Kage
Skip to main content
Real-World ZK · Live on Stellar testnet

Agent payments,proven in zero-knowledge.

Every payment is a Groth16 proof: the payee proves it owns an unspent note in the pool without revealing which — so who was paid, how much, and the agent→payee link never touch the chain. Verified on-chain over BN254, enforced by math, not a custodian.

Groth16PoseidonBN254 pairingMerkle + nullifierverified on-chain

withdraw 3,005 · insert 5,238 constraints · depth-10 tree · Hermez ptau

Kage poolconnecting
Open dashboard

What the chain sees

read in real time

Notes in pool

leaf_count, on-chain

USDC pooled

amount hidden per note

Spend recorded

nullifiers, no double-spend

Tree depth

10

1024-note anonymity set

Pool ledger (public)root
reading on-chain…
No identities, no amounts, no link from any row back to the agent or who it paid.
Groth16 membership proofProve you own a note — not which onePoseidon commitmentsNullifiers stop double-spendBN254 pairing on SorobanNo counterparty on chainPaid to a one-time stealth addressVerified on-chain, not promisedGroth16 membership proofProve you own a note — not which onePoseidon commitmentsNullifiers stop double-spendBN254 pairing on SorobanNo counterparty on chainPaid to a one-time stealth addressVerified on-chain, not promisedGroth16 membership proofProve you own a note — not which onePoseidon commitmentsNullifiers stop double-spendBN254 pairing on SorobanNo counterparty on chainPaid to a one-time stealth addressVerified on-chain, not promisedGroth16 membership proofProve you own a note — not which onePoseidon commitmentsNullifiers stop double-spendBN254 pairing on SorobanNo counterparty on chainPaid to a one-time stealth addressVerified on-chain, not promised

LetanAIagentpayonatransparentchainandyoupublishitseverycounterparty,everyamount,andamapofeverythingyourtreasurytouches.Kagesealsallofitandboundstheagentsoitcanneverdrainyouenforcedbymathandthechain,notbytrustingacustodian.

One scan key. Unlimited private payouts.

A payee shares a scan key once; every agent payment lands at a fresh stealth address only they can spend.

Payment

received

Paid to a one-time address. No link back to the agent.

+1,000.00

USDC

What the chain sees

Commitments, random keys, a Merkle root, nullifier hashes — never an identity or an amount.

Ledger view

Agent ↔ payee links

0 visible

CommitmentRoot
Double-spend
RejectedNullifierUsed

ZK is

load-bearing

Remove the pool proof and the whole agent spend graph goes public. The privacy is the proof — not a setting you trust us to keep on.

Real proofs, on-chain

Both circuits prove and verify; the BN254 pairing check passes inside the Soroban contract on testnet.

Withdraw circuit
3005 constraints
Insert circuit
4910 constraints

The zero-knowledge, at every step of a payment

Stealth notes

Agents pay without ever naming the payee

Note for one payeederived
Recipient scan keyb4800dda…95b12762
Ephemeral key R0bbeaae7…e3446f53announced
Commitment057206e8…2b8466a7on-chain

Only the scan-key holder recomputes the shared secret and finds their payment.

Shielded pool

Deposits and withdrawals no one can link

Kage pool testnet

Notes in pool

1

Tree depth

10

Merkle root02c0566a…5810ad36on-chain
Commitment057206e8…2b8466a7unlinked
Zero-knowledge withdrawal

Prove you own a note without revealing which

Membership proof verified · BN254
Root02c0566a…5810ad36
Nullifier hash29ac5fdb…06567b77spent
Replay the same nullifierrejected · NullifierUsed
Stealth payout

Funds land at a fresh one-time address

Paid out

1.00 USDC

Stealth address

GABNZK3P…TIN5M72F

Unlinkableno history · no agent link

How it works

Three steps. The agent→payee link never touches the chain — it's broken by a zero-knowledge proof, not by a promise.

View the live contract
  1. Owner delegates a scoped key

    The owner deploys a session account and hands the agent one capped, expiring key that may only pay into the Kage pool. Never the owner's key, never a way to drain or redirect funds — anything off-policy reverts on-chain.

  2. Agent pays into the pool

    Acting on its own, the agent does ECDH against the payee's scan key, derives a private note, and deposits USDC as a Poseidon commitment in the shielded Merkle pool. The chain sees a commitment and a random ephemeral key — nothing else.

  3. Payee withdraws the funds

    The payee recognises their note, proves in zero-knowledge they own some unspent leaf — without revealing which — and is paid at a fresh stealth address. No one links the payout back to the agent.

Everything converges. Nothing leaks.

What the agent sends
Payments
Settlements
Payouts
How Kage hides it
Stealth notes
ZK pool
Nullifiers
What the payee receives
Stealth address
USDC
Unlinkable
The Kage shielded pool

One pool in. Unlinkable payouts out.

The honest version

What judges usually ask

Scope, trust assumptions, and why the ZK is the whole point.

Why not just encrypt the payments?

Encryption hides data but trusts whoever holds the key — a server, a custodian, you. Kage makes the agent→payee link unprovable to anyone, enforced by the zk-SNARK and the chain itself. No party holds a secret that could reconstruct who paid whom.