ZK Proof Verification
Proof Explorer
Every withdrawal on Veil is verified on-chain using a Groth16 zero-knowledge proof. This page shows exactly what the Soroban verifier checks — the pairing equation, public inputs, and proof points. Nothing is hidden.
0
Total deposits
0
Verified proofs
BN254
Curve
How Groth16 Verification Works
The on-chain verifier receives a proof (A, B, C) and public inputs (root, nullifierHash, recipient, relayer, fee, refund). It checks the following pairing equation:
e(-A, B) · e(α, β) · e(vk_x, γ) · e(C, δ) = 1GT
Where:
- A, B, C — proof points from the prover (G1, G2, G1)
- α, β, γ, δ — verification key points (embedded in contract at deploy time)
- vk_x — linear combination of public inputs with IC points:
IC[0] + Σ(input[i] · IC[i+1])
This uses Stellar's native BN254 host functions:bn254_g1_add,bn254_g1_mul,bn254_multi_pairing_check.
Recent Verified Proofs
These are demo verifications showing the structure of on-chain proof data. In production, this page would index real Soroban contract events and display actual proof verifications from the pool contract.