Two apps, one engine
Remittance
examples/remittance/ — a corridor policy (e.g. NG → UK) with an amount cap. A user proves corridor eligibility privately; the contract executes the exact transfer, once.RWA access
examples/rwa-access/ — an access-grant policy for a tokenized real-world asset. A user proves they’re on the approved list; the contract grants access, once.| Remittance | RWA access | |
|---|---|---|
| Policy id | 777 | 888 |
action_type | transfer | access_grant |
app_domain | 44240 | 48879 |
| What’s proven | corridor eligibility | approved-list membership |
| What executes | asset transfer | access grant |
| Nullifier | 0x09e0…436ba08c | 0x0532…357f2911 |
app_domain — and therefore different, unlinkable nullifiers.
Walkthrough — the remittance app
A user builds a request + proof
The user holds a
credential_secret whose commitment is in the corridor’s approved root. buildRequest derives the canonical public inputs; Noir + Barretenberg generate the proof.action_type: "access_grant" and a different approved root — proving membership in an asset’s allowlist instead of a corridor.
Run the unlinkability proof
The load-bearing example. One credential, two apps, two unlinkable nullifiers:artifacts/demo-results.json):
The same
credentialCommitment produces two different nullifiers. There is no shared value an observer could use to link the remittance user to the RWA-access user — at the proof/nullifier layer. See Unlinkability for the scope of that claim.The evidence artifacts
The repo carries a full, reproducible evidence package:| Artifact | What it holds |
|---|---|
README.md · EVIDENCE.md | The reviewer-grade walkthrough and the real-vs-mocked line |
SECURITY.md · BENCHMARKS.md | Threat model and measured numbers |
examples/remittance/ · examples/rwa-access/ | The two apps above |
examples/unlinkability.mjs | The cross-app unlinkability proof |
artifacts/testnet-transactions.json | Every live testnet transaction |
artifacts/demo-results.json · submission-evidence.json | Demo results and the submission manifest |
See the live evidence
Every claim as a real testnet transaction.
The SDK
The one-line
verifyAndExecute these apps call.