Skip to main content

Paladin - Modular Privacy System for EVM Chains

Category: Privacy Middleware
Maturity: Open Source (Apache-2.0)
Maintainer: Linux Foundation Decentralized Trust
Focus: Enterprise privacy-preserving smart contracts with atomic programmability

Overview

Paladin is an open-source privacy layer under the Linux Foundation Decentralized Trust that provides modular wallet and vault functions for interacting with privacy-preserving smart contracts on EVM chains. The system uses standard EVM smart contracts as the source of truth for transaction finalization and private logic verification. On-chain state holds masked or commitment data, while cleartext states are exchanged off-chain through private channels over mutual TLS or gRPC. Paladin runs as a sidecar alongside standard EVM clients (e.g., Hyperledger Besu, Linea) with zero modifications required to the underlying blockchain.

Supported Patterns

Architecture

Sidecar Model

Deployment
  • Runs as sidecar next to any standard EVM node
  • Acts as privacy-preserving transaction manager
  • No client fork or blockchain modifications required
Communication
  • Secure channels between Paladin nodes for selective disclosure
  • Data at rest remains private
  • End-to-end encryption for data in flight

Smart Contract Model

Privacy-preserving smart contracts split across two components: Base EVM Contract (On-Chain)
  • Ordering and finality
  • Double-spend prevention
  • Proof validation
  • Signature validation
Paladin Runtime (Off-Chain)
  • Private state management
  • Proof and endorsement generation
  • Multi-party coordination

Transaction Manager

Coordinates assembly, submission, and confirmation across:
  • Public EVM contracts
  • UTXO-based privacy-preserving tokens
  • FHE-based confidential tokens (planned)
  • Private EVM contracts in privacy groups

Key Management

Enterprise Integration
  • HSM/SSM integration for key storage
  • Multiple signing schemes:
    • Native Ethereum signing
    • EIP-712 endorsements
    • ZKP proof generation
    • FHE wallet-side cryptography (planned)

Privacy Domains

Paladin implements a plug-point architecture where privacy domains provide on-chain logic (EVM) and app-layer logic (proofs, state management, coordination).

Zeto - ZK UTXO Tokens

Architecture
  • On-chain commitments hide ownership, amounts, and history
  • Mass conservation enforced via ZK proofs
  • Spending policies (KYC, auditability) enforced cryptographically
Implementation
  • zkSNARKs with Circom-based circuits
  • Groth16 by default
  • Paladin runtime includes token indexer, UTXO selector, and proof generator
Features
  • Optional ERC20 bridge (deposit/withdraw)
  • Lock/unlock flows prevent proof theft in multi-leg transactions (DvP)

Noto - Notarized UTXO Tokens

Architecture
  • On-chain commitments hide ownership, amounts, and history
  • Mass conservation enforced via notary certificates (EIP-712 signatures)
  • Notary/issuer governs confidential UTXO state
Notary Models
  • EOA-backed notaries
  • Privacy group-backed notaries
Features
  • Basic and hooks notary modes
  • Private and public ABIs for mint/transfer/burn
  • Lock/unlock flows for atomic transactions
  • ApproveTransfer and delegateLock for delegated execution

Pente - Private EVM Execution

Architecture
  • Each privacy group maintains unique contract and private world state
  • World state stored as UTXO commitments on-chain
  • Off-chain pre-verification with endorsements
Verification
  • Threshold signatures or EIP-712 signatures
  • No base EVM changes required
Execution
  • Paladin runs ephemeral Besu EVMs in-process
  • Privacy groups interoperate atomically with token domains

Atomic Programmability

Approval-Based Atomic Transactions

Enables complex multi-party transactions like DvP and PvP: Pre-Approval Phase
  • Parties reach private state agreement
  • Prepare token transfers
  • Generate proofs and endorsements
Approval Phase
  • Deploy swap contract
  • Each domain pre-approves:
    • Privacy group endorsement
    • Notary approval
    • ZK proof generation
Execution Phase
  • Call execute() on swap contract
  • All sub-transactions commit or revert atomically
  • EVM ensures atomic finality
Post-Execution
  • Domains remain independent
  • Provenance hidden except to entitled parties

Enterprise Use Cases

Target Segments
  • Asset issuers requiring custody and compliance
  • Asset holders needing confidential settlement
  • Network builders providing privacy infrastructure
Common Implementations
  • Cash-like tokens (CBDC, commercial bank money)
  • Tradeable assets (bonds, securities)
  • Payment vs Payment (PvP) settlement
  • Delivery vs Payment (DvP) atomic settlement
  • Private negotiation of programmable transaction rules
Buyer Profile
  • Typically VP or Head of Digital Assets
  • Privacy cited as key blocker for public chain adoption

Technical Details

Data Transports and Registry

Identity Types
  • Account signing identities (secp256k1, BabyJubJub)
  • Runtime routing identities (transport certs/addresses/hosts/topics)
Registry
  • Plugin resolves routing identifiers to transport details
  • Address book maps friendly names to accounts
Transport Principles
  • Asynchronous message transfer
  • Idempotent requests with retries
  • End-to-end encryption even via hubs/buses

Programming Model

Plug Points
  • Wallet functions (coin/state indexing and selection)
  • Endorsement coordination with flexible policies
  • Distributed sequencer for transaction coordination
  • Proof generation (ZK proofs, notary certificates)
  • High-performance modules in Java and WebAssembly

Strengths

Atomic Composition
  • Multiple privacy domains interoperate without EVM client modifications
  • Single source of truth on base EVM ledger
  • Programmable cross-domain transactions
Multiple Privacy Models
  • ZK UTXO tokens (Zeto)
  • Notary-backed UTXO tokens (Noto)
  • Privacy group EVM execution (Pente)
  • Unified interface across domains
Enterprise Alignment
  • HSM/SSM integration
  • Registry and addressing infrastructure
  • Predictable governance boundaries
  • Open-source with Linux Foundation backing
No Chain Modifications
  • Works with any EVM chain
  • Sidecar architecture
  • Compatible with public and permissioned networks

Limitations

Trust Model Considerations

Centralization Risks
  • Key management centralization in some deployments
  • Custodial trade-offs in enterprise settings
Operator Access
  • Client data access in certain operating modes
  • Trust boundary considerations
  • Privacy guarantees depend on deployment model

Interoperability Scope

Public DeFi Integration
  • Interoperability with public DeFi protocols limited
  • External venue integration roadmap
  • Privacy-public bridging considerations

Integration Notes

Deployment Requirements
  • Standard EVM node (Hyperledger Besu, Linea, etc.)
  • Paladin sidecar process
  • Secure transport configuration
Network Compatibility
  • Any permissioned or public EVM chain
  • No blockchain modifications required
  • Layer 2 networks supported
Developer Experience
  • Familiar EVM smart contract patterns
  • Extended with privacy domain logic
  • Comprehensive documentation and samples
Reference Implementations
  • Asset issuance patterns
  • Token holders and custody
  • DvP and PvP settlement flows

Resources

Build docs developers (and LLMs) love

Get started for freeTalk to us