Crisis Aid Mission Demo
A judge-ready story for ZK AidShield: a flood-relief NGO issues an encrypted credential, an approved household claims privately, an approved medical vendor can receive voucher payment, replay fails, and donors audit aggregate settlement without seeing beneficiary identity.
This mission uses synthetic beneficiaries, a simulated field officer, and a representative approved vendor. The proof system, Stellar testnet contracts, escrow accounting, QR credential flow, vendor controls, and replay rejection are real demo mechanics. The scenario is not a claim of a live NGO deployment.
Crisis Mission Impact Dashboard
Demo-facing impact numbers that keep the story concrete without claiming a real deployment.
Relief coordinator
Issues encrypted QR credentials and manages issuer, vendor, pause, and escrow controls.
Approved household wallet
Decrypts credential locally, generates a Groth16 proof, signs with Freighter, and claims once.
Medical supply point
Receives voucher payout only if the beneficiary authorizes a valid private eligibility proof.
Mission Flow
The full demo path from field issuance to donor accountability.
Operator commits the synthetic flood-relief eligibility set as a Merkle root on Soroban.
Field officer gives the beneficiary an encrypted QR credential bound to that wallet, expiry, issuer, and campaign.
Beneficiary decrypts locally, generates a 384-byte Groth16 proof, and submits it with a Freighter signature.
The same proof can release direct cash or pay an approved medical vendor; the nullifier prevents using both.
A second attempt with the same credential is blocked because the nullifier is already stored on-chain.
Auditors inspect escrow, claim count, vendor status, contract IDs, and nullifiers without seeing PII.
Real vs Synthetic
Stellar testnet escrow, deployed Soroban contracts, Groth16 verifier, wallet-bound proof, nullifier replay block.
Admin-protected credential issuance, encrypted QR payloads, approved vendor registry, non-PII issuance ledger.
Flood-relief campaign name, field officer, household, and vendor labels are demo personas for judging clarity.
No real NGO partnership, real beneficiary identity, or real-world aid distribution is represented by this demo.
Evidence Judges Can Verify
No beneficiary name, ID, raw credential secret, or Merkle path is published on-chain.
Campaign root, verifier, disbursement contract, escrow, claim count, and settlement hashes are public.
Wrong wallet, replay, revoked issuer, unauthorized vendor, and emergency pause are demonstrable failure paths.
Encrypted QR delivery supports phone-first or paper handoff without changing the proof statement.
Contract Anchors
The mission story points at the same deployed testnet stack used by the rest of AidShield.
Recording Beats
Open this Mission page and state that it is a synthetic testnet flood-relief scenario.
Open Admin and issue an encrypted QR credential to the beneficiary test wallet.
Open Claim, decrypt/load the credential, generate the proof, and choose cash or vendor voucher.
Approve Freighter and show the Stellar Explorer transaction.
Retry the same credential and show the replay rejection.
Open Auditor, Threats, and Edge to show aggregate accountability without beneficiary exposure.