Skip to main content
The design has three pillars (paper §3):
  1. Privacy pool state contract
  2. Proof verification path
  3. Client-side proving + compliance data model

Pool and verifier

The privacy pool contract handles state transitions (note creation, nullifier publishing, deposits, withdrawals). Proof verification happens at the sequencer level, not in a separate smart contract—the Starknet sequencer verifies the ZK proof before executing the transaction. The mainnet pool contract is deployed at 0x0403…812a and its source is readable on Voyager.

Client-side proving

A transaction requires a ZK proof. The proof shows that it was generated in a virtual Starknet execution environment (SNOS) anchored to a recent block. In the current phase, designated operators generate proofs on behalf of users. Proofs can also be created client-side using Stwo locally; they typically take ±30 seconds on a strong laptop.

Compliance model

Each user registers a public viewing key and an auditor-encrypted private viewing key, enabling selective traceability under lawful requests. Next: Notes and nullifiers.