Privacy-preserving compliance, enforced on-chain.
records breached in 2024 from centralized identity databases
average cost of a single data breach (IBM 2024)
of current compliance tools require full PII disclosure
revocation is slow โ non-compliant users stay active for days
Groth16-shaped proofs prove set-membership. Your PII is hashed into a commitment โ only the hash touches the chain.
Commitments form a Merkle tree. The root is stored on-chain. Proof = "I'm in the tree" without revealing which leaf.
CSPR.cloud streaming monitor triggers revoke on the Odra contract the instant a risk event fires.
Inject a sanctions hit and watch one holder's proof flip โโโ while everyone else keeps verifying.
Issuer hashes PII into commitment off-chain
Commitment inserted into on-chain Merkle tree via Odra contract
Holder generates Groth16-shaped proof of set-membership
Verifier checks proof + nullifier โ no PII revealed
CSPR.cloud streaming watches for risk events 24/7
Risk detected โ nullifier registered โ proof instantly invalidated
| Layer | Technology |
|---|---|
| Frontend | Next.js 16 (App Router), React 19, Tailwind v4 |
| Contract | Odra (Rust) โ Merkle root + nullifier set |
| ZK Engine | Groth16-shaped (SHA-256, snarkjs-API compatible) |
| Signing | casper-js-sdk (PEM key, autonomous revocation) |
| Micropayments | x402 (CSPR.cloud facilitator) โ pay-to-check |
| Monitoring | CSPR.cloud streaming โ autonomous risk detection |
| Testing | Vitest (95 tests) + Playwright (E2E) + CodeQL |
The ZK proof is Groth16-shaped over SHA-256 โ structured as a drop-in for field-native Poseidon + real snarkjs Groth16 (roadmap). No overclaiming.
Inject a sanctions hit โ watch holder proof flip โโโ โ Merkle root recompute โ pool ejects them.
Valid holders keep verifying while the revoked holder's proof is instantly invalidated.
Visual proof that zero PII exists anywhere in the on-chain data โ only hashes and nullifiers.
CEP-18 micropayment for each compliance check โ data as a service.
| Casper Tool | Integration |
|---|---|
| Odra Framework | Merkle root + nullifier set contract (insert_commitment, revoke) |
| casper-js-sdk | Autonomous signing for revocation + commitment insertion |
| x402 Facilitator | CEP-18 micropayments for pay-to-check compliance queries |
| CSPR.cloud Streaming | Real-time risk event monitoring โ autonomous revocation |
| CSPR.cloud REST | Contract state queries and account lookups |
| Item | Value |
|---|---|
| Bastion Contract | hash-d247c7118d240bb339612f176f23816aa7a42e3bce88b132cad9982707c4a2c0 |
| CEP-18 Token | hash-541069ed8cad06249f76edb0972932d012badbb256111d3000df06ac1d703be6 |
| Issuer Account | 01b9c7741b3679191aa4f82e5529e3f0908e3d5cbc9c3c352807e17b7c48bffc55 |
| Feature | Traditional KYC | Bastion |
|---|---|---|
| PII exposure | Full identity stored | Zero PII on-chain |
| Breach risk | Central honeypot | Only hashes + nullifiers |
| Revocation | Manual (days) | Autonomous (instant) |
| Verification | Requires PII re-share | ZK proof โ no data revealed |
| Proof system | None | Groth16-shaped (snarkjs-compatible) |
Merkle tree, ZK proofs, autonomous revocation, x402 pay-to-check
Replace SHA-256 commitment with field-native Poseidon hash + real snarkjs verifier
Production-grade compliance gateway with real KYC provider integration
One ZK proof valid across Casper, Ethereum, and Solana ecosystems
โ 60+ hackathon projects shipped
โ Full-stack: Rust contracts + Next.js dashboards + AI agents
โ Built the entire Vouch suite (3 projects) for this buildathon
Bastion โ ZK compliance gateway for the Casper ecosystem.