selective disclosure
Auditor view
Privacy is not opacity. A regulator holding the disclosure view key can confirm that a payment's disclosure packet binds to its exact on-chain action — without the user ever exposing raw identity to the network.
disclosure binding
Packet bound to payment
Loaded from the demo disclosure summary: the packet hash and the on-chain payment transaction it commits to.
run it live · your browser
Decrypt the packet as the regulator
The disclosure packet is encrypted to the regulator's view key (x25519 → HKDF-SHA256 → AES-256-GCM). Click to decrypt it live in your browser with the demo view key and reveal the compliance fields the chain never saw. The packet is bound to the on-chain payment by its packet hash (AES-GCM AAD), so it cannot be swapped for another.
idle — click to decrypt the packet in your browser
what is revealed
The auditor sees only the binding
What the view key reveals
Enough to confirm compliance and nothing more — the auditor can verify the action happened and matches policy.
- Disclosure packet hashshown
- Bound payment transactionshown
- Corridor & action bindingshown
What stays private
Raw identity attributes never leave the holder's device and never touch the ledger. Proof signals, action data, committed roots and nullifiers are public.
- Name & document identityhidden
- Exact age & birthdatehidden
- Full credential attributeshidden
end to end
From private proof to auditable settlement
Generate the proof, watch the gate settle on-chain, then confirm the disclosure binding here.