Not too long ago, Ada Pulse published a technical guide describing the steps undertaken by a team of four folks from Eryx to build a zero-knowledge proof API for the Cardano blockchain in Aiken. Zero-knowledge (ZK) proof means the use of cryptography in a system to verify a piece of information without revealing it. When you use zero knowledge in a digital system for authentication to ensure security, the system verifies your credentials and identity without disclosing private information.
There is a typical example native to this context where you can prove ownership of a computer password without exposing it. Read about the design and build of ZK in Aiken for a refresher. Although the contents of the technical guide are a complement to this writing, they aren’t exactly needed to comprehend this discussion, but we would be happy if you checked it out. Today, we examine how privacy and accountability intersect in the Cardano network. How so?
The adoption of cryptocurrencies has been on a steady rise, leading us to a point where blockchain users need to prove the legitimacy of their transactions while also concealing sensitive information. Regulators and businesses are pushing for compliance. Counterintuitively, privacy advocates squabble over overexposure. Never has Cardano been in a better position than this to pioneer an elegant solution to this problem. Enter the birth of “Zero-Knowledge Proof of Innocence“.
In this post, we introduce the Zero-Knowledge proof of innocence, a concept that leverages zk-SNARKs to help users prove they’re not involved in illicit activities without revealing their transaction history. We embark on a technical journey to explain how ZK proof of innocence works, its design and implementation, and why it matters in real-world applications. We then close out with the value this project brings to the Cardano system after introducing the stakeholders and budget allocation. Let’s dive in…
🧩 The Problem: Privacy Coin Baggage
The public blockchain, known for its many advantages over private and/or centralized databases and ledgers, cannot be self-sufficient without tools to support private transactions and a store of value. Instead, users of the public blockchain will seek such tools should they need them. Arguably, claims suggest that privacy-by-default, such as Monero and Zcash, should be the standard, but that is not entirely accurate. What they have done is offer anonymity at a cost — their reputations are often entangled with dark web marketplaces and financial obfuscation.
🛑 Regulatory and Reputational Challenges
From a compliance standpoint, privacy coins struggle to comply with anti-money laundering (AML) and know-your-customer (KYC) regulations. As AML/KYC frameworks prevent illicit actions through user identification and transaction monitoring, the anonymity of privacy coins hinders their efforts. At the exchange and service provider levels, compliance with regulations is even more challenging.
At the height of the privacy coin boom, regulators considered various measures to address the issue. One, some jurisdictions ban the listing of privacy coins on regulated exchanges, with Japan and South Korea leading by example. Two, countries enforce stricter regulatory requirements, as is the case in the United States, where they aren’t banned, yet we have seen actions against mixers like Tornado Cash. Lastly, a designation that would, in turn, subject privacy coins to additional monitoring and reporting, Anonymity Enhanced Cryptocurrencies (AECs), or any other name if you like, for example.
⚖️ The Tension Between Privacy and Illicit Use
Privacy-by-default coins initially appeared to be the better option, but they posed a significant challenge to regulators, and they became associated with darker use cases. While privacy coins offer significant benefits for privacy reasons, they are associated with facilitating illegal activities. Illegal activities include selling illegal drugs such as fentanyl, a potent synthetic opioid drug approved by the Food and Drug Administration for use as an analgesic (pain relief) and an anesthetic, in the United States on platforms like Abacus Market, among other products. Other activities where privacy coins are used include tax evasion, fraud, and money laundering.
Despite providing legitimate users with the privacy they seek, indulgence in illicit activities undermines the importance of accountable use of privacy coins, necessitating a more rigorous review to avoid misuse. The strict regulations originate from the need to address these challenges. It is also at this point that we have had a shutdown of illicit activities, Operation Spector serving as a good example, in which 288 individuals were arrested for drug trafficking.
Advocates contend that privacy is a fundamental right, with privacy coins as a way to protect user anonymity. In the ever-evolving regulatory landscape, privacy coins would need to adapt by implementing optional privacy features rather than taking a privacy-by-default approach. Only by cooperating with regulators can the crypto community develop a compliance framework that focuses on legitimate use cases, helping privacy coins maintain their relevance while adhering to regulatory compliance.
