ZKPrivatePay
Keep your transactions private. Be secure, Be safe
Created on 25th January 2026
•
ZKPrivatePay
Keep your transactions private. Be secure, Be safe
The problem ZKPrivatePay solves
Mini Tornado-Cash–Style Private Payments (ZK-Powered)
Send money without revealing who paid whom — and without exposing secrets on-chain.
This project is a mini privacy payment system inspired by Tornado Cash, built using Zero-Knowledge Proofs.
It allows a sender to lock funds on-chain and lets the receiver withdraw them only if they know a secret, without ever revealing that secret to the blockchain.
The Core Idea (Visual Flow)
No secret is ever revealed on-chain.
Only a proof that “I know the correct secret” is verified.
How it works (Step-by-Step)
Sender creates a private payment
- Sender chooses a random secret code
- A 256-bit hash of the secret is generated
- The hash is stored on-chain as the payment identifier
- Funds are locked in the smart contract
✅ Blockchain only sees a hash
❌ Blockchain never sees the secret
Secret is shared off-chain
- Sender sends the secret to the receiver
- Can be done via:
- Encrypted messaging
- QR code
- In-person
- Any secure channel
The secret lives entirely off-chain
Receiver withdraws using Zero Knowledge
- Receiver enters the secret on a withdrawal page
- A Zero-Knowledge Proof is generated:
“I know a secret whose hash matches the one on-chain.”
- Smart contract verifies the proof
- Funds are released to the receiver
No one can see:
- the secret
- who sent the payment
- how the receiver got access
Why Zero-Knowledge here is powerful
Without ZK:
- Receiver would have to reveal the secret
- Anyone watching the mempool could steal funds
With ZK:
- Secret never appears on-chain
- Proof cannot be reused or forged
- Front-running is prevented
The blockchain verifies math — not trust.
Privacy Benefits
| Problem | Traditional Payments | This System |
|---|---|---|
| Sender ↔ Receiver link | Fully visible | Hidden |
| Secret exposure | Revealed | Never revealed |
| Front-running risk | High | None |
| Trust required | Yes | Cryptographic |
Future Extensions (Where this gets exciting)
Payment Pool
- Multiple payments enter a shared pool
- Withdrawals are unlinkable from deposits
- Increases anonymity set
Result: Stronger privacy guarantees.
🧪 Mixer functionality
- Funds are mixed across many deposits
- Observers cannot trace payment paths
- Inspired by Tornado Cash architecture
Result: Transaction graph privacy.
- Receiver can set or rotate their own secret
- Enables:
- One-time payments
- Reusable privacy wallets
- Password-like control without passwords
Result: Flexible, user-controlled privacy.
This project shows how privacy doesn’t require trust:
- No centralized mixer
- No custodial service
- No leaked secrets
Just math, proofs, and smart contracts.
A zero-knowledge powered mini Tornado-Cash–style payment system where users can send and receive funds privately using secret-based proofs — without ever revealing secrets or linking identities on-chain.
This isn’t just hiding data.
It removes sensitive data from the blockchain entirely — while keeping verification trustless.
Challenges I ran into
Challenges We Faced During the Journey
Building a privacy-preserving payment system using Zero-Knowledge Proofs was far from straightforward. The journey involved deep technical challenges, design trade-offs, and tight constraints — each of which shaped the final solution.
Understanding Zero-Knowledge at a Practical Level
Zero-knowledge proofs are often explained conceptually, but implementing them in practice is a different challenge entirely.
- Understanding how circuits, witnesses, public signals, and verifiers interact took time
- Small misunderstandings (e.g. public vs private signals) caused proofs to silently fail
- Debugging ZK circuits provides very little feedback when something goes wrong
Lesson learned: ZK is unforgiving — correctness must be exact.
Circuit Design Trade-offs
Designing the circuit required careful decisions:
- Should the hash be an input or computed inside the circuit?
- How many public signals are safe and necessary?
- How do we keep verification simple while preserving privacy?
Every design choice affected:
- gas cost
- verifier complexity
- usability
Lesson learned: Minimal circuits are safer, cheaper, and easier to reason about.
Tooling & Ecosystem Friction
The ZK ecosystem is powerful but still maturing:
- Tooling errors were often cryptic or undocumented
- Small version mismatches between circom and snarkjs caused failures
- Some expected CLI commands simply did not exist, requiring workarounds
Lesson learned: Always rely on the circuit itself as the source of truth.
On-chain vs Off-chain Coordination
A major challenge was deciding what belongs on-chain and what must stay off-chain:
- Secrets must never touch the blockchain
- Hashes must be deterministic and verifiable
- Proof generation happens off-chain but must align perfectly with on-chain logic
Any mismatch broke the entire flow.
Lesson learned: Clear separation of responsibilities is essential in ZK systems.
Gas & Verifier Constraints
On-chain verification is expensive:
- Pairing-based verification consumes significant gas
- Public inputs directly impact verification cost
- Verifier contracts are rigid — one mismatch means failure
Lesson learned: Optimize public inputs early, not later.
Testing & Debugging Difficulties
Testing ZK systems is unlike traditional apps:
- A single incorrect constraint invalidates everything
- Failures often appear as a simple
false
- Debugging requires inspecting witnesses, constraints, and generated proofs
Lesson learned: Build incrementally and test at every stage.
Conceptual vs Real Privacy
Designing for actual privacy, not just perceived privacy, was a constant challenge:
- Preventing front-running
- Avoiding on-chain data leaks
- Ensuring secrets cannot be inferred indirectly
Lesson learned: Privacy must be considered holistically, not feature-by-feature.
Final Reflection
Despite the challenges, this journey highlighted the power and necessity of zero-knowledge systems.
Each obstacle reinforced a core idea:
Privacy is hard — but worth building correctly.
This project represents not just a working prototype, but a deeper understanding of how cryptography can replace trust in modern systems.
Tracks Applied (2)
Open Track
Freshers
Technologies used