Skip to main content
Nullis ships reproducible evidence, not claims. Everything below is either a live Stellar testnet transaction or a one-command test run. The load-bearing fact: a real Noir/UltraHonk proof is verified on-chain inside verify_and_execute, gating an actual USDC payment.

The deployment

WhatValue
Nullis contract (real verifier)CBVZ3XJQ…F5Y7
Test-USDC asset (SAC)CDRR42LT…P4RV
NetworkStellar testnet · Protocol 27
The verification key is set at deploy time; verify_and_execute runs the real UltraHonk verifier.

The transactions

A real ZK proof gates a payment

100 USDC movedProofVerified → transfer → ActionExecuted → ReceiptEmitted (VERIFIED). 214d788b…

Contract deployed with a validated VK

e16278f0…

Policy published on-chain

Emits PolicyPublished. 2a3ba6e6…

Replay blocked

ActionRejected(REPLAY), executed: false — recipient balance unchanged. No double-spend.
The first link is the one to click. It’s a real testnet transaction where a zero-knowledge proof was verified on-chain and 100 USDC actually moved — with no identity revealed.

Tests

The whole system is covered by deterministic tests that run without a network.
A real UltraHonk proof of the full Nullis circuit verifies on-chain; a tampered proof and a tampered public input are both rejected (soundness). Plus the canonical-hash unit tests.
The full negative suite: valid succeeds · invalid proof blocked · replay blocked · changed recipient / amount / asset blocked · amount-over-max blocked · stale-root (revoked) blocked · expired blocked · disabled blocked · cross-network/contract blocked · two apps → different nullifiers.
The cross-impl hash gate (test-vectors.json asserted by both Rust and TS), issuer Merkle build/witness/revocation, and SDK request building.
Soundness: a valid member is accepted; a non-member secret, a tampered path, and a wrong nullifier are each rejected. Plus nargo execute cross-validates Noir’s Poseidon2 against Rust and TS.

The negative suite is the point

A privacy system is only trustworthy if its rejections are provable. Nullis’s mandatory negative-test suite proves every failure path on-chain:

Invalid proof → blocked

Replayed nullifier → blocked

Revoked / stale root → blocked

Expired policy → blocked

Changed recipient / amount / asset → blocked

Cross-network context → blocked

Reproduce it

npm run demo:e2e     # full suite (Rust + TS) + prints the live evidence

Run it yourself

The Quickstart walks through one-command evaluation and reproducing a live payment.