🔐 Toward Private Smart Contracts and Verifiable Privacy
In parallel with regulatory scrutiny, developers continue to explore how to integrate privacy with programmability in a responsible way. An important component of real-world applications is smart contracts. At the time of writing, we do not have smart contracts and privacy-by-default on any blockchain. Therefore, a reasonable approach is to build composable privacy protocols on a public smart contract blockchain, such as Cardano. There are at least three examples, namely Encoins, Tornado Cash, and Railgun, all of which are protocols that operate on a pool of private transactions.
While these privacy protocols enhance privacy on Cardano, they don’t address the dilemma of users’ innocence without compromising that privacy. Stigma discourages adoption by enterprises and compliant users. Even users of transparent chains (like Cardano) have no way to selectively prove they’re clean without exposing everything. That’s the real challenge — striking a balance between privacy and provability. That’s where the ZK Proof of Innocence proposal comes in — built on Cardano and designed to complement privacy protocols like Encoins, it enables users to prove their funds are clean without revealing their history, thereby aligning privacy with compliance and trust.
🧬 The Solution: Proving Innocence Without Telling the Whole Story
Anonymously, proof of innocence allows users to demonstrate that their transactions do not originate from a blacklisted set of transactions. Since users can construct statements using zero-knowledge cryptography about their private information, which a third party can verify, they can prove that their funds aren’t part of specified transactions, keeping the specific user’s transactions concealed.
An increasingly scrutinized and compliance-demanding landscape in finance would benefit from such a mechanism to facilitate safer participation for users who want to uphold their privacy rights. Users will be able to generate cryptographic proofs that their funds are not coming from blacklisted sources — all without revealing any transaction specifics.
In simple terms, you can say: “I’m not guilty,” and cryptography will prove it — no receipts needed.
🧭 The Blueprint: Building a Private & Compliant Future
Upon completion, this project will serve as a first iteration and proof of concept for a future product. With a focus on on-chain components and the circuits involved in creating Zero-Knowledge proofs, this project aims to develop key parts of the protocol. The project begins with research on adapting Proof of Innocence (PoI) for the Cardano blockchain.
Since existing POI implementations are not Cardano’s but rather stem from Ethereum, they require a review and redesign to function within the EUTxO context. An evaluation of different zk-Snark schemes and their technical trade-offs to Cardano is paramount to ensuring compatibility with the BLS12-381 curve supported by Cardano — a special math curve that helps Cardano do fast, secure group signatures and proofs without sharing private info. The extent to which PoI can be used as a protocol-agnostic solution and strategies for easily integrating it into existing privacy protocols come last.
In the consequent steps lies implementing smart contracts and circuits. Specifically, the goal is to complete the on-chain components and proof generation process. By “on-chain components,” we mean an arithmetic circuit for PoI that generates proof, a smart contract to validate the proof, and a smart contract that manages oracles — more about oracles shortly. The project concludes with testing the components and developing a working prototype that serves the basic PoI requirements, ready for further enhancements later.
🛠️ How It Works: Cardano, ZK Circuits & Oracles
Unlike Ethereum, Cardano’s Extended UTXO (EUTxO) model adds complexity to zero-knowledge protocol design. In this case, PoI is an extension that integrates with any protocol that operates over a pool of private transactions, such as Tornado Cash, Railgun, and Encoins. Users of such protocols know that in their interactions, they typically commit, or make commitments if you like, with deposits, where they can withdraw funds later.
In this context, malicious activity gets tracked at the time of deposit, or, put differently, at the time of commitment to the private pool of transactions. Zero-knowledge proofs create a validation that confirms a withdrawal transaction is not linked to commits identified as malicious, all while concealing the involved transactions. By then, projects will be able to distinguish between licit and illicit transactions while maintaining privacy.
One important thing to note is that proof of innocence depends on oracles to provide data about the nature of transactions. Users from diverse backgrounds assume Oracle roles to provide projects with a wide array of trusted data sources tailored to their specific criteria. Learn about Orcfax, a decentralized oracle as a service on Cardano.
