For Investors

The Problem: Financial Privacy Is Broken On-Chain

Public blockchains expose everything. Every balance, every transaction, every counterparty relationship is permanently visible to anyone with an internet connection.

This creates real consequences:

Physical security: The "$5 wrench attack" — criminals scan blockchains for wealthy wallets, then show up at your door. This isn't hypothetical. It happens.
Competitive intelligence: When Company A pays Company B, competitors can see the transaction amount, identify both parties, and track the relationship over time. For confidential contracts, this is a dealbreaker.
Personal exposure: Salary payments, medical expenses, donations — all permanently visible. Your bank doesn't broadcast your transactions. Why should crypto?

Traditional finance solved this centuries ago. Your bank processes payments confidentially but complies with legal requests. Crypto created transparency that traditional finance never had — and never wanted.

The Market Opportunity

Scale of the Problem

$200B+ in DeFi TVL locked in fully transparent protocols — every holder is a potential target
Every ERC-20 token is a potential UPP user — protocol-agnostic, not tied to a specific chain or native token
Institutional adoption blocked: TradFi institutions consistently cite lack of transaction confidentiality as a primary barrier to on-chain operations

Why Now

Three trends are converging:

Regulatory clarity: MiCA (EU) and Travel Rule implementations create a legal framework where compliant privacy is explicitly viable. The regulatory barrier has been removed.
Institutional demand: Banks, funds, and corporates need on-chain confidentiality for treasury operations, payroll, and B2B payments. Demand is accelerating.
Technical maturity: Zero-knowledge proof systems have reached the performance threshold for practical, user-facing applications. The technology is ready.

The Solution: Universal Private Pool

UPP brings bank-like privacy to any ERC-20 token on Ethereum.

Public Tokens → Shield → Private Pool → Transfer/Merge → Unshield → Public Tokens

Inside the pool, balances are hidden, amounts are encrypted, and recipients are unlinkable. When needed, users can selectively disclose transaction details through viewing keys.

Compliant by Design

UPP is not a mixer. It is a compliant privacy protocol with a built-in regulatory layer:

Association Set Providers (ASPs): Independent compliance entities that maintain allowlists of verified addresses. Every withdrawal proves that the note's origin address is on an ASP's allowlist — without revealing which address.
Viewing Keys: Users can export cryptographic proofs of specific transactions for auditors, tax authorities, or counterparties. Privacy is selective, not absolute.
Ragequit Guarantee: Original depositors can always withdraw their own funds, regardless of ASP status. User funds are never trapped by compliance requirements.

This is how banking has always worked: your bank doesn't publish your transactions, but it can comply with legal requests. UPP achieves this on-chain, without a centralized intermediary.

The Quantum Threat

This Is Not a Future Problem

Every privacy protocol deployed on Ethereum today — Tornado Cash, RAILGUN, Aztec, Privacy Pools — relies on elliptic curve cryptography (BN254) that quantum computers will break. Every proof and encrypted key published on-chain is a permanent record waiting to be decrypted.

Timeline Compression

The JVG algorithm (Jesse-Victor-Gharabaghi, published March 2026 by AQTI) demonstrated that RSA-2048 can be factored with approximately 8,200 qubits in about 11 hours. Current quantum hardware sits at roughly 1,000 qubits. The timeline for practical attacks on elliptic curves has compressed from decades to years.

"Harvest Now, Decrypt Later"

State-level adversaries are already storing on-chain data for future decryption. Every BabyJubJub public key published with a SNARK transaction today is a permanent vulnerability. When quantum computers reach sufficient scale, years of historical privacy transactions become retrospectively deanonymizable.

NIST has already mandated post-quantum migration for US federal systems. The crypto industry has not yet responded.

Our Technical Moat

First Native Circle STARK Verifier on Ethereum L1

We built the first complete Circle STARK verifier in native Solidity — no wrappers, no L2 dependency, no trusted setup.

Property	SNARK (Current)	STARK (UPP)
Post-quantum secure	No	Yes
Trusted setup	Required	Not required
Security basis	Elliptic curve DLP	Hash functions (Keccak-256)
Verification gas	~230K	~20M
Proof size	~200 bytes	~5 KB

The gas premium (~20M vs ~230K) is the cost of quantum resistance. As EVM precompiles evolve (EIP-4844 blob data, STARK-friendly opcodes), this gap will narrow to approximately 5M gas or less.

Why This Is Hard to Replicate

Building a native Circle STARK verifier requires:

Implementing a complete M31 → CM31 → QM31 field tower in EVM arithmetic
Porting the Circle FRI protocol (non-standard twin-coset folding, circle-to-line projection)
Precisely reproducing Stwo's Fiat-Shamir transcript in Solidity
Solving multiple non-obvious mathematical challenges unique to circle-group STARKs

This is approximately 1,900 lines of Solidity across 7 libraries, validated by 72 tests including end-to-end proof verification. The implementation represents deep cryptographic engineering that creates a meaningful barrier to entry.

Parameterized Architecture

The verifier is parameterized via constructor immutables — the same contract code supports multiple circuit types with zero additional gas overhead. Currently deployed for:

Withdraw circuit: 46 columns, 5 constraints — spend a note, withdraw to a public address
Transfer circuit: 57 columns, 6 constraints — spend a note, create two new private output notes

Future circuits (merge, joinsplit, multi-party transfers) deploy as new instances of the same verified contract.

Competitive Landscape

Project	Privacy	Compliance	Post-Quantum	L1 Verification	Status
UPP	Yes	ASP layer	STARK	Native Solidity	Demo (Sepolia)
Tornado Cash	Yes	None	No (SNARK)	L1	Sanctioned (OFAC)
RAILGUN	Yes	PPOI (limited)	No (SNARK)	L1	Production
Aztec	Yes	Configurable	No (SNARK)	L2 only	Testnet
Privacy Pools	Yes	ASP (similar)	No (SNARK)	L1	Research

UPP is the only project combining all three: regulatory compliance (ASP layer), post-quantum security (Circle STARK), and Ethereum L1 native verification.

Roadmap

Phase	Status	Description
1. SNARK Privacy	Complete	Groth16-based shield, transfer, withdraw, merge — functional demo on Sepolia
2. STARK Verifier	Complete	Native Circle STARK verifier for withdraw + transfer — post-quantum proving operational
3. Full STARK Integration	Next	Replace all remaining SNARK circuits, production deployment
4. PQ Key Management	Future	Post-quantum stealth addresses (ML-KEM or hash-based), updated viewing keys
5. Gas Optimization	Future	EVM precompile support, assembly-optimized field arithmetic — target ~5M gas

Why Invest Now

First-mover advantage: Building a native Circle STARK verifier requires deep cryptographic expertise. This is a defensible technical moat, not a feature that can be trivially replicated.
Quantum timeline is compressing: NIST mandates are pushing post-quantum migration across federal systems. Financial infrastructure will follow. The organizations that build PQ-secure systems now will be the infrastructure providers, not the ones scrambling to migrate later.
Regulatory tailwinds: For the first time, regulatory frameworks (MiCA, Travel Rule) explicitly enable compliant privacy. The legal barrier that blocked privacy protocols for years has been removed. The market is opening.
Protocol-agnostic: UPP works with any ERC-20 token. Every token on Ethereum is a potential user. The total addressable market grows with the ecosystem, not against it.
Institutional catalyst: Traditional finance institutions need on-chain confidentiality to operate. Privacy infrastructure is the unlock for the next wave of institutional adoption — and that wave is arriving now.

For Investors

On this page