How VeilSub Protects You
Built on Aleo's zero-knowledge proof system. Your subscription identity is mathematically impossible to expose.
What Are Zero-Knowledge Proofs?
A ZK proof lets you prove something is true without revealing the underlying data. Like proving you're over 21 without showing your ID.
Prove Without Revealing
When you subscribe, a ZK proof confirms your payment is valid without exposing your wallet address, amount, or any identifying information to the public ledger.
Encrypted Records
Your AccessPass is a private record encrypted with your wallet key. Only you can see or use it. Not even the creator, not even Aleo validators.
Mathematically Guaranteed
Privacy isn't a policy — it's enforced by cryptographic math. The Leo program physically cannot leak your identity. There's no backdoor.
What's Private vs. Public
Full transparency on what stays hidden and what's verifiable.
Private Data
ZK Records — only you can see
Your wallet address never enters the finalize scope. It is physically impossible for it to appear in any public mapping.
Creators cannot enumerate who subscribes. They only see a total count — never individual addresses.
All payments use credits.aleo/transfer_private. Individual payment amounts are hidden on-chain.
Your AccessPass record is encrypted with your wallet key. Only your wallet can decrypt and display it.
Public Data
Mappings — verifiable by everyone
Set by the creator and publicly visible so subscribers can see pricing before connecting.
An aggregate counter only. Shows "47 subscribers" — not which addresses subscribed.
Aggregate ALEO earned. No per-subscriber breakdown. Proves payments are real.
The Leo program is fully open-source and deployed on-chain. Anyone can audit it.
Trust Model
Who trusts what, and why it works.
Subscribers Trust
Aleo's ZK proving system ensures your identity never leaks. The Leo program has no pathway for subscriber addresses to enter finalize scope or public mappings. This is verified in the source code.
Creators Trust
Real credits.aleo/transfer_private transfers guarantee payment arrives. Aggregate stats are provably correct via on-chain mappings.
Auditors Verify
All code is open-source. The deployed program is visible on the Aleo explorer. Transactions are verifiable. No private data appears in any public scope.
Privacy Threat Model
Honest analysis of what an adversary could and cannot learn.
What an Adversary Could Learn
Timing Correlation
When subscriber_count increments, an observer can correlate the timestamp — narrowing down when a subscription occurred.
Amount Inference
If total_revenue jumps by exactly 5x the base price, an observer may infer a VIP subscription. Mitigated by overlapping transactions adding noise.
Network Metadata
Aleo gossip does not provide IP anonymity. Users should use VPN/Tor for network-level privacy. This applies to all blockchains.
What an Adversary Cannot Learn
Subscriber Identity
Wallet addresses never enter finalize scope. The Leo compiler enforces this — there is no code path to leak identity.
Subscription Relationships
There is no on-chain mapping from subscriber → creator. Even with full chain access, relationships are unknowable.
Individual Payment Amounts
All payments use credits.aleo/transfer_private. Per-subscriber amounts are hidden in the ZK proof.
What We Mitigate
API Proxy
All mapping reads go through Next.js rewrites, preventing browser→Provable IP correlation.
No Subscriber Data in Finalize
Finalize only receives creator address, amount, and tier. Subscriber identity has no pathway to public state.
Finalize Parameter Tradeoff
Tier and amount are public in finalize — this is required for on-chain payment validation (validators must enforce correct pricing). The subscriber ADDRESS is the privacy-critical value and it never touches finalize. Skipping validation would allow paying base price for VIP access.
Zero-Footprint Access Verification
verify_access has NO finalize block. When proving access, zero public state changes occur — no mapping writes, no counters, no on-chain evidence. This prevents timing correlation attacks from tracking when access was verified.
Honest Limitations
Wallet Key Loss
AccessPasses are unrecoverable without your private key. This is the fundamental privacy/recoverability tradeoff in ZK systems.
No Subscription Expiry
AccessPasses are permanent. Time-based expiry would require adding finalize to verify_access, breaking its zero-public-footprint property.
Privacy in the Code
How each transition protects your identity.
subscribe()Finalize receives only creator address and amount — subscriber address is never passed to any public scope.
verify_access()Pure transition with no finalize — no public state change when proving access. Zero on-chain footprint.
tip()Finalize only updates aggregate total_revenue — tipper address stays completely private.
All paymentsUse credits.aleo/transfer_private — not public transfers. Amount and sender are hidden on-chain.
VeilSub vs. Traditional Platforms
| Feature | Patreon / Ko-fi | VeilSub |
|---|---|---|
| Subscriber identity | Public | Private (ZK) |
| Transaction history | Permanent & visible | Hidden on-chain |
| Creator sees who subscribes | Yes — full list | No — aggregate only |
| Payment privacy | Bank/card linked | Private credit transfer |
| Third-party data access | Platform sells data | No data to sell |
| Censorship resistance | Platform can ban | On-chain, unstoppable |