Privacy
Privacy on Ferros isn't an opt-in feature. Edge operations are invisible to everyone except the two parties — structurally, not cryptographically. For the root layer, three privacy tiers give you precise control over what the world sees.
Why It Matters
Every transaction you make — every payment, every trade, every balance — is permanently visible to everyone on the planet. That's not transparency. That's surveillance infrastructure. Here's who that hurts and why it can't continue.
A company paying suppliers on-chain reveals its entire vendor list, payment terms, margins, and cash position to every competitor. No CFO signs up for that. This is why enterprise adoption hasn't happened.
On Ferros, bilateral payments between a company and its suppliers are invisible. The root layer sees only net settlements — not who, not how much, not how often.
A large buy order visible in the mempool is an invitation to extract value. MEV bots see your intent before it executes and trade against you. Public order flow is a structural disadvantage.
Edge-based OTC trading is bilateral and invisible. Batch clearing on root eliminates ordering advantage. Confidential settlements hide trade sizes from everyone except the counterparty.
Your salary, your savings, who you pay, what you buy — all permanently public. Link one on-chain address to an identity and your entire financial life is exposed. This isn't hypothetical — it's happening now.
Private edges with the shielded pool ensure that your financial activity is known only to the parties involved. Prove what you need to prove — to a landlord, a lender, a regulator — and nothing more.
AI agents making thousands of API payments per hour create a detailed map of every service they use, how often, and how much they pay. This is competitive intelligence on autopilot — exposed to anyone watching.
MPP session payments over edges are bilateral. An agent's API usage patterns, vendor relationships, and cost structure stay between the agent and the provider.
International payments require regulatory compliance but current chains force a choice: comply by making everything public, or use opaque systems that regulators can't verify. Neither works.
Selective disclosure proofs give regulators cryptographic certainty about specific facts without broadcasting private data globally. Compliance and privacy aren't opposites — they're complementary.
On-chain lending protocols publish every position, collateral ratio, and liquidation threshold. Sophisticated actors target positions approaching liquidation. Your financial vulnerability is public knowledge.
Confidential DeFi operations hide amounts via Pedersen commitments. Validators verify protocol rules — collateral ratios, repayment schedules — without seeing the numbers. Your positions stay private.
How It Works
Most blockchains broadcast every transaction to every validator. Then they bolt on privacy after the fact. Ferros is different — privacy is a structural consequence of how the network works.
Edge operations exist only between the two parties who signed them. No validator sees them. No mempool broadcasts them. No block explorer indexes them. This isn't encryption — the data simply doesn't exist anywhere else.
10,000 operations between two parties might net to a single $50 settlement. Root sees $50 — not the $1M of gross volume that produced it. Activity levels are invisible.
Need to prove something to an auditor? Generate a cryptographic proof of exactly what they need — nothing more. Unforgeable, timestamped, verifiable. Stronger than bank records.
Privacy Tiers
Every edge declares a privacy tier at registration. Transactions can only move to an equal or stricter tier — never loosen. The privacy ratchet only goes one way.
Parties and amounts visible on root. Standard for public DeFi — swaps, staking, governance. Same model as any blockchain.
Parties visible, amounts hidden via Pedersen commitments. Validators verify correctness with Bulletproofs range proofs — without ever seeing the values.
Both parties and amounts hidden. Funded from the shielded pool. Settlement outputs return to the shielded pool. Even force-settlement stays blind via ZK proofs.
Shielded Pool
Even with blinded counterparties, funding an edge from a transparent balance leaks information. The shielded pool solves this — deposit stablecoins, receive shielded notes, fund edges without revealing anything.
Transparent USDC enters the pool. The deposit is visible — this is the boundary. Fixed denominations (1K / 10K / 100K / 1M) prevent amount-based linking.
Notes are opaque — observers see a commitment, not who owns it or the amount. Subsequent use is unlinkable to the deposit.
Fund allocations, receive settlements, return capital — all through shielded notes. Observers see nothing.
Selective Disclosure
Cryptographic proofs bound to a specific verifier. Non-transferable, unforgeable, anchored to on-chain state. Stronger assurance than bank records.
"I paid invoice X of amount Y to party Z at time T"
"My total settled volume in this period was between A and B"
"My total balance as of block B is at least X"
"All my counterparties passed KYC check from authority A"
"This edge settled at sequence S with committed amount V"
"I have an active edge with committed party P"
Under the Hood
Hiding and binding commitments for amounts. Additively homomorphic — validators verify balance equations on commitments without seeing values.
Range proofs that committed values are non-negative and bounded. No trusted setup. Uniform proof size regardless of the actual value — no information leakage.
Groth16 or PLONK for shielded pool operations and blind force-settlement. Compact proofs, fast verification, proving without revealing.
ZK-friendly hash function for the shielded note Merkle tree. Optimized for arithmetic circuits — fast inside ZK proofs where SHA-256 is prohibitively expensive.
Compliance
Selective disclosure gives auditors and regulators cryptographic certainty about specific facts — without broadcasting private data to the entire network. This is stronger assurance than traditional bank records, not weaker.
Generate proofs that satisfy audit requirements. Bound to the specific auditor — non-transferable, non-replayable. The auditor gets certainty. Nobody else learns anything.
Prove all counterparties passed KYC without revealing who they are. The attestation chain is cryptographic — no trust required, no data shared beyond what's needed.
The shielded pool is a protocol-native primitive, not a third-party mixer. Fixed denominations, append-only Merkle tree, double-spend prevention via nullifiers. Auditable by design.
Not bolted on. Not optional. A structural consequence of how value moves.