CORE CONCEPTS

Zero-knowledge proofs

A zero-knowledge proof lets you prove a statement is true while revealing nothing beyond the fact that it's true. It's the engine that lets PolyShield verify your bets without learning who you are.

The classic analogy: proving you're over 21 without showing your birthday — or even your age. The bouncer becomes convinced, learns nothing else, and can't reuse what they saw to identify you later.

A zero-knowledge proof is like proving you're over 21 without showing your birthday. You convince the Vault your note is valid and well-funded — the secret stays in your browser and never crosses the line.

What your proofs actually claim

Every PolyShield action is a small, specific statement proven in-browser. For a bet, you prove:

"I know the secret behind a note that exists in the vault's Merkle tree" — without revealing which note.
"That note's balance is at least the bet amount plus the fee" — without revealing the balance.
"Here is the correct nullifier and the correct new note" — so the math can be checked but not traced.

The Vault verifies the proof on-chain in milliseconds. If even one claim is false, verification fails and the transaction reverts. There is no way to forge a valid proof for a false statement.

The stack

Circuits: 9 circuits written in Circom, one per action, compiled to WebAssembly.
Proving: Groth16 over the BN254 curve via snarkjs — fast to verify, tiny proofs.
Hashing: Poseidon, a hash designed to be cheap inside circuits (Keccak would be enormous here).
Where: Proving runs client-side; verification runs on-chain in snarkjs-generated verifier contracts.