Private Aid Claims. Public Settlement Accountability.
ZK AidShield lets a beneficiary prove eligibility and claim once while Stellar releases aid from escrow without publishing their identity, private credential, or aid-list membership.
Architecture Flow
One path from private enrollment to public settlement.
Generates private campaign and keeps beneficiary list off-chain.
Commits eligibility set to Soroban without exposing identities.
Wallet-bound secret, path, expiry, issuer key, and signature.
Beneficiary generates Groth16 proof locally.
Verifier, nullifier, expiry, issuer, and vendor checks run on-chain.
Escrow pays beneficiary wallet or approved vendor.
Submission Demo Path
Follow this path to verify the product end to end in under three minutes.
Open Admin, issue a wallet-bound credential, set QR passphrase, and show encrypted QR.
Open the non-PII ledger: slot, wallet hash, credential hash, issuer key, delivery mode.
Open Claim, enter passphrase, import QR/payload, generate the browser Groth16 proof.
Approve Freighter, show Stellar transaction, claim receipt, then replay rejection.
What Is Real
Beneficiary proves membership in an approved Merkle set without revealing name, ID, or list position.
The leaf is Poseidon(secret, disbursement_id, claimant_address, expires_at, issuer_key_id), so stolen credentials cannot be reused from another wallet or extended past policy.
Nullifier is Poseidon(secret, disbursement_id, claimant_address, 1) and is persisted on-chain after the first claim.
The contract transfers XLM from escrow through the Stellar Asset Contract after proof verification.
The same private proof can pay an approved vendor instead of the claimant wallet; the nullifier prevents spending both ways.
Why It Can Lead
- ✓End-to-end flow: operator issuance, local proof, wallet signature, Soroban verification, XLM payout.
- ✓Mobile QR credential delivery: field officers can issue an encrypted credential QR; beneficiaries decrypt it locally before the same signature and wallet checks run.
- ✓Restricted aid budgets: admins approve vendors on-chain, and beneficiaries can redeem privately authorized vouchers to those vendors.
- ✓Operational accountability: admin can export a non-PII issuance ledger with keyed wallet identifiers, credential hashes, issuer key, expiry, and delivery mode.
- ✓Beneficiary receipt: successful payout creates a local receipt with transaction hash, nullifier, amount, and campaign metadata.
- ✓Honest privacy boundary: eligibility data stays private, while payout wallet, timing, amount, and nullifier remain public settlement data.
- ✓Not only a demo circuit: deployed contracts, test coverage, audit page, stats page, and replay/wrong-wallet demos.
- ✓Stellar-native: uses Soroban and BLS12-381 pairing host functions instead of off-chain verification.
Privacy Boundary
The product is honest about what stays private and what remains public settlement data.
Proof pays the connected beneficiary wallet after Freighter signature.
The same proof can pay an approved vendor; the nullifier blocks using both routes.
Trust Boundary
The implementation separates credential delivery, local proof generation, and public settlement.
The issuer API reads the selected secret and Merkle witness server-side, then delivers them inside a signed credential to the beneficiary browser.
During claim, the browser uses the credential to generate the proof; the secret and Merkle witness are not sent on-chain or to the verifier.
Stellar settlement remains visible: claimant wallet or approved vendor wallet, route, amount, timing, contract IDs, root, verifier key hash, and nullifier.
Verification Anchors
Security Posture
Names, IDs, beneficiary-list membership, credential secrets, Merkle witnesses, and local issuance records.
Payout wallet, timing, amount, contract IDs, Merkle root, verifier key hash, and nullifier.
Operator APIs require an admin secret, issuer and vendor controls are enforced on-chain, ledger wallet identifiers use keyed HMACs, and replay is blocked on-chain.
Built vs Next
Cap issuance volume per field officer and alert on unusual credential activity.
Add a guided multi-party Soroban signing flow for threshold-2 operations in the browser.
Use Human Passport or Self/OpenPassport during enrollment while keeping eligibility proofs private.