Ludopoly is built on a principle that sets it apart from conventional online games: it is not merely expected to be fair, it is mathematically provable that it is fair. Every movement a player submits to the blockchain is accompanied by a zero-knowledge proof — a cryptographic object that certifies the move was made according to the protocol's rules without revealing the private inputs behind it.

This means that a player cannot claim to travel further than the distance system allows. They cannot replay a past move to fake a different position. They cannot fabricate a location hash that they do not legitimately hold. The proof circuit enforces all of these constraints simultaneously, and the on-chain verifier rejects anything that fails.

In traditional server-based games, players must trust that the game operator is honest. In Ludopoly, the architecture shifts from a "do not be evil" model to a "cannot be evil" model. The treasure oracle's knowledge of the treasure location is real, but it is locked behind hardware security modules and governed by a rigorous signing process. No oracle signature can be generated unless every step of the verification chain — proof validity, location match, and nonce integrity — has passed.

Every travel proof carries a unique nullifier — a cryptographic token that is consumed on-chain when the proof is submitted. Once consumed, the same proof can never be submitted again. Additionally, the system records the hash of every proof submitted, creating a second layer of protection against edge cases where nullifiers might collide.

When a game room ends, the oracle publishes the game secret on-chain. This allows any player to independently verify where the treasure was hidden throughout the game and confirm that the winning claim was legitimate. The game ends not with a declaration from a trusted authority but with cryptographic evidence that any observer can inspect.