the client loads the data through the Space and Time Gateway. During this process, the Gateway creates cryptographic commitments on the data, which are used later for proof verification.
  2. Provide the Prover node access to BigQuery storage (local or external): Once a table has been designated as tamperproof and the data is loaded via the Gateway, the next step is granting the Prover node access either to BigQuery storage directly, or to external storage venues like Google Cloud Storage. Regardless of where the tamperproof table is defined, a user has to authorize the Prover to read from it.
  3. Load data and route queries executed against BigQuery through the Gateway (only if those queries need to be ZK-verified): For query operations that don’t require Proof of SQL, the BigQuery user experience is no different. For tamperproof queries, requests must be routed through the Space and Time Gateway, in order to ensure that the Proof of SQL proof can be validated against the commitment that was created during loading.

These steps accomplished, customers can get up and running with ZK-proven queries quickly and efficiently.

ZK-proven queries: Customer use cases

The ability to ZK-verify queries will enable Google Cloud developers and enterprises to build a wealth of new Web3 use cases powered by verifiable data processing, including verifiable exchanges, data-driven DeFi, complex earning schemes for play-to-earn Web3 games, and dynamic tokenized RWAs.

Verifiable exchanges

Proof of SQL can be leveraged to ensure the integrity of metadata related to asset transactions on exchanges. In the case of Golteum, a Web3 trading platform for both digital and real-world assets that recently announced its participation in the Google for Startups Cloud Program, Proof of SQL is able to verify the authenticity and chain of custody of the precious metals being traded, thereby enhancing trust in and security of the platform's operations, which is paramount for a platform that operates on transparent trading and asset-backed tokens. Proof of SQL allows Golteum to post verifiable cryptographic proofs of its SQL operations, ensuring that the data related to the custody and origin of precious metals traded on Golteum is accurate and unaltered.

Data-driven DeFi

Decentralized finance, or DeFi, continues to rapidly evolve. Even so, traditional financial systems still far outpace their DeFi counterparts in complexity and efficiency. With Proof of SQL on BigQuery, a more nuanced approach to DeFi becomes feasible. For example, Proof of SQL can be used to create verifiable dynamic credit scores based on a borrower's onchain and offchain loan history. This allows for more tailored lending rates, aligning them with a borrower's credibility. Additionally, BigQuery's robust data-handling capabilities, combined with Proof of SQL, can facilitate the verifiable analysis of repayment behaviors, enabling lending protocols to set dynamic loan liquidation preferences. This not only enhances the accuracy and fairness of lending rates but also potentially increases the risk-adjusted returns for lending protocols.

Complex earning schemes for Web3 games

Enabling Proof of SQL on BigQuery allows game developers to transform reward systems in play-to-earn Web3 games. By allowing offchain game telemetry to be processed and analyzed in BigQuery, Proof of SQL ensures that onchain reward systems are not based on simple metrics but are instead able to include detailed player analytics. This enables game developers to create more intricate reward logic, such as assessing team cooperation or strategy implementation. For example, in a multiplayer online battle arena game, rewards can be based on a combination of achievements, player behavior, and in-game strategy, all verified by Proof of SQL. This deeper level of engagement, underpinned by BigQuery’s data processing power and the verifiability of Proof of SQL, significantly enhances the gaming experience and broadens the scope of the in-game economy.

Tokenization of RWAs and dynamic NFTs

Tokenization of real-world assets (RWAs) such as real estate, event tickets, or collectibles, benefits immensely from the Proof of SQL on BigQuery. For assets with dynamic metadata, BigQuery provides an efficient platform for storing and processing fluctuating data, while Proof of SQL ensures that these updates are tamperproof and verifiable. For instance, in the tokenization of event tickets, BigQuery can store and dynamically update ticket prices based on availability, with Proof of SQL guaranteeing the integrity of the underlying data. When a transaction occurs, the smart contract queries the real-time data, executing transactions based on the most current information. This system not only enhances efficiency and transparency but also responds to the growing demand for transparency, particularly in industries like event ticketing, paving the way for a more user-friendly experience.

Why Space and Time?

Space and Time focuses on ‘verifiable compute,’ combining a decentralized data warehouse and a full stack of ZK developer tools to empower Web3 developers to build decentralized applications at scale. Recently they announced a collaboration with Google Cloud. The work centers around enabling Proof of SQL – Space and Time’s novel ZK-proof for SQL operations – to work with BigQuery, and making Space and Time available to deploy from the Google Cloud Marketplace.

Posted in