POLYMER / The Verifiable RPC Network

Verifying the
Onchain Economy.

Every wallet, bridge, and exchange reads the blockchain through someone else's server, and trusts whatever it says. Polymer signs every response inside tamper-proof hardware ensuring every response is provably correct.

Read the whitepaper

01 // PROTOCOL ARCHITECTURE

Chip

Intel TDX · sealed enclave

Software

fingerprint verified ✓

Signing key

created at boot · hardware only

Key lifetime

exists only while the node is running

SEALED HARDWARE ENCLAVE · BLOCKCHAIN NODE node:0x4a8f2c1b…e92c

BLOCKCHAIN READER

reads full chain data

fetches the real answer

RESPONSE PACKER

packages the answer

ready for signing

SIGNING KEY

Private key

never leaves the hardware

HARDWARE-LOCKED

HARDWARE PROOF

confirms enclave is live

attached to every response

IDENTITY LOCK

ties key to this software

can't be swapped or faked

software verified · tamper-evident · Polymer v2

Output

Signed response · verifiable by anyone

answer + cryptographic proof it came from sealed hardware

Signature

signed with the hardware's private key

key never leaves the chip · operator cannot access it

Verifies in

any wallet · smart contract · app

no special setup · no shared key · works out of the box

02 // THE PROBLEM

Your app doesn't read the blockchain. A server does.

Every wallet, bridge, and exchange gets blockchain data through a server someone else controls. Encrypting the connection doesn't verify the answer — it just means no one intercepted it. If the server itself lies, the lie is indistinguishable from the truth.

YOUR APP

wallet · bridge · exchange

asks for on-chain data

trusts whatever it receives

UNVERIFIABLE SERVER

someone else's machine

could return anything

! no verification possible

reads from

THE BLOCKCHAIN

the actual truth

immutable · public

— Encrypting the connection doesn't verify the answer. You know it wasn't intercepted — not that it's correct.

— A server that lies returns data that looks identical to correct data. No flag. No alert.

— Every app on chain is exposed to this. It's not theoretical.

CRITICAL kelp.layerzero.node-swap 2026-04-18T11:14:23Z attribution: Lazarus Group (DPRK)

// What happened · April 18, 2026

HONEST NODE

canonical RPC node

serving correct data

status: DDoS'd offline

→ REPLACED BY

POISONED NODE

swapped by attacker

same address · different software

behavior: selective lie

// TO EVERYONE ELSE

returned correct data — no alerts triggered

// TO LAYERZERO'S VERIFIER

returned forged data — bridge accepted it

// WITH POLYMER — THIS ATTACK FAILS

A swapped binary produces a different hardware fingerprint. The public registry rejects the node. It can't produce a valid signature. The attack has nowhere to go.

Drained in a single exploit

$292M

Bridge withdrawal · LayerZero rsETH

116,500 rsETH · ~18% of circulating supply.

// 47 minutes · 0 alerts

T − 5m

DDoS honest nodes offline

T + 0

Binary swapped on two RPC nodes

T + 19m

Forged answer sent to verifier

T + 47m

Bridge drained — $292M

03 // THE SOLUTION

Polymer seals the server inside tamper-proof hardware.

The problem isn't that a server reads the blockchain — it's that you can't verify what it's doing. Polymer locks the node inside a hardware enclave: a sealed environment where the software is fixed, the signing key never leaves, and every answer carries proof it came from the right place.

WITHOUT POLYMER

YOUR APP

request

UNVERIFIED SERVER operator controls it — can return anything

answer

RESPONSE no signature · no proof

✗ No way to verify it's true

WITH POLYMER

YOUR APP

request

HARDWARE ENCLAVE

SEALED NODE software locked · signing key never leaves

signed answer

RESPONSE + SIGNATURE signed by a key that never left the hardware

✓ Signature verified — answer trusted

The operator can slow or stop the server. They cannot change what it says.

04 // REQUEST FLOW

From request to verified answer.

Your app asks for blockchain data. The node answers from inside sealed hardware, signs the response, and sends back proof of where it came from. Your app checks the signature — and knows the answer is real.

CALLER

Your app asks for data

Your wallet, bridge, or exchange sends a normal request — a balance, a transaction, an on-chain event. Nothing changes on the caller's side.

HARDWARE ENCLAVE

A sealed node reads the blockchain

Polymer's node fetches the data from inside a hardware enclave — a sealed environment that Intel's chip controls. Once it's running, the operator can't change it or see inside.

SEALED SIGNATURE

The node signs the answer inside the hardware

The enclave generated a private signing key when it booted — inside the hardware, never written to disk. The node uses it to sign every response. A forged answer would need that key. Nobody has it.

ON-CHAIN VERIFICATION

Your app verifies before acting

Your app checks the signature against a public key registered on-chain. If the signature is valid, the data came from a Polymer node running the correct software. If not, discard it.

How a request gets answered and verified ━━ request ━━ signed response ┄┄ verification

// YOUR APP

YOUR APP

wallet · bridge · exchange

requests blockchain data

asks for on-chain data

SERVER · OPERATOR-CONTROLLED

SEALED HARDWARE ENCLAVE code verified ✓

Reads from the blockchain

fetches the answer and packages it for signing

SIGNING KEY

Private key

locked inside hardware — never leaves

HARDWARE PROOF

Live attestation

confirms the enclave is active and unmodified

operator can turn it on or off — cannot change what it says

signed answer + hardware proof

// ON-CHAIN

ON-CHAIN

Public Registry

list of approved nodes and their signing keys

managed by governance · publicly auditable

05 // TRUST PILLARS

Three pillars. Hardware. Cryptography. Public verifiability.

Hardware locks the node down. Cryptography signs every response. Open source lets anyone audit what's actually running. Three independent checks behind every read.

Hardware

Intel TDX · silicon enclave

The node runs inside a sealed compartment built into the chip. The server operator can turn the machine on — but they can't see or change what's running inside. The hardware itself enforces this.

GUARANTEES The software inside is exactly what was approved — nothing else can run

→

Cryptography

Per-node key · ECDSA secp256k1

Every answer the node sends is signed with a key that was created inside the enclave and has never left. You can verify the signature yourself. If the answer was tampered with — or came from a different machine — the signature won't match.

GUARANTEES Every response is signed — a bad answer can't forge a valid signature

→

Public verifiability

Reproducible builds · open source

The node's code is public. Anyone can download it, compile it, and check that it produces the same binary that's registered on chain. You don't have to trust Polymer's word — you can verify it yourself.

GUARANTEES The code running on chain is the same code anyone can read and audit

→ THE RESULT

Signature checks out · key is registered · code matches public source · answer is trusted

VERIFIED