VEIL — confidential-payments network for stablecoins (research → working prototype)#1
Open
far-reach wants to merge 12 commits into
Open
VEIL — confidential-payments network for stablecoins (research → working prototype)#1far-reach wants to merge 12 commits into
far-reach wants to merge 12 commits into
Conversation
Implements the VEIL prototype selected in the token-ideas logic audit: - EVM shielded pool (packages/contracts): Poseidon incremental Merkle tree, deposit/withdraw with nullifier double-spend prevention, association-set registry (proof of innocence), relayer + protocol fee routing. Groth16 withdrawal circuit spec (withdraw.circom) with a mock verifier for CI. 7 passing tests, including on-chain Merkle root cross-checked vs an independent JS computation. - Client SDK (packages/sdk): note management, Poseidon Merkle proofs, association-set membership proofs, and X25519+XChaCha20-Poly1305 view-key encryption for auditor selective disclosure. 8 passing tests; SDK/chain root consistency verified. - Solana prototype (packages/solana): Token-2022 confidential-transfer mint scaffolding (type-checked) and a spl-token CLI runbook for confidential payroll with an auditor key (VEIL's view-key analog). - Whitepaper (docs/whitepaper.md): design, value-accrual/token, threat model, roadmap. Grounded in docs/market-research-2026.md and Vitalik Buterin's low-risk-defi and privacy essays. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
… test - scripts/build-circuit.sh: compile withdraw.circom (22,486 constraints), run an offline Groth16 trusted setup, export the real Solidity verifier. - scripts/gen-witness.mjs: build a real witness + proof + Solidity calldata from the @veil/sdk (Merkle + association-set proofs), verify off-chain. - test/WithdrawProof.test.ts: deploy the generated verifier and settle a withdrawal with a real on-chain proof; skips until the circuit is built. - withdraw.circom: switch to library-style circomlib includes (-l resolution). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
Generated Verifier.sol from the withdraw circuit's trusted setup (2^15 ceremony) and wired the end-to-end proof test: SDK builds the witness -> circom -> real proof -> Groth16Verifier accepts it inside VeilPool.withdraw, funds settle, nullifier blocks replay, tampered public signals are rejected. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
…evenue) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- @veil/services: prover (snarkjs Groth16 proof gen), poolClient (rebuild tree from on-chain Deposit events), AspService (screen deposits, build & publish approved-set root), Relayer (gasless proof-free withdrawals). - E2E test (11/11 contract tests): Alice deposits -> ASP screens out a blocked address & publishes the root -> relayer reconstructs the tree, generates a REAL proof, and settles the gasless withdrawal -> fees split correctly -> auditor decrypts the note from the on-chain ciphertext. Also asserts the relayer refuses notes outside the approved set. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- VeilToken: fixed 1B supply, burnable, ERC20Permit. Supply only decreases. - BuybackBurner: permissionless engine that swaps accumulated protocol fees (VeilPool.feeCollector points here) into VEIL, burns a configured share, and routes the rest to the insurance treasury. Tested end-to-end being fed by a real pool withdrawal's protocol fee -> buyback -> burn. - VeilStaking: slashable bonds for relayers/provers/ASPs with unstake cooldown; governance slashing to the insurance beneficiary; min-stake activity gating. - MockSwapRouter + tests. Full contract suite: 19/19 passing. Closes the revenue -> buyback-and-burn value-accrual loop in code. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
