Fruit Swap
Privacy-Protecting KYC for Fruit trading
Created on 21st June 2025
•
Fruit Swap
Privacy-Protecting KYC for Fruit trading
The problem Fruit Swap solves
🧃 Fruit Swap – Privacy-Protecting KYC AMM on Hyli
Fruit Swap is a zero-knowledge gated AMM (Automated Market Maker) built for the Hyli blockchain, where only users who meet private KYC requirements (e.g., age under 25) can perform swaps. It implements a full Rust-based AMM contract in Risc0, deployed on Hyli’s zk-native infrastructure
Instead of exposing sensitive information, users prove eligibility via ZKPassport – a verifiable, zkSNARK-based identity layer.
🔐 ZK Gating with Noir + ZKPassport
We used ZKPassport’s SDK to generate a proof that the user is under 25 without revealing their actual birthdate. This identity proof is checked using a Noir circuit compiled and deployed on Hyli. Although we ran out of time to fully integrate ZKPassport’s final proofs into the Hyli proof pipeline, we validated the Noir verifier locally and successfully implemented a password-hash proof of concept using the same pattern (via
CheckSecret.noir
). This confirms the identity blob mechanism works on-chain and can be adapted for age verification proofs.🧠 Hybrid ZK: Noir + Risc0 on Hyli
The main technical innovation of Fruit Swap is its hybrid zkApp architecture, using both:
- A Noir-based identity contract to verify age (<25)
- A Rust-based Risc0 zkVM contract to validate and execute token swaps
Hyli’s multi-blob transaction model lets us atomically compose these two ZK proofs. This means a user must prove age eligibility and submit a valid swap transaction in one go. The AMM contract rejects the swap if the identity proof fails or is missing. This design preserves privacy and makes compliance verifiable without user data ever leaving their device.
🔧 Development & Validation
Fruit Swap was developed and tested on the Hyli local devnet using the official
hyli-scaffold
. We structured the project using the Hyli multi-contract format (contract1
for AMM,contract2
placeholder for auxiliary logic) and proved out full integration with the frontend and autoprover.Validation screenshots included:
- ✅
nargo test
→ Noir circuit passes (3/3) - ✅
cargo test -p contract1
→ Risc0 AMM logic passes (11/11) - ✅
cargo check -p server
→ Backend compiles cleanly - ✅
cargo build --features build --bin server
→ Full build passes - ✅
cargo test --workspace --exclude contract2
→ System-wide tests green for the AMM on Risc0 - ✅ File tree: clean, scaffolded, production-ready layout
🌀 Forward-Looking: Boundless & Proof Outsourcing
The system is architected to support Boundless – Risc0’s decentralized proving network. While we didn’t fully integrate it during the hackathon, the AMM proving logic is modular and will benefit from outsourcing in the future. This would allow lower latency, mobile UX, and higher scalability without compromising trust. Hyli’s native support for Risc0 and proof batching makes this upgrade path seamless.
👥 Hackathon Context
This project was built solo during ZK Hack Berlin 2025 in close collaboration with the Hyli and ZKPassport teams. Their feedback helped guide the proof structure, circuit deployment, and Hyli-specific implementation details.
Challenges I ran into
🧪 Challenges I Ran Into
🧱 1. Hybrid Proof Composition (Noir + Risc0)
Combining two proof systems – ZKPassport’s Noir circuits and Risc0’s zkVM – was a major technical hurdle. Each has its own toolchain, constraint model, and proving output. I had to figure out how to:
- Generate a Noir proof (age under 25) via ZKPassport SDK
- Validate it locally with
nargo test
- Then model the same verifier logic for deployment on Hyli
Ultimately, I implemented a fallback proof using a password hash check (inspired by
check-secret-noir
) and confirmed it works as an on-chain identity gate. While I ran out of time to fully wire in ZKPassport’s compiled proofs to the Hyli backend, the identity blob model is verified and modular. It’s ready to be replaced with production-grade identity verifiers in follow-up work.🔄 2. Multi-Blob Transaction Model on Hyli
Hyli’s multi-blob transaction structure was powerful but unfamiliar. Crafting a transaction that includes:
- One blob from a Noir-based identity verifier
- One blob from a Risc0 AMM swap
…took extensive trial and error. I had to debug serialization, contract program ID mismatches, and blob sequencing. Luckily, the
hyli-scaffold
was a reliable foundation, and the Hyli team provided excellent guidance.🦀 3. Risc0 AMM in Rust
Implementing an entire constant-product AMM in Rust, inside Risc0’s zkVM, was challenging as a solo hacker. I wrote and tested core swap logic using field-safe arithmetic, internal state Merkle trees, and transaction validation. Writing
cargo test
-backed unit tests was essential to debug the proving outputs and state transitions. There were moments where a single incorrect state hash would break the entire zk proof chain.⚙️ 4. Boundless Proving Goals (Unfulfilled, Yet Designed For)
I explored using Boundless to offload Risc0 AMM proof generation. This would allow fast swap verification even from resource-constrained clients. However, the integration overhead was too great for a hackathon timeframe. Still, the system is architected for prover separation – the AMM proof logic is fully externalizable. The team at Hyli confirmed this would align with their co-sponsored track with Boundless.
✅ In summary, this project represents real, integrated ZK execution across two proof systems on Hyli – implemented, tested, and modular enough to upgrade. All core logic is live in Rust and Noir, and fully verified on local devnet.
Tracks Applied (3)
Boundless + Hyli
Boundless
Hyli + ZKPassport
Hyli
Deploy an application on the Hyli testnet
Hyli
Technologies used