AetherPay

ZK Payments for Confidential Care.

Built at Zypherpunk

Created on 4th December 2025

•

AetherPay

ZK Payments for Confidential Care.

The problem AetherPay solves

The project, AetherPay, solves the critical and highly sensitive problem of privacy breaches and stigma associated with payments for mental health services.

It addresses the fundamental dilemma: how to conduct a financial transaction that proves a patient is eligible (e.g., of age) and has paid, while ensuring no one (not the chain, not the public, not third parties) can link the payment back to the patient's identity or their use of therapy services.

🫂 What People Can Use It For

The system is primarily used by patients and mental health therapists to complete payment for services with unprecedented privacy guarantees.

1. For Patients (Enhanced Security & Trust)

Feature	The Problem It Solves	How It Makes the Task Safer/Easier
Anonymous Payments	Current payment methods (credit cards, P2P apps like Venmo/Cash App, or bank transfers) leave a permanent, traceable financial record that links a person to a therapy provider. This record can be exposed in breaches or sold to data brokers, leading to potential stigma, discrimination (e.g., from employers, insurance), or targeted advertising.	The patient's identity is never revealed on-chain. They deposit funds using a one-time cryptographic commitment, which is an opaque hash, ensuring their mental health journey remains completely private.
Age Verification (18+)	Providers need to verify a patient meets the legal age requirement for certain services, but traditional ID checks require collecting and storing sensitive documents (driver's license, passport).	The system uses ZkPassport to prove the patient is $\text{18+}$ without revealing their name, exact birthdate, or ID document. It's a "yes/no" answer, not a data transfer.

2. For Therapists (Compliance & Simple Claims)

Feature	The Problem It Solves	How It Makes the Task Safer/Easier
Secure Withdrawal	Traditional payment systems can suffer from chargebacks or complicated reconciliation processes.	The therapist receives a private secret code (off-chain) from the patient. Using this code, they generate a zero-knowledge proof to claim the funds. This process is secure and guarantees the funds are available.
Double-Spend Protection	A payment commitment could potentially be claimed multiple times if not tracked carefully.	The use of a cryptographic nullifier ensures that once a claim is made and verified, the associated payment can never be claimed again by anyone, preventing fraud and protecting the therapist's earnings.
Regulatory Risk Reduction	Therapists must comply with stringent data protection laws (like HIPAA or GDPR) regarding patient data. Using a system that avoids collecting or storing PII (Personally Identifiable Information) on-chain significantly reduces their regulatory risk and liability in case of a data breach.

💡 How It Makes Tasks Easier/Safer

The project utilizes Zero-Knowledge Proofs (ZKPs) to separate the act of proving a fact from the act of revealing the underlying data.

Safer: It removes the traceability of sensitive healthcare payments, protecting patients from the negative consequences of having their mental health status exposed. By not collecting PII, it becomes impossible to leak or sell that information.
Easier: It streamlines age and payment verification. A single ZK process (Noir + Garaga) confirms both eligibility (age) and payment validity (commitment + nullifier) in one go, replacing the need for document storage, manual age checks, and traceable financial data.

This creates a Sanctuary Protocol for finance, allowing patients to seek necessary mental healthcare with confidence that their decision will not be weaponized against them in the future.

Challenges I ran into

🚧 Challenges and How They Were Solved

1. ZKPassport Only Works with NFC Enabled IDs

This is a limitation of the dependency that impacts the user experience and testing accessibility.

The Hurdle: The core identity verification step relies on ZkPassport, which requires users to have an NFC-enabled ID (like a modern passport or driver's license) to generate the initial zero-knowledge proof. This excludes users with older IDs and makes development/demo testing difficult for anyone without the required ID or hardware.
How I Mitigated It: I explicitly addressed this in the project documentation:

Use the "Skip (dev/demo)" button to bypass verification for testing.
- Solution: I implemented a development/demo bypass feature in the frontend (e.g., in
  app/src/hooks/useZkPassport.ts
  ). This allows testers to test the entire complex payment flow (commitment generation, nullifier hashing, proof creation, and contract withdrawal) without needing a physical, NFC-enabled ID, making the project viable for demonstration and local development.

2. Sepolia was Upgraded Earlier Today, Forcing a Class Hash Mismatch

This is a common deployment-related hurdle when working with rapidly evolving Layer 2 solutions like Starknet.

The Hurdle: Starknet (running on the Sepolia testnet) was upgraded. This change means the underlying Cairo compiler or runtime environment changed, which invalidates the previously calculated
class_hash
for your deployed contracts (
verifier
and
payment
). When you try to interact with the old deployed contracts, the network throws a mismatch error.
How I Solved It: I documented the standard operational fix for this issue:

If I modified contracts, update the class hashes in
Makefile
after
declare-*
commands.
- Solution: When a breaking change or upgrade occurs, I have to re-declare and re-deploy the contracts. Specifically, after running
  make declare-verifier
  and
  make declare-payment
  , you had to manually update the new class hashes generated in the project's configuration (in the
  Makefile
  and tools file
  .tool-versions
  to use rc dev tools) to point to the freshly declared code. This ensures the subsequent deployment or interaction calls use the correct, current class hash.

3. Using the Nullifiers to Protect State

This is a cryptographic and contract logic challenge inherent in building ZK-based anonymous systems.

The Hurdle: In a zero-knowledge payment system, the patient's identity is hidden. To prevent a patient from claiming the same deposited funds twice (a "double spend"), a nullifier must be used. The challenge is ensuring the nullifier
is calculated correctly within the ZK circuit (in Noir), and then efficiently tracked and secured within the payment contract (Cairo/Starknet state) to guarantee it's unique.
How I Solved It: I relied on the integrity of the ZK system and contract logic:
- Noir Circuit Logic: I ensured the
  nullifier
  is generated by hashing the secret and a unique salt (
  nullifier = hash(secret, salt)
  ). Since the
  secret
  and
  salt
  are unique to the transaction, the
  nullifier
  derived from them is also unique.
- Contract Logic: The
  therapy_payment.cairo
  contract has logic to store and check all used nullifiers before releasing funds. This ensures that the first time a valid proof (which contains the
  nullifier
  ) is submitted, the funds are released and the
  nullifier
  is marked as spent, making subsequent attempts fail. This protects the contract state from double-spending.

Tracks Applied (3)

Cross-Chain Privacy Solutions

The AetherPay app fits into the landscape of cross-chain privacy applications by acting as a highly specific, privacy-pr...Read More

Starknet

General Bounty

The Private Therapy Payments project fits perfectly under the Network School focus area—specifically "zk-Passport" and "...Read More

Network School

Private Payments & Transactions

The core function of the project is creating a private payment system for a specific service (therapy). It builds a conf...Read More

Osmosis

Technologies used

React

Node.js

CSS

JavaScript

Ethereum

Tailwind CSS

StarkNet

Ztarknet

Discussion

Builders also viewed

See more projects on Devfolio