In the paper it is mentioned that when a service uses an attestation provided by a validator, the validator gets paid a certain amount of tokens. How is this actually enforced? If hashes are stored on a public ledger, can't services simply check for the presence of the PII hash themselves in the corresponding contract, without having to pay the validator?