The first ZK-proof shielded pool on Stellar Soroban β powered by Protocol 25's native BN254 and Poseidon cryptographic primitives.
PrivacyLayer enables compliance-forward private transactions on Stellar. Users deposit fixed-denomination XLM or USDC into a shielded pool, then withdraw to any address using a zero-knowledge proof β with no on-chain link between deposit and withdrawal.
Inspired by Penumbra (Cosmos) and Aztec Network (Ethereum), adapted natively for the Stellar/Soroban ecosystem.
Stellar Protocol 25 (X-Ray, January 2026) added:
- β
BN254 elliptic curve operations (
G1/G2add, scalar mul, pairing) - β Poseidon / Poseidon2 hash functions
- β Both are native Soroban host functions β no external libraries needed
No Soroban dApp has used these yet. PrivacyLayer is the first.
User PrivacyLayer SDK Soroban Contract
β β β
βββ deposit(amount) βββββββΊβ β
β βββ generateNote() βββββββββββββΊβ
β β (nullifier, secret) β
β βββ Poseidon(nullifier,secret) β
β β = commitment β
β βββ deposit(commitment) ββββββββΊβ
β β insert intoβ
ββββ noteBackup ββββββββββββ MerkleTree β
β β β
βββ withdraw(note) βββββββββΊβ β
β βββ syncMerkleTree() βββββββββββΊβ
β ββββ leaves[] ββββββββββββββββββ
β βββ generateMerkleProof() β
β βββ generateZKProof() [WASM] β
β β Groth16 via Noir prover β
β βββ withdraw(proof) ββββββββββββΊβ
β β verifyG16 β
β β BN254 pair β
ββββ funds at new addr ββββββββ transfer() ββββββββββββββββ
| Step | Operation | Protocol 25 Primitive |
|---|---|---|
| Deposit | commitment = Poseidon(nullifier β₯ secret) |
poseidon2_hash host fn |
| Store | Insert commitment into on-chain Merkle tree | Soroban storage |
| Withdraw (prove) | ZK proof: know preimage of a commitment in the tree | Noir circuit (BN254) |
| Withdraw (verify) | Groth16 pairing check on-chain | bn254_pairing host fn |
PrivacyLayer/
βββ circuits/ # ZK circuits written in Noir
β βββ commitment/ # Commitment scheme (Poseidon)
β β βββ src/main.nr
β βββ withdraw/ # Withdrawal proof (Merkle + nullifier)
β β βββ src/main.nr
β βββ merkle/ # Merkle tree circuit library
β β βββ src/lib.nr
β βββ lib/ # Shared circuit utilities
β β βββ src/
β β βββ hash/ # Hash functions
β β βββ merkle/ # Merkle utilities
β β βββ validation/# Input validation
β βββ integration_test.nr
βββ contracts/ # Soroban smart contracts (Rust)
β βββ privacy_pool/
β βββ src/
β βββ contract.rs # Main contract interface
β βββ lib.rs # Library entry point
β βββ core/ # Core business logic
β β βββ deposit.rs # Deposit operations
β β βββ withdraw.rs # Withdrawal operations
β β βββ admin.rs # Admin functions
β β βββ initialize.rs # Contract initialization
β β βββ view.rs # View/query functions
β βββ crypto/ # Cryptographic operations
β β βββ merkle.rs # Incremental Merkle tree (depth=20)
β β βββ verifier.rs # Groth16 verifier via BN254 host fns
β βββ storage/ # State management
β β βββ config.rs # Configuration storage
β β βββ nullifier.rs # Nullifier tracking
β βββ types/ # Type definitions
β β βββ state.rs # Contract state types
β β βββ events.rs # Contract events
β β βββ errors.rs # Error types
β βββ utils/ # Utility functions
β β βββ validation.rs # Input validation
β β βββ address_decoder.rs
β βββ test.rs # Unit tests
β βββ integration_test.rs# Integration tests
βββ sdk/ # TypeScript client SDK (planned)
β βββ src/
β βββ note.ts # Note generation
β βββ deposit.ts # Deposit flow
β βββ withdraw.ts # Withdraw flow (proof generation)
β βββ merkle.ts # Client-side Merkle sync
β βββ __tests__/ # Jest tests
βββ frontend/ # Next.js dApp (planned)
βββ scripts/ # Deploy + key setup (planned)
βββ contracts/privacy_pool/ARCHITECTURE.md # Contract architecture docs
βββ docs/ # Documentation (planned)
# Rust (for Soroban contracts)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup target add wasm32-unknown-unknown
# Stellar CLI
cargo install --locked stellar-cli
# Noir toolchain (nargo)
curl -L https://raw.githubusercontent.com/noir-lang/noirup/refs/heads/main/install | bash
noirup
# Node.js 18+ (for SDK and frontend)
# Use nvm: https://github.com/nvm-sh/nvmcd circuits/commitment
nargo build # Compile commitment circuit
nargo test # Run circuit tests
cd ../withdraw
nargo build # Compile withdrawal circuit
nargo test
cd ../merkle
nargo build # Compile merkle librarycd contracts
cargo build --target wasm32-unknown-unknown --release
cargo test # Run unit and integration testsβ
Circuits: Commitment, withdrawal, and merkle circuits implemented
β
Contracts: Full privacy pool contract with deposit/withdraw/admin functions
π§ SDK: TypeScript client SDK (planned)
π§ Frontend: Next.js dApp (planned)
π§ Scripts: Deployment automation (planned)
We're tracking development through GitHub Issues. Key areas:
- Circuits: Optimization, additional proof types, circuit auditing
- Contracts: Gas optimization, additional admin features, testnet deployment
- SDK: TypeScript/JavaScript client library for note generation and proof creation
- Frontend: Web interface with Freighter wallet integration
- Documentation: Architecture docs, API references, tutorials
- Testing: Comprehensive test coverage, fuzzing, security audits
Check the Issues tab for specific tasks and bounties.
β οΈ AUDIT STATUS: Unaudited. Do not use in production.
This project uses zero-knowledge cryptography. While the mathematical primitives (BN254, Poseidon) are battle-tested, the circuit logic and contract integration require a formal security audit before mainnet deployment.
See docs/threat-model.md for known risks.
We welcome contributions! Here's how to get started:
- Check the Issues tab for open tasks
- Comment on an issue to claim it
- Fork the repo and create a feature branch
- Submit a PR referencing the issue number
See CONTRIBUTING.md for detailed guidelines.
This project is funded via Drips Wave β contributors earn USDC for completing issues.
MIT β see LICENSE