Circom ZK circuits for Shielded Protocol.
Part of Shielded Protocol — private, compliant DeFi on Stellar.
| Circuit | Inputs (private) | Inputs (public) | Purpose |
|---|---|---|---|
withdraw.circom |
secret, amount, tokenId, pathElements, pathIndices | root, nullifierHash, recipient, relayer, fee | Main withdrawal proof |
deposit.circom |
secret, amount, tokenId | — | Commitment generation |
merkle_proof.circom |
leaf, pathElements, pathIndices | root | Merkle inclusion proof |
nullifier_hash.circom |
secret | — | Nullifier derivation |
Proving system: Groth16 · Curve: BN254 · Hash: Poseidon · Depth: 20
Private: secret, amount, tokenId, Merkle path
│
▼
commitment = Poseidon(secret, amount, tokenId)
│
▼
Merkle proof: commitment ∈ tree with known root ──► Public: root
│
nullifier = Poseidon(secret, 1) ──────────────► Public: nullifierHash
│
recipient bound into proof ────────────────────────► Public: recipient
The proof reveals nothing about the secret, amount, or which commitment is spent.
Quickstart
npm install -g circom snarkjs npm install
npm run compile
npm test
| Circuit | Constraints | Notes |
|---|---|---|
withdraw (depth 20) |
~26,000 | Dominated by Merkle path hashing |
deposit |
~200 | Simple Poseidon hash |
merkle_proof (depth 20) |
~24,000 | 20 × Poseidon2 |
nullifier_hash |
~100 | Single Poseidon2 |
See issue #constraint-reduction for optimization work.
See CONTRIBUTING.md.
Browse Wave-ready issues.
MIT