Live on Stellar TestnetStellar Hacks: Real-World ZKGroth16 BLS12-381

Private aid eligibility.
Public settlement accountability.

ZK AidShield lets crisis-aid beneficiaries prove they are approved, claim once, and receive Stellar testnet aid without exposing their aid-list membership. Donors still get public escrow, settlement, nullifier, and aggregate audit evidence.

How the proof flows
🔑
Beneficiary
Private secret
Merkle witness
ZK Circuit
Groth16 BLS12-381
384-byte proof
⛓️
Soroban
Pairing check
XLM released
💸
Beneficiary
Receives payment
Witness stays local during claim. The ZK proof leaves. The contract verifies a BLS12-381 pairing equation and never receives the secret or Merkle path. Nullifier is written on-chain to prevent replay.

Judge Demo Console

The main review path is now one clean lifecycle: fund escrow, issue a wallet-bound credential, claim privately with a Groth16 proof, show the receipt, then prove credential reuse fails.

Open Console
Fund escrow

Show real Stellar testnet XLM available before the beneficiary claim.

Issue credential

Bind a private eligibility witness to the beneficiary wallet.

Claim privately

Generate the ZK proof locally and release XLM from escrow.

Block reuse

Retry the credential and show nullifier replay protection.

Why this is stronger than a normal ZK demo

The submission is packaged as a crisis-aid mission, but the winning claim is technical: private eligibility proof is directly connected to Stellar settlement and public donor accountability.

Verify Evidence
ZK does real work

The proof gates settlement. Without a valid Groth16 proof, the disbursement contract cannot release funds.

Stellar is the settlement layer

Soroban verifies the proof path and releases XLM from escrow through the Stellar Asset Contract.

Privacy is bounded honestly

Aid-list membership, credential secrets, and witnesses stay private; payout wallet, timing, amount, and nullifier stay public for accountability.

Threat paths are demoable

Replay, wrong wallet, revoked issuer, unauthorized vendor, underfunded escrow, and emergency pause are visible failure paths.

Why traditional aid systems fail

Privacy breaches in humanitarian databases endanger the very people they serve.

Traditional aid distribution
  • Beneficiary names and IDs stored in databases that get leaked or seized
  • Aid workers can see who received what — enabling targeting in conflict zones
  • Duplicate claims go undetected across siloed systems
  • Proof of receipt requires revealing identity to a third party
ZK AidShield
  • Zero PII on-chain — no names, IDs, or biometrics ever stored
  • Cryptographic proof of eligibility without disclosing aid-list membership
  • One-time nullifier prevents any duplicate claim, on-chain forever
  • Wallet-bound proof: only the intended recipient can claim

How it works

Three steps. No identity revealed at any stage.

📋01

Coordinator commits

Aid coordinator generates unique secrets for each approved beneficiary and commits a Poseidon Merkle root to the Soroban contract. No names, IDs, or personal data ever touch the chain.

02

Beneficiary proves

Beneficiary loads their private claim file. A Groth16 BLS12-381 circuit runs in their browser via WASM — proving Merkle membership and computing a wallet-bound nullifier without sending the witness on-chain.

🌐03

Stellar settles

The 384-byte Groth16 proof is verified on-chain with a native BLS12-381 pairing check. Nullifier is recorded permanently. XLM releases from escrow in the same transaction.

Privacy guarantees

Each guarantee is enforced cryptographically — not by policy or trust.

🔒
Zero PII on-chain
No names, IDs, or biometrics ever reach Stellar
♻️
Replay-proof
Nullifier written on-chain; double-claim is cryptographically impossible
🔗
Address-bound
Proof encodes your wallet — stolen proofs are useless to others
🌐
Client-side WASM
Proof generation runs locally; no server ever sees your secret

Technical architecture

End-to-end Groth16 BLS12-381 — the same elliptic curve used by Ethereum 2.0.

ZK Layer
circom + snarkjs · BLS12-381
  • Poseidon Merkle membership proof — depth 8, 256 slots
  • Nullifier: Poseidon(secret, disburse_id, wallet, 1)
  • Groth16 proof — 384 bytes, generated in browser via WASM
  • Proving key: Groth16 VK initialized on Soroban
Settlement Layer
Stellar Soroban · Protocol 26
  • Native BLS12-381 pairing_check — no off-chain verifier
  • Persistent nullifier registry — replay attacks impossible
  • Admin-controlled Merkle root — add beneficiaries without redeploy
  • XLM SAC escrow — atomic proof + payout in one transaction
Ready to demo — Freighter required

See a Groth16 proof land on Stellar

Run the judge console from escrow funding to credential issuance, private proof claim, public receipt, and replay rejection. The advanced pages stay available as evidence, but the live review path is intentionally focused.

Open Judge Console →