Customer-ready
Private inputs hidden
Public proof receipt
Blind Verification
Prove a private decision was made correctly.

For teams that need audit-ready proof without revealing customer data, internal rules, or sensitive policy inputs.

What it does

Verify the decision without exposing how it was made.

Blind Verification lets an organization run a private policy over sensitive inputs, issue a decision, and publish a proof receipt that shows the process was followed. The verifier sees proof, not private data.

A customer or case is checked against a private policy.
The sensitive inputs stay hidden.
The organization receives a decision and a proof receipt.
A third party can verify the process without seeing private data.
Why buyers care
Problem

Auditors, partners, and customers need confidence that a decision was made correctly. But exposing raw data and internal rules creates privacy, compliance, and competitive risk.

PrivateDAO answer

Keep the decision process private. Publish a proof receipt that can be checked independently.

Run a real workflow

Enter private inputs. Get a decision and proof receipt.

The values below represent sensitive customer or case data. PrivateDAO uses them to decide whether the private policy is satisfied, then returns a public receipt that hides the values.

1
1. Create Policy
The private policy is selected without exposing thresholds.
2
2. Execute Workflow
Sensitive values are entered and evaluated.
3
3. Generate Blind Proof
Groth16 produces a public proof package.
4
4. Verify
The verifier recomputes the package and checks the proof.
5
5. Store Receipt
The proof hash and commitments are written to Solana.
6
6. Open Explorer
The receipt transaction can be opened by any third party.
What is cryptographically real today

Groth16 is the live proof system.

Real proof

The API generates a witness, runs snarkjs Groth16 prove, then verifies the proof before issuing a receipt.

Public verifier data

The receipt includes proof, public signals, verification key, verification key hash, policy commitment, and input commitment.

Solana receipt

A verified proof package can be anchored as a Solana PDA receipt with Explorer links for the receipt account and transaction.

Clear boundary

REFHE, Ika / Encrypt, and MagicBlock are commitment lanes here unless a separate provider receipt is attached.

Technical Verification Notes

What a technical customer can verify.

Circuit

`private_dao_blind_policy_overlay.circom` is the current Circom/Groth16 circuit.

Constraints

The circuit proves membership is true, three private records are positive, the average capacity threshold is satisfied, liabilities stay within the policy envelope, risk score meets the floor, and Poseidon commitments bind the policy and inputs.

Witness generation

The API writes private inputs to a temporary witness input, runs `generate_witness.js` with the compiled WASM, then runs `snarkjs groth16 prove`.

Proving key

The proving key is the server-side `private_dao_blind_policy_overlay_final.zkey`; it is not sent to the browser or verifier.

Verification key

The verification key is fixed for circuit version groth16-v1. verificationKeyHash: 05aeb7e27479d7f1551b0c2e18134c58f760de43f2ff085a8ea2e82f212209eb.

Replay protection

The public package binds `proofId`, `nonce`, `issuedAt`, `expiresAt`, `circuitVersion`, `policyVersion`, `policyCommitment`, and `inputCommitment` into the original proof hash.

Policy changes

A policy cannot be changed after proof issuance. Changing `policyVersion` changes the policy salt and produces a new `policyCommitment`.

Versioning

The current public version pair is `circuitId=private_dao_blind_policy_overlay` and `circuitVersion=groth16-v1`.

Solana receipt registry

After Groth16 verification passes, the API attempts an Anchor PDA receipt and falls back to a Solana Memo receipt transaction if the Anchor program path is unavailable. The response labels the storage mode.

Not claimed

Full Groth16 pairing verification on Solana, PLONK, STARK, and recursive proofs are future work, not current production claims.

Architecture

The verification path in one line.

1
Client

Customer or case data is entered by the organization.

2
Private data

Sensitive inputs stay out of the public proof.

3
Blind policy

The policy is applied without revealing thresholds or formulas.

4
Groth16

A ZK proof confirms the private policy was satisfied.

5
Proof receipt

The public package contains commitments, checks, and a hash.

6
Public verification

Anyone can recompute the hash and verify the package was not changed.

Benchmarks

Measured verification performance.

Proof receipt build
612.25 ms
Hash recompute
6.4 ms avg
Receipt verification
13.5 ms avg
Groth16 verification
6867.52 ms avg
Verification capacity
0.15 / sec est.
Runs
3 local runs

Measured locally with the checked-in Groth16 blind-policy proof fixture. This measures package creation, hash recomputation, receipt verification, and Groth16 verification, not full witness generation.

Adoption signals

Built for real pilot conversations.

Internal Pilot

Used as the PrivateDAO proof workflow reference path for customer-ready verification.

PrivateDAO Treasury

Mapped as a reusable proof trail for approvals, decisions, and audit-ready receipts.

Test Organizations

Prepared for fintech, grant, treasury, compliance, and review workflow pilots.

Research Deployment

Connected to the checked-in Groth16 circuit and verification artifacts for reviewer inspection.

Use cases
Lending

Prove underwriting or credit-limit checks happened without exposing earnings or thresholds.

Compliance

Prove required checks were completed without exposing documents or review notes.

Grants

Prove eligibility and review policy were followed without exposing reviewer scoring.

Commercial packages

Sell it as a focused verification product.

Blind Policy Pilot
$10,000 setup + $3,500/month
1 private policy template
Groth16 proof generation
Public verification page
API status and verification endpoints
2,500 blind policy proofs/month
Pilot onboarding and policy mapping
Blind Policy Business
$7,500/month
Up to 5 active private policies
10,000 proof events/month
Custom proof package labels
Audit-ready verification reports
Intelligence summaries optional
Priority support
Blind Policy Enterprise
From $25,000/month
Dedicated deployment
Custom policy circuits
Customer data connector
Custom verification domain
SLA and security review support
Annual private deployment option