Lero Network Whitepaper
Version 1.0 | December 2025 | Cryptographic Verification Protocol
Abstract
Lero Network presents a groundbreaking cryptographic verification protocol that enables the generation of verifiable proofs from real-world data sources without revealing the underlying sensitive information. By combining Three-Party TLS (3P-TLS), Multi-Party Computation (MPC), and Zero-Knowledge Proofs (ZKP), Lero creates a trustless bridge between centralized data sources and decentralized applications.
The protocol addresses a fundamental challenge in Web3: the need to verify claims about off-chain data without compromising user privacy or requiring trusted intermediaries. Traditional oracle solutions rely on API access and data source cooperation, limiting their applicability. Lero's approach requires no API integration or server-side changes, enabling verification of any HTTPS-based data source.
Key innovations include:
- -Universal Data Source Compatibility: Verify any web-accessible data without API access or server modifications
- -Privacy-First Design: User data never leaves the local environment in raw form
- -Decentralized Verification: No single point of trust or failure in the verification process
- -On-Chain Integration: Proofs can be stored as zkSBTs or shared privately with specific addresses
"Lero Network represents the missing infrastructure layer that connects the authenticated web with trustless blockchain verification, unlocking use cases previously impossible in decentralized systems."
Introduction
2.1 The Problem of Private Data Verification
The blockchain ecosystem has matured significantly over the past decade, yet a fundamental limitation persists: the inability to reliably verify claims about off-chain data while preserving user privacy. This constraint manifests across numerous critical applications:
- -DeFi Lending: Protocols cannot assess borrower creditworthiness without accessing sensitive financial data
- -Identity Verification: KYC processes require exposing personal documents to centralized entities
- -Reputation Systems: Web2 credentials cannot be ported to Web3 without revealing underlying data
- -Healthcare: Medical records verification requires trusted intermediaries
2.2 Limitations of Existing Solutions
Current approaches to bridging off-chain data with blockchain applications suffer from several fundamental limitations:
Traditional Oracles
Rely on trusted data providers and require API access. Data sources must cooperate, and users must trust the oracle operator not to manipulate or leak data.
Hardware-Based Attestation
TEE (Trusted Execution Environment) solutions introduce hardware trust assumptions and are vulnerable to side-channel attacks. They also face supply chain security concerns.
Centralized Verification Services
Third-party verification services create single points of failure and require users to share sensitive data with additional parties.
2.3 The Lero Approach
Lero Network addresses these limitations through a novel combination of cryptographic techniques that enable verification without trust assumptions on data sources or intermediaries:
The protocol operates by extending the standard TLS handshake into a three-party process, where MPC nodes participate in key generation without gaining access to the actual data being transmitted. This approach ensures:
- 1.Data authenticity is cryptographically guaranteed by the original TLS certificate
- 2.Users maintain complete control over their raw data
- 3.Verification occurs without any party having complete access to session keys
- 4.Zero-knowledge proofs enable selective disclosure of verified claims
Protocol Architecture
3.1 Three-Party TLS (3P-TLS)
At the core of Lero Network lies the 3P-TLS protocol, an extension of the standard TLS 1.3 handshake that introduces MPC nodes as cryptographic witnesses without compromising the security properties of the original protocol.
Standard TLS vs 3P-TLS
Standard TLS 1.3
- - Client-Server communication
- - Single key exchange
- - No external verification
- - Trust-based data claims
3P-TLS
- - Client-Server-MPC communication
- - Distributed key shares
- - Cryptographic verification
- - Provable data authenticity
3.1.1 Handshake Process
The 3P-TLS handshake proceeds through the following phases:
Node Selection
The client requests verification and the network randomly selects a set of MPC task nodes from the available pool using VRF-based selection.
Key Share Generation
During the TLS handshake, MPC nodes participate in distributed key generation, each receiving a share of the MAC key without any single party knowing the complete key.
Data Transmission
The client establishes a standard TLS connection with the data source, with MPC nodes able to verify the authenticity of responses through their key shares.
Commitment Generation
Task nodes generate cryptographic commitments attesting to the data authenticity, which are used as inputs for subsequent ZK proof generation.
3.2 MPC Network Architecture
The MPC network consists of distributed nodes that collectively perform verification tasks without any single node having access to complete session information.
Task Nodes
Randomly selected for each verification request, task nodes participate in the 3P-TLS handshake and attestation generation.
- - Stake-weighted selection
- - Rotated per session
- - Threshold signatures
Validator Nodes
Oversee the network consensus and ensure task node honesty through economic incentives and slashing conditions.
- - Consensus participation
- - Dispute resolution
- - State management
3.3 Proof Generation Pipeline
Once data authenticity is established through 3P-TLS, users generate zero-knowledge proofs locally using the verified data and MPC attestations.
// Proof Generation Flow
1. User receives authenticated TLS response
2. LeroGate extension parses response against schema
3. MPC nodes provide attestation shares
4. Local ZK prover generates proof
5. Proof can be stored on-chain or shared privately
Cryptographic Foundations
4.1 Hybrid Zero-Knowledge Proof System
Lero Network employs a Hybrid ZK architecture that combines the strengths of different zero-knowledge proof systems to optimize for both prover efficiency and verifier cost.
Vector Oblivious Linear Evaluation
Used for efficient prover-side computation of data integrity proofs.
