ZK-XGen-AI — Privacy Infrastructure Platform

🖥️

Best Viewed on Desktop

The technical documentation and app previews are optimized for desktop viewing.

✅

Compliance Tools

Privacy without compliance is a dead end. ZK-Sentinel resolves the tension between financial privacy and regulatory oversight (Buterin et al. 2023).

🏛️

Proof of Innocence (V10)

Users prove their deposit belongs to an Association Set of vetted, non-illicit transactions — without revealing which specific deposit is theirs. Based on Buterin et al. [10] Privacy Pools model.

~5,000 constraints · ~650 ms · 2 public signals

Live — E2E Validated

🔬

Selective Disclosure (V11)

Prove deposit properties to auditors without revealing the specific deposit: pool membership, ASP clean set, amount range (128-bit), time range (64-bit), audit nonce binding.

22,457 constraints · ~700 ms · 7 public signals

Live — E2E Validated

💸

Partial Withdrawals (V11)

Withdraw a portion of the deposit. Change commitment is inserted as a new Merkle leaf, cryptographically indistinguishable from a fresh deposit. V11 leaf = Poseidon₂(C, amount).

13,624 constraints · ~490 ms · 8 public signals

Live — E2E Validated

Formal Definitions (from Paper §8)

Compliance equationsMath

── Proof of Innocence (V10) ──────────────────────────────
PoI: ∃ i : assocTree[pathElements, pathIndices] → associationSetRoot
  Proves: commitment ∈ ASP clean set (Merkle proof)
  Reveals: nothing about which deposit

── Partial Withdrawal Conservation (V11) ───────────────
Legacy leaf:  leaf = Poseidon₄(s, N_real, N_decoy, H_frase)
V11 leaf:     leaf = Poseidon₂(commitment, DENOMINATION)

Conservation: withdrawAmount + fee + changeAmount = DENOMINATION
  Change commitment inserted as new leaf (indistinguishable from deposit)
  Anti-coercion preserved: dual nullifier operates identically

── Selective Disclosure (V11) ───────────────────────────
Public signals (7): poolRoot, ASP_root, auditNonce, minAmount, maxAmount, minTimestamp, maxTimestamp

Circuit verifications:
  1. Commitment validity:  c = Poseidon₄(s, N_r, N_d, H_f)
  2. Pool membership:      Merkle proof → poolRoot
  3. ASP membership:       Merkle proof → associationSetRoot
  4. Amount range:         minAmount ≤ amount ≤ maxAmount    (128-bit range proof)
  5. Time range:           minTimestamp ≤ ts ≤ maxTimestamp   (64-bit range proof)
  6. Auditor binding:      auditDigest = Poseidon₂(commitment, auditNonce)

Auditor learns: "some deposit in the pool satisfies all criteria"
Auditor CANNOT learn: which deposit, exact amount, exact timestamp

Proof of Innocence Flow

PoI verification flowprotocol

User                        ASP (Chainalysis/TRM)        Contract
 │                               │                          │
 │  1. Request inclusion set ──► │                          │
 │                               ├── Risk score deposits    │
 │  ◄── Association Set (AS) ──  │   (exclude OFAC/illicit) │
 │                               │                          │
 │  2. Generate PoI proof        │                          │
 │     Input: my_deposit ∈ AS    │                          │
 │     Output: π (ZK proof)      │                          │
 │                                                          │
 │  3. Submit proof ──────────────────────────────────────► │
 │                                                          ├── verifyPoI(π)
 │                                                          ├── ✓ Deposit is in clean set
 │                                                          │   (but which one? Unknown)
 │  ◄── Withdrawal approved ────────────────────────────── │

ZKML Coercion Detection

LSTM Model

Full Devices

Architecture: 2-layer LSTM, hidden 32
Parameters: 4,897
Accuracy: 100%*
Halo2 constraints: ~58,000 total
Proof gen: ~4.5s

MLP Model

Constrained Devices

Architecture: 10→32→16→1 (ReLU/Sigmoid)
Parameters: 1,281
Accuracy: 98.6%
Halo2 constraints: ~21,000 total
Proof gen: ~2.1s

* 100% on synthetic dataset with perfectly separable distributions (10,000 samples). Real-world deployment with noisy biometric data would yield lower accuracy. Protocol's indistinguishability is independent of model accuracy — arithmetic selector and constant-size Groth16 proofs ensure identical observable outputs regardless of classifier quality.

EZKL compilation pipeline (Paper §6.4)Pipeline

PyTorch ──ONNX──► Calibration ──► Quantization ──► Halo2 Circuit ──► Verifier.sol
                     │                 │                  │                │
              Sample data        FP → Fixed-point    ~21K-58K        On-chain
              for ranges         for ZK circuit      constraints     KZG pairing

10 biometric features: heart_rate, HRV, skin_conductance, typing_speed,
  typing_errors, pause_duration, touch_pressure, gesture_smoothness,
  time_of_day, location_familiar

ia_inference = 1 if MLP(features) > 0.5 (normal)
ia_inference = 0 if MLP(features) ≤ 0.5 (coercion detected)
→ feeds directly into arithmetic selector: a = ia_inference × frase_correcta

ℹ️ ASP Compatibility

ZK-Sentinel's PoI system follows the Privacy Pools framework (Buterin, Illum, Nadler, Schär, Soleimani, 2023). The ASP operator maintains a Merkle tree of clean commitments. Multiple competing ASPs can operate simultaneously — reducing the centralized trust assumption. Historical roots are preserved in aspRootHistory mapping.