Prove your Bitcoin balance on Starknet. Address never touches the chain.
Bitcoin is transparent by design. That's the problem. Latens flips it — turning a public UTXO set into a private credentialing layer using Poseidon Merkle trees and on-chain Cairo verification.
Bitcoin UTXO set → Poseidon Merkle tree → Root anchored on Starknet
↓
User proves: "I'm a leaf in that tree, balance ≥ X"
↓
BalanceVerifier checks in Cairo
↓
ProofVerified event — no address, no balance
The chain sees: a commitment hash, a threshold, a block height.
The chain never sees: an address, a balance, a UTXO, or anything that links back to Bitcoin identity.
| Data | On-chain? | Who sees it |
|---|---|---|
| Bitcoin address | ❌ Never | Prover only |
| Exact balance | ❌ Never | Prover only |
| Salt | Prover + chain (see Privacy Model) | |
commitment = Poseidon(address_hash, salt) |
✅ | Everyone |
| Threshold floor (e.g. ≥ 1 BTC) | ✅ | Everyone |
| Merkle root (Bitcoin snapshot) | ✅ | Everyone |
| Tx hash of the verification | ✅ | Everyone |
StateRootRegistry BalanceVerifier DaoGate
───────────────── ─────────────── ───────
Stores Merkle roots → Checks 3 constraints → Gates membership behind proof
Admin-controlled Any address can call Nullifier prevents replay
Root TTL: ~1 week Returns bool + event is_member() for composability
| Contract | What it enforces |
|---|---|
StateRootRegistry |
Only admin can update root · height must increase · TTL = 1,008 blocks |
BalanceVerifier |
Poseidon(addr, salt) == commitment · Merkle path leads to root · balance ≥ threshold |
DaoGate |
All of above · proof not reused in this DAO · proof not reused in other DAOs |
→ Full interface specs and storage layouts: Contract Reference
Every verified proof satisfies exactly these, checked on-chain in Cairo:
C-01 Poseidon(address_hash, salt) == commitment
C-02 recompute_root(Poseidon(address_hash, balance), merkle_path) == snapshot_root
C-03 balance >= threshold (skipped if threshold == 0)
A broken backend cannot produce calldata that passes these. The Cairo verifier runs them independently.
→ Hash parameters, field arithmetic, test vectors: Crypto Spec
| Layer | Technology | Role |
|---|---|---|
| Bitcoin data | Blockstream REST API | UTXO snapshot at fixed block height |
| Indexer | Python 3.12, FastAPI | Aggregates balances, builds Merkle tree |
| Hash function | Poseidon (Starknet-native) | Leaves, commitments, nullifiers — all the same permutation |
| Proof engine | Python simulation → S3: Noir + WASM | Produces Starknet calldata |
| Contracts | Cairo 1, Starknet Sepolia | On-chain verification |
| Frontend | Next.js 14, starknet-react | Wallet connect, proof UX, Merkle visualiser |
| Use Case | What's proven | What's hidden |
|---|---|---|
| DAO membership | Controls ≥ X BTC | Which wallet |
| Anonymous lending | Credit floor (e.g. ≥ 5 BTC) | Exact balance, address |
| Airdrop eligibility | Held BTC at block H | Address, amount |
| Cross-chain reputation | BTC wallet age + balance tier | Identity |
→ Cairo code for each pattern: Integration Guide
let ok = IBalanceVerifierDispatcher { contract_address: verifier }
.verify_proof(address_hash, salt, balance, merkle_path, commitment, 100_000_000);
assert(ok, 'Proof of ≥ 1 BTC required');That's the entire integration for a 1 BTC gate. The contract handles root freshness, Merkle path validation, and commitment binding.
| Stage | Prover | Backend sees address? | ZK sound? |
|---|---|---|---|
| S1 — Now | Python (trusted) | Yes | ❌ Trusted |
| S2 | TEE-hosted | No (attestation) | ❌ Trusted |
| S3 | Browser WASM (Noir) | No | ✅ Full ZK |
The BalanceVerifier interface is unchanged across S1 → S3. Integrations built today survive the upgrade.
| Doc | What's inside |
|---|---|
| Architecture | System layers, component map, privacy flow |
| Crypto Spec | Poseidon params, Merkle construction, constraint definitions |
| Contract Reference | ABI, storage, events, revert conditions |
| API Reference | REST endpoints, calldata format, error codes |
| Execution Flow | Full phase-by-phase state trace |
| Security Model | Threat analysis, mitigations, known limits |
| Privacy Model | Per-layer information analysis, calldata caveat |
| Integration Guide | Cairo patterns, thresholds, composable use cases |
latens-zk/core · MIT License