Skip to main content
PolyShield
POLYGON MAINNET · BETA
ProductHow It WorksDocsBlogRoadmap
Launch App
Docs menu · Reference
Getting started
OverviewThe basicsQuickstartFAQ
Core concepts
The privacy modelZero-knowledge proofsSpending notesThe Merkle tree & nullifiers
Architecture
System overviewVault contractZK circuitsOff-chain services
Security
Threat modelTrust assumptionsBackup & recoveryFees
Reference
Glossary
REFERENCE

Glossary

Plain-language definitions of the cryptographic and protocol terms used throughout PolyShield. If a concept here is unfamiliar, the linked section goes deeper.

Core privacy concepts

Anonymity set
The group of depositors whose bets are indistinguishable on-chain. Because every bet is placed by the vault's one shared account, an observer cannot tell which member of the set authorized any given trade. A larger set means stronger privacy.
Note
Your private balance inside the vault, structured as (secret, balance, nonce, owner_address). Spending a note destroys it and creates a fresh one — only you can prove you own it.
Secret
A random value known only to you that controls a note. In current versions it is derived deterministically from a wallet signature, so your wallet alone can regenerate every note. It never leaves your device.
Commitment
The public, on-chain fingerprint of a note: Poseidon4(secret, balance, nonce, owner_address). It reveals nothing about the contents but lets you later prove ownership.
Nullifier
A one-time tag, Poseidon2(secret, nonce), published when a note is spent to prevent double-spending. It cannot be linked back to a depositor without the secret.
Owner address
The depositing wallet, baked into the note commitment. It cryptographically pins withdrawals to your own address (see withdraw-to-self).
Withdraw-to-self
The rule that funds can only return to the wallet that deposited them — enforced inside the withdrawal circuit and re-checked on-chain. It is what makes PolyShield not a mixer.

Zero-knowledge cryptography

Zero-knowledge proof
A proof that a statement is true (“I own a note worth X”) without revealing the underlying data. PolyShield generates these in your browser for every bet, settlement, and withdrawal.
Circuit
The program that defines what a given proof must satisfy. PolyShield ships a circuit per action — deposit, bet, settle, withdraw, and more.
Public input
A value visible to the verifier and the chain (e.g. a Merkle root or a nullifier). The vault often injects sensitive public inputs such as the fee or payout so a user cannot forge them.
Groth16
The succinct proving system PolyShield uses (over the BN254 curve). Proofs are tiny and cheap to verify on-chain.
Poseidon hash
A hash function designed to be efficient inside ZK circuits. PolyShield uses it for all commitments and nullifiers instead of Keccak.
Merkle tree
An append-only tree (depth 32) holding every note commitment. Membership in it is what a spend proof demonstrates. See Core concepts → The Merkle tree & nullifiers.
Merkle root
The single hash summarizing the whole tree at a point in time. The vault accepts proofs against any root in a rolling recent-history window so concurrent users don't collide.

Protocol & Polymarket

Vault
The smart contract that holds pooled USDC, verifies every proof, and owns the single shared Polymarket account.
Shared EOA
The one externally-owned account the vault uses to place all orders on Polymarket. Every depositor's bets originate here, which is the source of on-chain indistinguishability.
Proof relay
The service that submits users' proofs to the vault and pays the gas — so a bet never originates from your wallet. It sees only proofs, never secrets.
Signing layer
The operator service that reads authorized-bet events and places the corresponding order on Polymarket from the shared EOA.
Deposit binding
A mandatory proof at deposit time that ties your committed balance to the exact USDC amount transferred and to your address, so no one can mint an over-funded note.
CLOB
Polymarket's central limit order book, where orders are matched. PolyShield places fill-and-kill or resting limit orders into it from the shared EOA.
CTF
The Gnosis Conditional Tokens Framework — the on-chain contracts that represent market outcomes and pay out when a market resolves. The vault reads payouts directly from it.
Condition ID
The CTF identifier for a specific market outcome set, used to look up the official payout at settlement.
Settlement
Crediting your note after a market resolves. The vault derives the payout on-chain from the CTF and injects it, so the credit cannot be inflated.
USDC
The only collateral PolyShield accepts and pays out. All Polymarket-internal collateral conversion is handled by the vault.