v0.2.0 on Sepolia testnet

clearproof

ZK infrastructure for compliant value transfer. Prove sanctions clearance, credential validity, and jurisdiction-correct tier encoding — without revealing private data.

GitHubnpmEtherscan

$ npm install @clearproof/circuits @clearproof/proof snarkjs

+ @clearproof/circuits@0.2.0

+ @clearproof/proof@0.1.0

How it works

The originating VASP generates a ZK proof locally. The proof attests that compliance was performed correctly. Encrypted PII travels alongside. The beneficiary verifies the proof on-chain or off-chain in under 50ms.

01

Prove

Generate a Groth16 proof in 562ms. Sanctions non-membership, credential validity, amount tier — all verified in a single proof with 15,819 constraints.

02

Transmit

Send the hybrid payload via TRISA, TRP, or TAIP-10. ZK proof + encrypted PII satisfies the regulatory “transmit” requirement with minimal data exposure.

03

Verify

Verify on-chain (290k gas) or off-chain (<50ms). Domain binding prevents cross-chain replay. Nullifiers prevent proof reuse. Proof expiration enforced on-chain.

16 public signals

Everything the verifier needs. Nothing the verifier shouldn't see. Private data stays with the prover.

IdxSignalPurpose
0is_compliantAll checks pass
1sar_review_flagTier >= 3 (advisory)
2sanctions_tree_rootOFAC/UN/EU root
3issuer_tree_rootTrusted issuer root
4amount_tier1-4 (not exact amount)
5transfer_timestampUnix epoch
6jurisdiction_codeISO 3166
7credential_commitmentPoseidon hash
8-10tier thresholdsJurisdiction boundaries
11domain_chain_idChain binding
12domain_contract_hashContract binding
13transfer_id_hashTransfer binding
14credential_nullifierOne-time use
15proof_expires_atTTL enforcement

Contracts

Sepolia

All contracts are verified on Etherscan. Source code is readable on-chain.

Groth16Verifier

ZK proof verification

0xb8BaAc48639227Ae76fC79508a0cecC69C0dBcb9

VASPRegistry

VASP identity + issuer root

0xdCaCF0d749A79376F08C36a050de96f54C6b77Ce

SanctionsOracle

Sanctions Merkle root

0xb394B066e784eCF152D662c0Fa6fCBd770dFaC4B

ComplianceRegistry

Domain-bound proof recording

0x763648FC1b5BB9a05C76E369D91546cF584cD1A0

Packages

Install from npm. Use the circuits in your own project, or generate proofs with the TypeScript SDK.

@clearproof/circuits0.2.0

Circom circuits + pre-compiled artifacts

@clearproof/proof0.1.0

TypeScript SDK for proof generation

@clearproof/cli0.1.0

CLI with 60-second demo

@clearproof/contracts0.1.0

Solidity contracts + ABIs

Security properties

Domain binding

Proofs are bound to a specific chain ID and contract address. Cross-chain replay is impossible.

Nullifiers

Each credential + transfer pair produces a unique nullifier. Proof reuse is prevented on-chain.

State binding

Proof must match the current sanctions root and issuer root at verification time.

Proof expiration

proof_expires_at is enforced on-chain via block.timestamp. Stale proofs are rejected.

VASP binding

Only the registered VASP wallet (msg.sender) can submit proofs for its DID.

Credential revocation

Revoked credential commitments are checked on-chain before proof acceptance.

Quick start

# Install

npm install @clearproof/circuits @clearproof/proof snarkjs


# Generate a proof (TypeScript)

import { generateProof } from '@clearproof/proof';

import { artifacts } from '@clearproof/circuits';


const { proof, publicSignals } = await generateProof(

input, artifacts.wasmPath, artifacts.zkeyPath

);


# Or run the 60-second demo

npx @clearproof/cli demo