Status: Not yet implemented. This page describes a planned feature. The interfaces and designs below are subject to change and are not available for use today.
Proof of Innocence is an off-chain compliance feature that acts as an AML policy. It allows users to prove their received funds did not originate from sanctioned addresses (e.g., OFAC list) without revealing transaction details.
Overview
Property
Description
Purpose
Prove sender addresses are not on a sanctions list
Proof System
Groth16 (single proof) / Nova (aggregated)
Verification
Off-chain CLI verifier
Data Structure
Sparse Merkle Tree (SMT) for sanctions list
How It Works
┌─────────────────────────────────────────────────────────────────┐
│ Proof of Innocence Flow │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 1. Prove that `totalTeleported` per recipient (hash of │
│ `GeneralRecipient`) is not originated from OFAC-sanctioned │
│ sources. │
│ ↓ │
│ 2. Commit the OFAC list using a commitment scheme that │
│ supports non-membership proofs (e.g., Exclusion Tree). │
│ ↓ │
│ 3. For each `from_address`, generate non-membership proof. │
│ ↓ │
│ 4. For each teleport, prove that `transfer_leaf.from` is not │
│ in the OFAC list, then aggregate the steps with Nova. │
│ ↓ │
│ 5. The Verifier checks the Nova proof with public inputs: │
│ `recipient`, `totalTeleported`, and the trusted OFAC SMT │
│ root. │
│ │
└─────────────────────────────────────────────────────────────────┘
Cryptographic Design
Exclusion Tree
A “OFAC non-membership tree” is a Merkle tree of sorted disjoint (start, end) pairs representing the gaps between the elements of the OFAC sanctions list. That is, the union of the regions start..=end is exactly the complement of the set of sanctions list. The OFAC sanctions list is committed using a OFAC non-membership tree. The leaf of the tree is computed as:
If the sanctions list contains k addresses, the exclusion tree has k + 1 gaps (one before the first address, one between each consecutive pair, and one after the last). The minimum tree height is ⌈log₂(k + 1)⌉. In practice, add 2-3 levels of headroom to accommodate list growth without regenerating circuit artifacts.
Non-Membership Proof (Nova Step)
Each transfer to a recipient has a transfer_leaf = (from_address, burn_address, value) (where burn_address is the to field of the generic transfer leaf). To prove that totalTeleported per recipient is not originated from sanctioned sources, for each transfer we prove the sender (transfer_leaf.from) is not in the OFAC list: Public Inputs (constant across all steps):
ofac_root - root of the OFAC non-membership tree
recipient - hash of GeneralRecipient Accumulator State:
totalTeleported - running sum of transfer values Per-Step Private Inputs:
from_address - sender of this transfer (transfer_leaf.from)
value - transfer amount
start, end - gap boundaries containing from_address
path, position - Merkle proof for the gap Per-Step Constraints:
Sender not sanctioned: start < from_address < end verified against ofac_root
Accumulate value: totalTeleported_new = totalTeleported_old + value
CLI Usage (Planned)
Note: This is an MVP interface. Users must manually assemble witness files.
Generate Proof of Innocence
Generate a Nova proof that all transfers to a recipient originated from non-sanctioned addresses.
Argument
Description
--recipient
Hash of GeneralRecipient (from withdrawal flow)
--ofac-root
Trusted OFAC exclusion tree root
--transfers-file
JSON file with list of (from_address, value) pairs
--exclusion-proofs-file
JSON file with exclusion proofs from OFAC tree service
--output
Path to write the generated proof
Verify Proof of Innocence
Argument
Description
--proof
Path to the proof file
--recipient
Expected recipient hash
--total-teleported
Expected total value (wei)
--ofac-root
Trusted OFAC exclusion tree root
Example
Input File Formats
transfers.json - List of transfers to prove:
exclusion_proofs.json - Exclusion proofs from OFAC tree service:
