Episode 02: ZK Foundations

For serious capital to move on-chain privately, the privacy guarantee cannot depend on a single point of trust - not the operator, not the hardware, not the ceremony.

Today continues:

How We Built The Best Privacy Protocol On The Market

Signature series, Episode 02:

ZK Foundations

Every privacy primitive carries a trust assumption.

When we mapped what privacy infrastructure for institutions actually requires, every cryptographic approach we evaluated rested on a trust assumption.

Some required trusting an operator to keep data contained. Some required trusting a hardware vendor's attestation chain. Some required trusting a threshold of independent parties to remain honest. Some required trusting an entire chain migration before the privacy guarantee began.

Each is a real assumption with a real failure mode. Compliance teams evaluate every one. That evaluation is where most privacy systems lose the room.

The failure-condition bar.

Most privacy conversations focus on what gets hidden. Inside an institutional system, the harder question is what holds when something breaks.

When the operator is compromised. When the hardware has a flaw. When a key holder disappears.

A privacy guarantee that survives only while everything works is not an institutional guarantee. It is a marketing claim.

We chose our cryptographic foundation on the failure-condition bar, because that is the bar institutions actually evaluate against.

Zero-knowledge proofs.

One primitive answered the failure-condition question affirmatively. Zero-knowledge proofs.

The privacy guarantee is mathematical. It does not depend on an operator's honesty, a chip vendor's attestation, or a threshold of parties remaining cooperative.

If the operator is compromised, the math holds. If the hardware has a flaw, the math holds. If a party in the system goes offline, the math holds.

That is why every confidential transaction in Hinkal is enforced through a zero-knowledge proof.

What the proof establishes.

Every confidential transaction produces a proof that establishes three things - none of which require seeing the data inside the transaction.

The sender controls the funds. The funds have not been spent before. Inputs and outputs balance.

All three verified on-chain. Identities, balances, amounts, and counterparties remain private throughout. The rigor of full verifiability, without the exposure of public data.

Generated independently.

In Hinkal, the proof for every confidential transaction is generated independently - on the user's own device or within a TEE. The choice is theirs. Either way, the witness - the private data the proof attests to - never leaves.

Private keys never enter the TEE - only signatures are sent. Even if the enclave were fully compromised, no funds would be at risk. The TEE path is a performance optimization, not a trust dependency.

The private data behind every proof is inaccessible to Hinkal. Not even during proof generation. Non-custodial does not stop at funds. It extends to the cryptographic state behind every transaction.

Built on the ecosystem's broadest ceremony.

ZK proof systems require a trusted setup. If the ceremony is compromised, every proof built on top of it is at risk.

We did not run our own ceremony. The universal setup phase reuses Polygon Hermez's Powers of Tau - one of the most widely-audited ZK ceremonies in production, with dozens of independent contributors. The circuit-specific phase we run ourselves. The universal foundation we inherited from the ecosystem that already audited it.

No single point of trust.

Three properties interlock. The guarantee is mathematical - independent of any operator. The proof is generated independently - on the user's device or in a TEE - never exposed to Hinkal's infrastructure. The setup is ecosystem-audited - independent of any private ceremony.

Each removes a different point of trust. Together they remove every one. Even the TEE carries zero custody risk - private keys never enter it.

The institution does not have to trust us to maintain the guarantee. The guarantee maintains itself.

What's next.

This is the cryptographic ground every other layer of Hinkal stands on. But math alone does not move money. The proof needs something to prove - and what gets proved depends on how the private state is structured.

Next Wednesday — Episode 03. UTXO Model, Commitments & Nullifiers.

‍