Architecture

StellarVeil is a privacy protocol built on three Noir ZK circuits, a Soroban smart contract, and the Stellar anchor SEP standards for compliant identity verification.

System Overview

๐Ÿ‘ค
User / CLI
Stellar keypair + secret
โ†™ โ†“ โ†˜
โš“
Stellar Anchor
SEP-10/12
โšก
Noir Prover
UltraPlonk
๐Ÿ›ก
ASP Server
Merkle tree
โ†˜ โ†“ โ†™
๐Ÿ“ฆ
Soroban Contract
Proof verify ยท Nullifier set ยท Commitment map

Protocol Layers

Noir Circuits
UltraPlonk ZK proofs
  • kyc.nr
  • withdrawal.nr
  • asp.nr
Soroban Contract
On-chain proof verification
  • deposit()
  • withdraw()
  • nullifier_set
  • commitment_map
Stellar Anchor
Identity & compliance layer
  • SEP-10 auth
  • SEP-12 KYC PUT
  • SEP-06/31/38 tx
CLI
TypeScript client tooling
  • deposit.ts
  • withdraw.ts
  • audit.ts

Noir Circuits

Circuit 1

KYC Proof

Proves that credential_commitment = Poseidon2(kyc_hash, secret) without revealing either input. Generated by the depositor.

circuits/kyc/src/main.nr
Inputs (private witnesses)
kyc_hashsecretcredential_commitmentnote_commitmentnullifieramount
Output
Valid commitment proof
Circuit 2

Withdrawal Proof

Proves knowledge of secret behind note_commitment and produces a unique nullifier. Prevents double-spending.

circuits/withdrawal/src/main.nr
Inputs (private witnesses)
note_commitmentsecretnullifierrecipientamount
Output
Valid spend proof
Circuit 3

ASP Sanctions Proof

Proves address is NOT in the OFAC sanctions Merkle tree. Required for all withdrawals to enforce compliance.

circuits/asp/src/main.nr
Inputs (private witnesses)
addressmerkle_rootmerkle_pathmerkle_indices
Output
Non-inclusion proof

Stellar Ecosystem Standards (SEPs)

SEP-10
Stellar Web Auth
Challenge-response auth with Stellar keypair. Used to gate all anchor interactions.
SEP-12
KYC API
Anchor receives credential_commitment field. Associates ZK commitment with verified account.
SEP-06
Simple Transfer
Deposit/withdrawal flow for basic cross-border transfers with shielded amounts.
SEP-31
Cross-Border
B2B payment rails wrapped with privacy layer. Sender/receiver identities off-chain.
SEP-38
Anchor RFQ
Quote and exchange flow โ€” rate negotiation happens before ZK proof generation.

Test Coverage

16
kyc.test.ts
16
withdrawal.test.ts
8
asp.test.ts
12
stellarveil.test.ts
8
deposit.test.ts
6
withdraw.test.ts
4
audit.test.ts
3
adversarial.test.ts
73tests passing ยท 0 failing
View Source on GitHub โ†—Try the Protocol โ†’