Skip to content

VEIL — confidential-payments network for stablecoins (research → working prototype)#1

Open
far-reach wants to merge 12 commits into
mainfrom
claude/crypto-research-novel-ideas-a7xnt6
Open

VEIL — confidential-payments network for stablecoins (research → working prototype)#1
far-reach wants to merge 12 commits into
mainfrom
claude/crypto-research-novel-ideas-a7xnt6

Conversation

@far-reach

Copy link
Copy Markdown
Owner

What this is

A neutral, multi-chain confidential-payments network for stablecoins — a private mode for USDC/USDT with compliance built in as zero-knowledge proofs, not a backdoor. Confidentiality, not anonymity.

This PR takes the project from market research to a working, tested prototype: a shielded pool with a real ZK circuit, the off-chain services that make it usable, the token/value-accrual engine, cross-chain settlement, a business payments app, and a live deploy+demo — all verified end-to-end.

How it works

Deposits are public; a business shields stablecoins under a commitment. Withdrawals are private: a Groth16 proof shows the note is in the pool tree and in an approved association set (proof of innocence) without revealing which deposit is yours, exposing only a nullifier to stop double-spends. Notes are encrypted to a view key so an auditor can decrypt on demand. A protocol fee on each withdrawal feeds an on-chain buyback-and-burn; the VEIL token is the slashable bond that keeps the rail un-censorable.

What's included

Package Contents
packages/contracts Shielded pool (Poseidon Merkle tree), real circom circuit + Groth16 verifier, token / buyback-burn / staking module, ERC-7683-style cross-chain settlers, deploy + demo scripts
packages/sdk Notes, Merkle proofs, association-set membership proofs, view-key encryption
packages/services Relayer (gasless proving) + Association Set Provider (screening/publishing)
packages/app Business payments client (shield/pay/audit) + veil CLI
packages/solana Token-2022 confidential-transfer prototype + spl-token CLI runbook
docs/ Market research, whitepaper, three-idea logic audit, visual explainer

Verification

  • 34 tests passing (26 contract + 8 SDK), all packages type-check.
  • A real Groth16 proof is verified on-chain inside VeilPool.withdraw; the value-accrual loop is tested from a real pool fee; cross-chain open→fill→claim, the staking-gated relayer, and the shield→pay→audit product flow are all covered end-to-end with real proofs.
  • Deployed the full stack to a local node and ran a live confidential payment:
1. business shielded 1000.0 USDC (balance now private)
2. ASP published approved-set root (proof of innocence available)
3. relayer paid supplier 996.0 USDC privately (business paid no gas)
   relayer fee: 3.0 USDC · protocol fee -> buyback&burn: 1.0 USDC
4. auditor decrypted the shielded note with the view key: 1000.0 USDC
  • CI (.github/workflows/ci.yml) builds every package and runs the suites on push/PR.

Explicitly out of scope (pre-production, needs external parties)

Called out honestly in the whitepaper rather than faked: a public multi-party trusted-setup ceremony (the in-repo setup is single-party), a real cross-chain messaging oracle (LayerZero/CCIP/Wormhole) in place of the mock, hardened key storage, and an independent security audit. Not audited — research prototype, not for production use.

🤖 Generated with Claude Code


Generated by Claude Code

claude added 12 commits July 11, 2026 09:12
Implements the VEIL prototype selected in the token-ideas logic audit:

- EVM shielded pool (packages/contracts): Poseidon incremental Merkle tree,
  deposit/withdraw with nullifier double-spend prevention, association-set
  registry (proof of innocence), relayer + protocol fee routing. Groth16
  withdrawal circuit spec (withdraw.circom) with a mock verifier for CI.
  7 passing tests, including on-chain Merkle root cross-checked vs an
  independent JS computation.

- Client SDK (packages/sdk): note management, Poseidon Merkle proofs,
  association-set membership proofs, and X25519+XChaCha20-Poly1305 view-key
  encryption for auditor selective disclosure. 8 passing tests; SDK/chain
  root consistency verified.

- Solana prototype (packages/solana): Token-2022 confidential-transfer mint
  scaffolding (type-checked) and a spl-token CLI runbook for confidential
  payroll with an auditor key (VEIL's view-key analog).

