Defines a shielded pool contract for EVM chains that enables private deposits and withdrawals. Users deposit LUX or ERC-20 tokens into the pool, receiving a commitment note. Withdrawal requires a zero-knowledge proof that the user knows the note preimage and a valid nullifier. The pool maintains a Poseidon2 Merkle tree of commitments and a nullifier set for double-spend prevention.
function deposit(bytes32 commitment) external payable;
The user computes commitment = Poseidon2(value || nullifier_secret || blinding) off-chain and submits it. The contract inserts the commitment into the Merkle tree and accepts the deposit.
function withdraw(
bytes calldata proof,
bytes32 root,
bytes32 nullifierHash,
address recipient,
uint256 amount,
bytes32 relayerFee
) external;
The proof demonstrates: (1) the user knows a commitment in the tree at root, (2) the nullifier hash matches, (3) the amount matches the committed value. The contract verifies the proof, checks the nullifier has not been used, marks it as spent, and transfers funds.
The pool operates with fixed denomination sets to prevent amount-based correlation:
Unlike fully anonymous systems, the pool supports optional compliance association sets. A depositor may include a compliance proof binding their deposit to a DID (LP-060) without revealing which specific deposit is theirs to external observers.
1. Nullifier hash is derived from a secret known only to the depositor. Brute-forcing is infeasible.
2. Fixed denominations prevent amount-based deanonymization.
3. The Merkle root must be a recent valid root (checked against stored history of 100 roots).
4. Relayer fees are deducted from the withdrawal amount to enable gas-less private withdrawals.
github.com/luxfi/standard/contracts/privacy/ShieldedPool.sol |github.com/luxfi/standard/contracts/privacy/Verifier.sol |github.com/luxfi/cli/cmd/privacy/ |Copyright (C) 2024-2026, Lux Partners Limited. All rights reserved.
Licensed under the MIT License.