🧪 Stage by Stage: From Theory to Testnet
To build a project like this, developers need a clear roadmap that they can follow and through which external watchers interested in the project can also follow. This project breaks into four clear milestones:
1. Design & Research
By starting with this step, we engage in studies of existing PoI implementations on Ethereum and conceptualize a Cardano-native equivalent. The process involves researching key challenges, such as the architecture and implementation of circuits that construct zkProofs, and developing guidelines that tailor the solution to match the technical requirements of the Cardano network.
The research report will explain how PoI works, review existing implementations, hold technical specifications for Cardano, and determine the adopted SNARK scheme to move forward. At inception, we would not know for certain what the findings would be, but the progress so far has been published and documented on GitHub, titled ‘Technical Survey of Proof of Innocence in Cardano’.
2. Circuit & Contract Development
Second in line is to implement the first iteration of the on-chain components and protocol circuits. The main goal is to develop arithmetic circuits and Plutus-based contracts that support zero-knowledge proof (zk proof) generation and verification. One thing we are sure of is that this milestone is complete with the advent of smart contracts validating proof of innocence and circuits compatible with Cardano’s elliptic curve. You can have a look at the source code on Eryx’s proof of innocence repo on GitHub.
3. Testing & Security
In third place, marked as ‘in progress’ on the Catalyst dashboard, this step involves testing the implementation of components from the preceding milestone. It is also the phase where we identify vulnerabilities and errors in the design, after which we revise the protocol upon completion. Thus, milestone outputs comprise a test suite of unit tests in Aiken to demonstrate that the smart contract verifies the PoI and validates the correct functioning of the circuit.
Simply put, validate proofs on testnet and run audits for robustness and edge case coverage. This milestone is labelled complete if the codebase passes all provided tests. Consequently, protocol corrections will have to be addressed in an update linked to the research document.
4. Documentation & Demo
Project close-out reports and demonstrations are among the things we naturally expect. One deliverable will be a comprehensive project report that summarizes all activities, technical findings, and key learnings. The other one will be a final video to showcase the Proof of Innocence and the protocol’s architecture. And the last is to produce clear technical documentation and a walkthrough for developers and privacy-minded users. All deliverables will be open-source and available on GitHub for community review and iteration.
👥 Meet the Team: Zero-Knowledge PoI Natives
Now that we have established the theory of proof of innocence, we can look at the team working to bring this project to life. The team brings experience in cryptography, blockchain, and privacy-focused protocol development, a testament to their expertise, as is required to deliver the project. The team has experience working on CircleSTARKS, Lambdaworks, and other advanced cryptographic systems. Their technical background in zk-STARKs and SNARKs, alongside Cardano-specific development, puts them in a strong position to deliver. The development teams are:
🧮 The Modulo-p Team
Modulo-p consists of a team of Cardano developers pioneering the advancement of zero-knowledge cryptography. To illustrate this, the team’s journey was showcased in the 2023 Emurgo Hackathon’s ZK challenge, where they secured second place. Ever since then, Modulo-p has been at the forefront of ZK developments in Cardano. In addition, they became the first to validate zero-knowledge proofs directly on the Cardano blockchain last year, a breakthrough that led to the creation of the Hydra-ZK-Mastermind game. The game demonstrates ZK cryptography within the Hydra ecosystem on Plutus V2.
At the moment of writing, Modulo-p is porting the Semaphore protocol to Cardano to enable voting on layer one using zero-knowledge cryptography. Thus, their experience with Cardano and Zero-Knowledge proves to be valuable support in delivering privacy-focused solutions.
🧠The Eryx Team
Eryx is a decentralized company with over ten years of experience solving mathematical and software problems. Its team consists of nerdy PhD holders with a specialty in blockchain and zero-knowledge-proof cryptography technology, backed by a background in mathematics and computer science. This group has been a core contributor to the Lambdaworks library, collaborating with Nethermind, and has implemented the CircleSTARKS protocol on the GPU. Additionally, they have developed an ACIR backend for Aztec’s Noir.
The Project Stakeholders
We have seen two teams working on the project, namely Modulo-p, and Eryx, but for detailed level accountability, we’ll list out key pillar folks in the team and their roles. These are the folks leading the project development:
- Agustín Salinas, ZK Cryptographer — A developer at Modulo-p who pioneered the first smart contracts on Cardano in the zkDapps, such as the zk-Mastermind and a port of the Semaphore protocol from Ethereum. In this project, Augustin will design, implement, and test the on-chain components of the protocol.