- - O(n) prover complexity
- - Minimal memory requirements
- - Fast proof generation
Succinct Non-Interactive Arguments
Used for on-chain verification with constant-size proofs.
- - Constant proof size (~200 bytes)
- - O(1) verification time
- - EVM-compatible
4.2 Multi-Party Computation Protocol
The MPC protocol ensures that no single party can access complete session keys while maintaining the ability to collectively verify data authenticity.
Security Properties
Confidentiality
User data remains encrypted and inaccessible to MPC nodes
Integrity
Data authenticity verified through distributed MAC computation
Availability
Byzantine fault tolerance with 2/3 honest majority assumption
Non-repudiation
Cryptographic proofs cannot be forged or disputed
4.3 zkSBT Implementation
Zero-knowledge Soulbound Tokens (zkSBTs) serve as the on-chain representation of verified proofs, enabling persistent and composable verification claims.
// zkSBT Structure
struct zkSBT {
bytes32 schemaId; // Verification schema identifier
bytes32 proofHash; // Hash of ZK proof
uint256 timestamp; // Verification timestamp
bytes encryptedData; // Optional encrypted metadata
address issuer; // MPC network attestation
}Network Design
5.1 Node Architecture
The Lero Network operates through a distributed network of nodes with specialized roles, ensuring decentralization while maintaining high performance.
Task Nodes
Task nodes form the computational backbone of the network, participating in 3P-TLS sessions and generating attestations.
1,000+
Active Nodes
50ms
Avg Latency
99.9%
Uptime SLA
Validator Nodes
Validators secure the network through proof-of-stake consensus, managing network state and resolving disputes.
100
Validators
10k
Min Stake
2s
Block Time
5.2 Consensus Mechanism
Lero employs a modified Proof-of-Stake consensus optimized for the unique requirements of verification workloads.
- -Delegated Proof-of-Stake: Token holders delegate to validators, distributing security responsibility
- -VRF-Based Selection: Task node assignment uses verifiable random functions for fairness
- -Slashing Conditions: Malicious behavior results in stake reduction and network ejection
Data Source Integration
6.1 Schema System
Lero's schema system defines how data is extracted, validated, and converted into verifiable claims. Schemas are created by developers and reviewed for security before deployment.
// Example Schema Definition
{
"schemaId": "twitter-follower-verification",
"version": "1.0.0",
"dataSource": {
"type": "https",
"domain": "twitter.com",
"path": "/*/followers"
},
"selectors": [
{
"name": "followerCount",
"type": "number",
"xpath": "//span[@data-testid='followerCount']"
}
],
"proofTypes": ["gt", "lt", "eq", "range"]
}6.2 Supported Data Sources
The protocol supports any HTTPS-based data source. Pre-built schemas are available for common platforms:
Twitter/X
GitHub
Binance
Coinbase
Banks
Gov IDs
Healthcare
Token Economics
7.1 $LERO Token Utility
The $LERO token serves as the native utility token of the network, enabling economic coordination between participants.
Network Fees
Users pay $LERO for verification requests, distributed to task nodes and validators.
Staking
Node operators stake $LERO as collateral, earning rewards for honest participation.
Governance
Token holders vote on protocol upgrades, schema approvals, and parameter changes.
Schema Incentives
Schema creators earn ongoing fees when their schemas are used for verification.
7.2 Token Distribution
Use Cases
Lero Network enables a wide range of applications that were previously impossible or required trusted intermediaries.
ZKKYC (Zero-Knowledge KYC)
Users verify identity attributes (age, nationality, accreditation status) without exposing personal documents. DeFi protocols can enforce compliance while maintaining user privacy.
Undercollateralized DeFi Lending
Borrowers prove creditworthiness using bank statements and credit scores without revealing exact figures. Lenders can assess risk while respecting privacy.
Web2 Credential Portability
Users prove social media influence, professional credentials, or gaming achievements in Web3 applications without linking identities.
Healthcare Verification
Patients prove vaccination status, insurance coverage, or medical conditions for insurance, travel, or treatment access without exposing complete medical history.
Security Analysis
9.1 Threat Model
The protocol is designed to be secure under the following threat model:
Malicious Users
Users may attempt to forge proofs or manipulate data. The 3P-TLS protocol ensures that data authenticity is tied to the original TLS certificate, making forgery computationally infeasible.
Compromised MPC Nodes
Up to 1/3 of MPC nodes may be malicious. The protocol maintains security through threshold cryptography, requiring collusion of more than 2/3 of nodes to compromise integrity.
Network Adversaries
Man-in-the-middle attacks are prevented by the standard TLS certificate validation. The 3P-TLS extension does not weaken these guarantees.
9.2 Audit Status
Security Audits Completed
- - Trail of Bits: Core Protocol Review (Q3 2025)
- - OpenZeppelin: Smart Contract Audit (Q3 2025)
- - Veridise: Cryptographic Review (Q4 2025)
Roadmap
Q1 2025
Protocol Foundation
- - 3P-TLS protocol implementation
- - Core MPC framework
- - Testnet alpha launch
Q2 2025
Developer Tools
- - LeroGate SDK release
- - Schema builder tool
- - Developer documentation
Q3 2025
Mainnet Launch
- - Public mainnet deployment
- - Token generation event
- - Initial schema marketplace
Q4 2025 & Beyond
Ecosystem Growth
- - Cross-chain deployment
- - Enterprise partnerships
- - Governance decentralization