Skip to main content
Apps publish a financial policy. Users prove they satisfy it privately. Soroban executes the exact permitted action — without identifying or tracking the user. Nullis is a policy-as-code execution layer for Stellar. An app publishes what it requires — a corridor, a limit, an asset, an expiry. A user proves, in zero knowledge and on-chain, that they satisfy it. Soroban then executes the exact permitted action atomically, and every decision — success and rejection — emits an inspectable Privacy Receipt. The app learns the answer, never the person.
Private if allowed. Blocked if not. Verified on-chain. Nullis is live on Stellar testnet: a real Noir/UltraHonk zero-knowledge proof is verified inside a Soroban contract, gating an actual 100 USDC payment.

The one thing most privacy projects miss

Most privacy-finance projects prove one statement — a solvency proof, a single compliance check, an age credential. Nullis answers the harder question:
Can any supported private policy safely authorize an exact on-chain action?
Not “proof-only.” Proof-to-action, atomically. Verification and execution are one step — never split.

The problem

Why on-chain finance forces a false choice between compliance and privacy.

How it works

One engine, five layers, one atomic call. The full architecture.

verify_and_execute

The core primitive, step by step — proof to payment in one transaction.

Claim-safety

Exactly what the circuit proves vs. what the contract enforces.

See it for yourself

Watch the 3-min demo

Live app

The real-ZK payment tx

What runs today

Real on-chain ZK

A Noir/UltraHonk proof is verified on Stellar testnet inside verify_and_execute, gating a real USDC payment. The credential secret never leaves the prover.

One atomic primitive

Load policy → check root & revocation → verify proof → check expiry & action → check nullifier → execute → emit receipt. One call.

Replay-proof

A domain-separated nullifier is consumed on-chain. The same proof cannot be spent twice.

Unlinkable across apps

The same credential produces a different nullifier in every app — a reusable credential without a reusable tracking identifier.
New here? Read The problem for the “why”, then How it works for the “how”. Want to run it? Jump to the Quickstart.