- Caro Lang, ZK Cryptographer — A computer scientist and ZK cryptographer at Eryx with experience in software development, and recently completed a Cardano course by IOHK. In tandem with Sergio, Caro will work on the research phase, prototype implementation, and the final Proof of Implementation (PoI) protocol.
- Sergio Chouhy, ZK Cryptographer — A math PhD holder and senior ZK cryptographer at Eryx with a rich experience with ZK implementation across different ecosystems. In this challenge, Sergio will guide the search for the best implementation approach for PoI in Cardano, paying close attention to the project’s constraints.
- Agustin Franchella, Project Manager — A member of the Encoins team, a Cardano ambassador, and a successfully funded folk in Project Catalyst’s fund 12. For this project, Agustin will lead the documentation and educational resources. He will also work on onboarding content materials for users and developers alike.
🪙 Funding the Future
The Cardano family and the broader Web3 community will come across this project at some point, seeking to know its timeline, delivery, and budget. Applying agile methodologies keeps the project on track and adaptable to changes in the development process. The budget, however, is a constant that needs careful allocation, amounting to ₳150,000 in total, served as follows:
- Development — This setup encompasses Smart Contract Development, Mathematical and cryptographic research, and circuit design and integration. Three developers are in this phase for four months each and are compensated a total of ₳40,000 each.
- Project Management — This group involves organizing the project execution, creating reports, writing the developer documentation, and maintaining open communication with the community and Catalyst reviewers. It is estimated to cost ₳25,000.
- Documentation and report — This domain prepares the documentation project updates and ensures constant communication and sync with the community. Writer’s pay is ₳5,000.
What, then, is the positive impact of this project on the Cardano network and the wider crypto community?
🚀 Privacy with Proof, Not Paranoia
One of the key transformations from the Proof of Innocence is that, in addition to compliance with regulatory standards, it also promotes a more privacy-preserving ecosystem by enabling legitimate users to demonstrate the innocence of their funds. It so happens that verifying a source of funds without exposing personal details is a practical alternative to traditional Know Your Customer (KYC) policies. It is also an interesting balance between accountability and user privacy.
A second benefit is that Proof of Innocence on Cardano introduces a new level of security. Leveraging zero-knowledge cryptography, users will construct verifiable statements about private information that third parties can verify. As a result, users on Cardano can prove their innocence regarding malicious transactions without compromising their anonymity. For existing privacy protocols like Encoins, POI promotes trust and advocates for gaining wider trust, as it can interact with such protocols while still demonstrating non-involvement in malicious activities.
The third and perhaps interesting point is that a means for users to prove their non-involvement in harmful or illegal activity strengthens the overall trust in the ecosystem. This, in effect, encourages the adoption of blockchain services and cryptocurrencies by users and entities that require high security and privacy standards. In fact, PoI opens up avenues for more innovative privacy and compliance use cases, driving greater real-world utility in finance, healthcare, and, of course, the supply chain, where privacy and trust are crucial.
📊 Measuring the Value of Privacy and Trust
Impact, as a measured factor, denotes the value of a project. To measure this one, the Cardano community will use repository contributions to gauge the level of interest and engagement as an open-source project. On addressing the privacy concerns inherent in transparent blockchain systems, this project crowns Cardano as a leader in balancing privacy with compliance. Besides promoting greater user adoption, this project is a baseline for developers to leverage when building their solutions. Proof of Innocence contributes to a more secure, user-friendly, and innovative Cardano community.
With regulatory scrutiny on the rise and users demanding control over their data, the time is ripe for a middle path. This project could give Cardano an edge in privacy innovation — not by hiding everything, but by proving just enough. In a world where privacy is increasingly under siege, Cardano’s Proof of Innocence is more than a protocol — it’s a promise that integrity and anonymity can coexist.
Further Reading
- Original Project Proposal in Catalyst
- Designing an API for ZK-Snark proof verification in Aiken – Eryx
- zkFold and zk-Rollups on Cardano Explained in Plain English
- The Convergence of Zero-Knowledge Proofs and Decentralized Systems