…r gate - crosschain/VeilCrossChain.sol: ERC-7683-style shielded cross-chain payment. OriginSettler escrows amount+solverFee; DestinationSettler fills by shielding funds for the recipient in the destination VeilPool; solver claims the escrow after a settlement-oracle attestation. Refund path after deadline. 3 tests covering open->fill->claim, double-fill/claim rejection, and refund. - VeilPool: optional staking gate — a fee-earning relayer must be an active, slashable operator (VeilStaking.isActive) when the gate is set. Off by default so gasless-optional flows still work; zero-fee withdrawals never gated. - MockSettlementOracle. Full suite: 24/24 passing. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- @veil/app: PaymentsClient (shield deposits, pay privately via the relayer, audit by decrypting note ciphertext with the view key) + VeilWallet (view key + note store, JSON round-trip) + a 'veil' CLI (init/balance/notes/shield/pay/audit). - Integration test drives the product API end-to-end with a REAL proof: shield -> pay gaslessly -> audit. Full suite now 26/26 passing. - Docs: whitepaper, README, and the visual explainer updated to reflect Phases 1-4 shipped. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- scripts/deploy.ts: deploys the full stack (pool, verifier, token, buyback- burner, staking, ASP registry, cross-chain settlers) and writes deployments/<network>.json. Uses the real Groth16Verifier when built. - scripts/demo.ts: runs a real confidential payment against a deployment — shield -> ASP publish -> gasless private pay (real proof) -> auditor decrypt. Verified live against a local node (all 4 steps). - hardhat.config: localhost + sepolia networks (env-driven key/RPC). - .github/workflows/ci.yml: install, build sdk/services/app, typecheck, run sdk + contract tests on every push/PR. - deployments/ README; local deployment outputs gitignored. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
…l payment - @veil/web: a no-build Node HTTP server + self-contained dashboard. Polls node and deployment health; POST /api/run executes the real shield -> ASP screen -> gasless private pay (real Groth16 proof) -> auditor decrypt flow against the local devnet and returns structured results. - The UI contrasts what the public ledger shows (commitment + encrypted blob, amount hidden) against what the auditor decrypts with the view key, plus a payment breakdown. Verified end-to-end in a headless browser. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
- docs/launch-plan.md: full operating plan — product/positioning, market (TAM/SAM/SOM), blended revenue model + unit economics, sequenced go-to-market wedge, compliance/regulatory strategy, competitive moat, pre-mainnet checklist, team, fundraising (seed -> Series A), 3-year financials + break-even logic, KPIs, risks, 24-month timeline. Honest recommendation: equity first, token later. - docs/launch-plan.html: visual one-pager (GTM, revenue vs burn, use of funds, timeline, risks). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HxPw6Snr6m4L8Fe3GE4zYp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this is
A neutral, multi-chain confidential-payments network for stablecoins — a private mode for USDC/USDT with compliance built in as zero-knowledge proofs, not a backdoor. Confidentiality, not anonymity.
This PR takes the project from market research to a working, tested prototype: a shielded pool with a real ZK circuit, the off-chain services that make it usable, the token/value-accrual engine, cross-chain settlement, a business payments app, and a live deploy+demo — all verified end-to-end.
How it works
Deposits are public; a business shields stablecoins under a commitment. Withdrawals are private: a Groth16 proof shows the note is in the pool tree and in an approved association set (proof of innocence) without revealing which deposit is yours, exposing only a nullifier to stop double-spends. Notes are encrypted to a view key so an auditor can decrypt on demand. A protocol fee on each withdrawal feeds an on-chain buyback-and-burn; the VEIL token is the slashable bond that keeps the rail un-censorable.
What's included
packages/contractspackages/sdkpackages/servicespackages/appshield/pay/audit) +veilCLIpackages/solanaspl-tokenCLI runbookdocs/Verification
VeilPool.withdraw; the value-accrual loop is tested from a real pool fee; cross-chain open→fill→claim, the staking-gated relayer, and the shield→pay→audit product flow are all covered end-to-end with real proofs..github/workflows/ci.yml) builds every package and runs the suites on push/PR.Explicitly out of scope (pre-production, needs external parties)
Called out honestly in the whitepaper rather than faked: a public multi-party trusted-setup ceremony (the in-repo setup is single-party), a real cross-chain messaging oracle (LayerZero/CCIP/Wormhole) in place of the mock, hardened key storage, and an independent security audit. Not audited — research prototype, not for production use.
🤖 Generated with Claude Code
Generated by Claude Code