Running Tamperproof Queries

Get started running tamperproof queries with Proof of SQL℠!

The Space and Time Database allows users to run tamperproof queries that use ZK cryptography to generate a proof that ensures neither the SQL nor the data have been tampered with. You can have that proof immediately applied within the SxT network, or send it to another third-party verifiers, allowing you to extend the zero-trust model of a blockchain into a big-data system.

Automated Verification

Running a tamperproof query is surprisingly simple - you only need a Space and Time account, a tamperproof table, and a verifier.

Native Verification with Space and Time Studio

The easiest way to run a tamperproof query is using Space and Time Studio, as it provides a seamless and unified experience.

Step 1: Login to Space and Time Studio

To login to Space and Time Studio dapp:

Navigate to the Space and Time Studio dapp and click on "Sign in" in the upper-right most corner.

Enter your Username and Password, and click "Login"


Click the "Connect a wallet" button at the bottom, and use your wallet to sign into your Space and Time account.

Once authenticated, you should see the "Sign in" button replaced by a "My account" button in the upper right, where you can manage your account and subscription settings.

🔥 New User? Click here to create an account! 🔥

Step 2: Run a Tamperproof Query

Once logged in to Space and Time Studio, you can run a tamperproof query directly in the query editor:

  • Click on the "Queries" menu tab, to pull up the "Query Editor"
  • In the main query editor space, click on the Proof of SQL button (looks like a database with a key) to the immediate left of the "Run Query" button - this will open a pop-out box
  • At the top of that pop-out next to the "Proof of SQL" title, click the toggle switch so that it reads "ENABLED" (this will also add a small green indicator to the Proof of SQL button)
  • Click the "Run Query" button!

If you would like to follow-along with the SQL above:

SELECT Event_Date
, sum(TempC) as SumTemp
, count(*) as CntTemp
, sum(TempC) / count(*) as AvgTemp
FROM SXTDemo_TP.Temperature_v01
GROUP BY Event_Date


A script to create the tamperproof table above can be found in the recipe, "Create a Tamperproof Table.


Contrats, you've run a tamperproof query! All queries submitted through the "Query Editor" will now also generate a ZK proof, and be verified using the SxT verifier network.

Native Verification with Space and Time API

If you interface with the Space and Time Database using APIs and you want to run Native Verification, the change is as easy as using a different, but identical, SQL API endpoint.

To keep examples OS and programming language agnostic, the example below uses the SXT CLI in a terminal window.

Step 1: Install SXT CLI

If not already complete, follow these instructions to install the Space and Time CLI.

Step 2: Login to Space and Time

To login to the Space and Time network using the CLI, make sure you've installed the Space and Time CLI and have a valid space and time user, then copy/paste the commands below into a terminal:

  1. Set environment variables (replacing values below with your SxT credentials) and login to the SxT network:

sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY
# assuming this file exists, containing user secrets:
. ~/.keys/.env

sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY

This command will return two tokens:

  • ACCESS_TOKEN - used to authenticate any API calls to the network
  • REFRESH_TOKEN - used to request a new ACCESS_TOKEN
  1. Optionally, it's a good idea to copy the ACCESS_TOKEN to an environment variable. This can be done manually, i.e., ACCESS_TOKEN="eyJ0eXBlIjoiY..." or by directing the CLI output to a parser like awk:
ACCESS_TOKEN=$(sxtcli authenticate login --url=$API_URL --userId=$USERID --publicKey=$USER_PUBLIC_KEY --privateKey=$USER_PRIVATE_KEY | awk 'NR==2{ print $2 }' )
  1. Optionally, let's test our ACCESS_TOKEN by submitting a request to the network. Assuming your ACCESS_TOKEN is stored in an environment variable as above, you can retrieve your UserID details, or run queries (with a valid subscription or trial):
curl --request GET \
     --url \
     --header 'accept: application/json' \
     --header "authorization: Bearer $ACCESS_TOKEN"
curl --request POST \
--url "" \
--header "accept: application/json" \
--header "authorization: Bearer $ACCESS_TOKEN" \
--header "content-type: application/json" \
--data '{
    "sqlText": "Select count(*) as Blocks_Yesterday from Ethereum.Blocks where time_stamp between current_date-1 and current_date"


Contrats, you've authenticated to the Space and Time network and generated an ACCESS_TOKEN using the CLI!

Hint: If you plan to use the CLI frequently, you might consider:

Step 3: Run a Tamperproof Query

Running a natively verified tamperproof query using the API is nearly identical to running a normal SQL query request, except using the tamperproof SQL API endpoint. Using this API will generate the query results, the ZK Proof, and use the SxT verifier network to perform the verification - all automatically in one step!

To run a query using the CLI, open a terminal window, log into the Space and Time network to get an ACCESS_TOKEN, saved to an environment variable ACCESS_TOKEN, and then submit the API call:

SQL="SELECT Event_Date, sum(TempC) as SumTemp, count(*) as CntTemp, sum(TempC) / count(*) as AvgTemp FROM SXTDemo_TP.Temperature_v01 GROUP BY Event_Date"

curl --request POST \
     --url \
     --header 'content-type: application/json' \
     --header "authorization: Bearer $ACCESS_TOKEN" \
     --data '{ "sqlText": "'"$SQL"'" }'


Contrats, you've run a tamperproof query!

Optionally, let's run the same query above but using the normal SQL endpoint. The query result is the same, but note that you'll get MORE information back from the tamperproof endpoint than you will from the normal endpoint. This is because the tamperproof endpoint will include, among other metadata information, the verification hash. The endpoint signature between the two is identical, except for the URL:

SQL="SELECT Event_Date, sum(TempC) as SumTemp, count(*) as CntTemp, sum(TempC) / count(*) as AvgTemp FROM SXTDemo_TP.Temperature_v01 GROUP BY Event_Date"
curl --request POST \
     --url \
     --header 'content-type: application/json' \
     --header "authorization: Bearer $ACCESS_TOKEN" \
     --data '{ "sqlText": "'"$SQL"'" }'

Other Ways to Verify

Run Your Own Verifier

Space and Time has open-source the verifier code, meaning for centralized use-cases you can install and perform local verification. This is great for any use-case where you alone need to verify the proof, such as internal analytics, centralized transactions, or fully internal work not shared with 3rd parties (or those parties trust you to perform the work correctly).

To get started with your own verifier, simply clone the Proof of SQL Verifier repo, located here:

Coming Soon! Verify with Partners (like Chainlink)

Space and Time is partnering with ZK verifier networks to broaden the choice of decentralized, 3rd party verifiers for your proofs. These will be coming online over the course of the next few months, so check back frequently for the growing list!

Coming Soon! Verify On-Chain

Space and Time cryptography teams are working hard to hyper-optimize the verifier to run onchain efficiently enough to be financially practical, even for high-cost / settlement chains. Look for this coming soon!


Ready to Build Your Own Tables / Queries?

Check out this page, where you can read up on currently available Proof of SQL syntax and learn tamperproof table best practices!