Skip to content
website

GitHub Prover

Problem

When building on-chain applications that rely on off-chain data — such as a user’s GitHub activity — trust becomes a bottleneck. How can anyone be sure that an API response truly came from GitHub and was not tampered with by the application server or a third party?

In current systems, developers often rely on a centralized backend to fetch and process data. This means users must trust that server’s output, even though it could be altered, filtered, or forged. There is no cryptographic proof that the data originated from GitHub and remained unmodified in transit.

Solution

The GitHub Prover uses Tisura technology to transform GitHub API responses into cryptographically certified records that can be proven on the client side and verified by anyone.

Here’s how it works:

  1. The user’s browser sends an HTTPS request to the GitHub API through our transparent proxy infrastructure.
  2. The proxy captures the TLS-encrypted traffic at the packet level and reconstructs the TLS records.
  3. The reconstructed records are bound to the original TLS handshake and GitHub’s certificate, ensuring:
    • Authenticity – it really came from GitHub
    • Integrity – it has not been modified
  4. This certified response is then used to generate a zero-knowledge proof inside the user’s device.
    • The proof can encode any condition (e.g., “User has more than N contributions to repo X”) without revealing the full API response.
  5. Anyone with the proof can verify it without needing to trust Tisura or the application backend.

Because proving happens entirely on the client side using Noir, Tisura never sees the user’s decrypted traffic.

Circuits Design

Circuits diagram

Our Noir circuits:

  1. Verify that the encrypted API response genuinely comes from our proxy infrastructure.
  2. Decrypt the response using the provided TLS session key within the circuit.
  3. Validate that the response meets the expected conditions i.e. that the user owns a given GitHub account and that its contribution count is X.

The output is a verifiable proof that anyone can check on-chain or off-chain.

Why This Matters

This approach removes blind trust in centralized servers. Any developer, DAO, or protocol can integrate GitHub-based proofs into their workflows — from contribution-based rewards to governance eligibility.