- Whitepaper (docs/whitepaper.md): design, value-accrual/token, threat model,
  roadmap. Grounded in docs/market-research-2026.md and Vitalik Buterin's
  low-risk-defi and privacy essays.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
… test

- scripts/build-circuit.sh: compile withdraw.circom (22,486 constraints),
  run an offline Groth16 trusted setup, export the real Solidity verifier.
- scripts/gen-witness.mjs: build a real witness + proof + Solidity calldata
  from the @veil/sdk (Merkle + association-set proofs), verify off-chain.
- test/WithdrawProof.test.ts: deploy the generated verifier and settle a
  withdrawal with a real on-chain proof; skips until the circuit is built.
- withdraw.circom: switch to library-style circomlib includes (-l resolution).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
Generated Verifier.sol from the withdraw circuit's trusted setup (2^15
ceremony) and wired the end-to-end proof test: SDK builds the witness ->
circom -> real proof -> Groth16Verifier accepts it inside VeilPool.withdraw,
funds settle, nullifier blocks replay, tampered public signals are rejected.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- @veil/services: prover (snarkjs Groth16 proof gen), poolClient (rebuild
  tree from on-chain Deposit events), AspService (screen deposits, build &
  publish approved-set root), Relayer (gasless proof-free withdrawals).
- E2E test (11/11 contract tests): Alice deposits -> ASP screens out a blocked
  address & publishes the root -> relayer reconstructs the tree, generates a
  REAL proof, and settles the gasless withdrawal -> fees split correctly ->
  auditor decrypts the note from the on-chain ciphertext. Also asserts the
  relayer refuses notes outside the approved set.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- VeilToken: fixed 1B supply, burnable, ERC20Permit. Supply only decreases.
- BuybackBurner: permissionless engine that swaps accumulated protocol fees
  (VeilPool.feeCollector points here) into VEIL, burns a configured share, and
  routes the rest to the insurance treasury. Tested end-to-end being fed by a
  real pool withdrawal's protocol fee -> buyback -> burn.
- VeilStaking: slashable bonds for relayers/provers/ASPs with unstake cooldown;
  governance slashing to the insurance beneficiary; min-stake activity gating.
- MockSwapRouter + tests. Full contract suite: 19/19 passing.

Closes the revenue -> buyback-and-burn value-accrual loop in code.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
…r gate

- crosschain/VeilCrossChain.sol: ERC-7683-style shielded cross-chain payment.
  OriginSettler escrows amount+solverFee; DestinationSettler fills by shielding
  funds for the recipient in the destination VeilPool; solver claims the escrow
  after a settlement-oracle attestation. Refund path after deadline. 3 tests
  covering open->fill->claim, double-fill/claim rejection, and refund.
- VeilPool: optional staking gate — a fee-earning relayer must be an active,
  slashable operator (VeilStaking.isActive) when the gate is set. Off by
  default so gasless-optional flows still work; zero-fee withdrawals never gated.
- MockSettlementOracle. Full suite: 24/24 passing.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- @veil/app: PaymentsClient (shield deposits, pay privately via the relayer,
  audit by decrypting note ciphertext with the view key) + VeilWallet (view key
  + note store, JSON round-trip) + a 'veil' CLI (init/balance/notes/shield/pay/audit).
- Integration test drives the product API end-to-end with a REAL proof:
  shield -> pay gaslessly -> audit. Full suite now 26/26 passing.
- Docs: whitepaper, README, and the visual explainer updated to reflect
  Phases 1-4 shipped.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- scripts/deploy.ts: deploys the full stack (pool, verifier, token, buyback-
  burner, staking, ASP registry, cross-chain settlers) and writes
  deployments/<network>.json. Uses the real Groth16Verifier when built.
- scripts/demo.ts: runs a real confidential payment against a deployment —
  shield -> ASP publish -> gasless private pay (real proof) -> auditor decrypt.
  Verified live against a local node (all 4 steps).
- hardhat.config: localhost + sepolia networks (env-driven key/RPC).
- .github/workflows/ci.yml: install, build sdk/services/app, typecheck, run
  sdk + contract tests on every push/PR.
- deployments/ README; local deployment outputs gitignored.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
…l payment

- @veil/web: a no-build Node HTTP server + self-contained dashboard. Polls node
  and deployment health; POST /api/run executes the real shield -> ASP screen ->
  gasless private pay (real Groth16 proof) -> auditor decrypt flow against the
  local devnet and returns structured results.
- The UI contrasts what the public ledger shows (commitment + encrypted blob,
  amount hidden) against what the auditor decrypts with the view key, plus a
  payment breakdown. Verified end-to-end in a headless browser.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- docs/launch-plan.md: full operating plan — product/positioning, market
  (TAM/SAM/SOM), blended revenue model + unit economics, sequenced go-to-market
  wedge, compliance/regulatory strategy, competitive moat, pre-mainnet checklist,
  team, fundraising (seed -> Series A), 3-year financials + break-even logic,
  KPIs, risks, 24-month timeline. Honest recommendation: equity first, token later.
- docs/launch-plan.html: visual one-pager (GTM, revenue vs burn, use of funds,
  timeline, risks).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants