Agent payments,proven in zero-knowledge.
Every payment is a Groth16 proof: the payee proves it owns an unspent note in the pool without revealing which — so who was paid, how much, and the agent→payee link never touch the chain. Verified on-chain over BN254, enforced by math, not a custodian.
withdraw 3,005 · insert 5,238 constraints · depth-10 tree · Hermez ptau
What the chain sees
read in real timeNotes in pool
—
leaf_count, on-chain
USDC pooled
—
amount hidden per note
Spend recorded
—
nullifiers, no double-spend
Tree depth
10
1024-note anonymity set
LetanAIagentpayonatransparentchainandyoupublishitseverycounterparty,everyamount,andamapofeverythingyourtreasurytouches.Kagesealsallofit—andboundstheagentsoitcanneverdrainyou—enforcedbymathandthechain,notbytrustingacustodian.
One scan key. Unlimited private payouts.
A payee shares a scan key once; every agent payment lands at a fresh stealth address only they can spend.
Payment
received
Paid to a one-time address. No link back to the agent.
+1,000.00
USDC
What the chain sees
Commitments, random keys, a Merkle root, nullifier hashes — never an identity or an amount.
Agent ↔ payee links
0 visible
ZK is
load-bearing
Remove the pool proof and the whole agent spend graph goes public. The privacy is the proof — not a setting you trust us to keep on.
Real proofs, on-chain
Both circuits prove and verify; the BN254 pairing check passes inside the Soroban contract on testnet.
The zero-knowledge, at every step of a payment
Agents pay without ever naming the payee
Only the scan-key holder recomputes the shared secret and finds their payment.
Deposits and withdrawals no one can link
Notes in pool
1
Tree depth
10
Prove you own a note without revealing which
Funds land at a fresh one-time address
Paid out
1.00 USDC
Stealth address
GABNZK3P…TIN5M72F
How it works
Three steps. The agent→payee link never touches the chain — it's broken by a zero-knowledge proof, not by a promise.
View the live contractOwner delegates a scoped key
The owner deploys a session account and hands the agent one capped, expiring key that may only pay into the Kage pool. Never the owner's key, never a way to drain or redirect funds — anything off-policy reverts on-chain.
Agent pays into the pool
Acting on its own, the agent does ECDH against the payee's scan key, derives a private note, and deposits USDC as a Poseidon commitment in the shielded Merkle pool. The chain sees a commitment and a random ephemeral key — nothing else.
Payee withdraws the funds
The payee recognises their note, proves in zero-knowledge they own some unspent leaf — without revealing which — and is paid at a fresh stealth address. No one links the payout back to the agent.
Everything converges. Nothing leaks.
One pool in. Unlinkable payouts out.
What judges usually ask
Scope, trust assumptions, and why the ZK is the whole point.
Encryption hides data but trusts whoever holds the key — a server, a custodian, you. Kage makes the agent→payee link unprovable to anyone, enforced by the zk-SNARK and the chain itself. No party holds a secret that could reconstruct who paid whom.