High-level goal: Enable confidential payment transfers using stablecoins and other digital assets while hiding amounts, counterparties, and transaction patterns, with selective regulatory disclosure capabilities.Overview Problem Interaction Private payment systems address four interconnected challenges:
Operational Privacy : Treasury operations, payment flows, and settlement patterns reveal competitive intelligence when visible on-chainSecurity vs Cost Trade-offs : L1 provides maximum security but higher costs, while L2s offer efficiency but different trust assumptionsRegulatory Compliance : Financial institutions require auditability and selective disclosure capabilities across varying jurisdictionsUser Onboarding : Institutions need practical paths to onboard their users (corporates, funds, counterparties) onto private stablecoin infrastructure while integrating with existing fiat rails and compliance workflows
These problems interact because traditional payment transparency conflicts with institutional confidentiality needs, while privacy solutions must maintain regulatory compliance and operational efficiency.
Key Constraints
Infrastructure Compatibility Must work with existing stablecoin infrastructure (USDC, EURC, etc.)
Traditional Integration Integration with existing payment rails (SWIFT, ISO20022) and custodial systems
Regulatory Flexibility Selective disclosure must meet varying regulatory requirements across jurisdictions
Operational Efficiency Support for high-frequency institutional operations with predictable costs
TLDR for Different Personas
Execute private treasury operations with maximum security while maintaining regulatory compliance
Implement privacy-preserving payment infrastructure using L1 shielding or privacy L2s with selective disclosure
Maintain regulatory compliance through controlled access mechanisms and audit trails while protecting commercial confidentiality
Architecture and Design Choices Privacy Approaches
Maximum security using Ethereum L1 consensus
Provides anonymity (unlinkable addresses) but limited privacy (amounts/patterns may still leak)
Shielded ERC-20 Transfers with commitment/nullifier schemesHigher per-transaction costs but battle-tested infrastructure
Full privacy with hidden state and confidential transfers
Lower costs and higher throughput for frequent operations
Private L2s with privacy-native stablecoin implementationsComplete transaction confidentiality including amounts, counterparties, and patterns
Client-side proving with minimal on-chain data (only Merkle roots)
Users custody their own transaction data; chain observers see only commitments
Stateless Plasma Privacy patternBest for: High-volume flows, minimal on-chain footprintTrade-off: Exit delays, user data custody responsibility
Trusted Execution Environment handles sensitive computation privately
Can enable private matching, settlement, or custody operations
TEE-Based Privacy patternBest for: Near-term deployment, institutional trust model acceptableTrade-off: Hardware trust assumptions, vendor dependency
Multi-party computation nodes jointly process transactions without any single party seeing plaintext
Combines MPC with ZK proofs (co-SNARKs) for on-chain verification of private state transitions
co-SNARKs (Collaborative Proving) patternBest for: Amount confidentiality where counterparty relationships are already known (e.g., bilateral settlement)Trade-off: No sender/receiver anonymity; addresses remain public on-chain Recommended Architecture: Hybrid L1/L2 Model Primary Patterns: Core Components
Multi-Tier Payment Infrastructure
L1 Shielding : High-value transfers using shielded pools (Railgun-style commitment/nullifier)Privacy L2 : Frequent operations on privacy-native rollups (Aztec, Fhenix)Cross-tier bridges : Secure movement between L1 and L2 privacy domains
Selective Disclosure Layer
Regulator viewing keys for scoped audit access
Time-bound, threshold-controlled disclosure mechanisms
Attestation logging for compliance trails (EAS, W3C VC, or ONCHAINID)Encrypted audit logs with selective decryption
Traditional Rail Integration
ISO20022 message interpreters for SWIFT compatibility
Privacy-preserving bridges to traditional payment systems
Encrypted metadata for regulatory reporting
Multi-Asset Support
Support for multiple stablecoins (USDC, EURC, etc.)
Cross-currency private transfers and conversions
Integration with existing stablecoin compliance frameworks
Vendor Recommendations Primary Infrastructure
Alternative Approaches
Railgun L1 Shielding - Mature UTXO-style privacy pools
Aztec Network Privacy L2 - Native confidential transfers
Fhenix Privacy L2 - FHE-based payments
Intmax Stateless Plasma - Client-side proving with minimal on-chain footprint
Zama FHE Approach - fhEVM for homomorphic stablecoin operations
AWS Nitro / Azure TEE Approach - Enclaves for issuer-side privacy
TACEO Merces MPC + ZK - Private stablecoin transfers (counterparty relationship public)
Fairblock HE + ZK + IBE - Encrypted layer with scoped selective disclosure
Implementation Strategy
Phase 1: Core Payment Privacy
Deploy chosen privacy infrastructure (L1 shielding or privacy L2)
Integrate major stablecoins (USDC, EURC)
Basic selective disclosure mechanisms
Phase 2: Regulatory & Compliance
Viewing key management infrastructure
SWIFT/ISO20022 message integration
Multi-jurisdiction compliance features
Phase 3: Ecosystem Integration
Cross-tier bridging (L1 ↔ L2)
Multi-currency private conversions
Integration with broader settlement infrastructure
Institutional custody and risk management system integration
Trade-offs and Considerations L1 Shielding vs L2 Privacy Aspect L1 Shielding L2 Privacy Security Maximum (Ethereum L1 consensus) L2-dependent Privacy Focus Anonymity (unlinkable addresses) Complete privacy (amounts + identities) Cost Higher per-transaction Lower, better for frequent operations Infrastructure Established, battle-tested Emerging, better UX Recommendation Anonymity-focused use cases Comprehensive institutional needs
ZK vs FHE for Privacy Proven regulatory acceptance
Best for: Basic paymentsMore flexible computation
Best for: Complex payment logicShielding vs Native Privacy Approach Advantages Considerations Shielding Works with existing stablecoins, established patterns May have performance overhead Native Privacy Better performance Requires new stablecoin deployments Hybrid Use both based on operational needs Increased complexity
Open Questions
Stablecoin Issuer Integration
How to maintain compliance with issuer KYC/AML while enabling payment shielding?
Cross-Jurisdiction Standards
Standardization of selective disclosure formats across different regulatory regimes?
Traditional Rail Integration
Technical standards for SWIFT/ISO20022 integration with privacy infrastructure?
Impact of privacy requirements on stablecoin liquidity and market making?
Key recovery and business continuity for institutional payment operations?
Example Scenario Corporate Treasury Operations
Scenario: Multinational corporation needs daily operational payments ($1-5M) between subsidiaries
Privacy : Payment amounts and corporate cash flow patterns confidentialCompliance : Tax reporting and transfer pricing documentationImplementation : Privacy L2 for frequent transfers with periodic L1 settlement
Links and Notes Standards Infrastructure Related Approaches Private Trade Settlement Private settlement workflows
Private Derivatives Confidential derivative trading
