Privacy Model: Private vs Public State
Veil’s architecture cleanly separates what is private from what is verifiable on-chain:
Private state
Completely off-ledger, witness-managed — never disclosed on-chain.
| Field | Description |
|---|---|
creditScores[veilId] | Full credit score struct per user |
scoreAccumulations[veilId] | Score accumulators (repayment counts, liquidation points, etc.) per user |
secretKey | User’s secret key used to derive their Veil ID |
ownershipSecret | Secondary secret used to prove NFT ownership during verification |
Public state
On-chain — verifiable by anyone, but only updated by Veil’s smart contracts.
| Field | Description |
|---|---|
creditScoreCommitments | Historic Merkle tree of credit score commitments |
scoreAccumulatorCommitments | Historic Merkle tree of score accumulator commitments |
nftRegistry | Map of Veil ID → PoT NFT metadata |
issuers | Map of issuer public key → issuer metadata |
admins | Set of admin public keys |
superAdmin | Super admin public key |
protocolConfig | Tier thresholds and NFT validity settings |
scoreConfig | Score formula weights and bounds |
processedScoreEvents | Replay-protection set for scoring events |
usedVerificationChallenges | Replay-protection set for NFT verification challenges |
issuerTrustWeights | Configurable per-issuer penalty multipliers |
elapsedEpoch | Counter of protocol epochs elapsed since deployment |
tokenIssueCounter | Monotonic NFT token ID counter |
This split enables a critical guarantee: anyone can verify that a PoT NFT is backed by a valid on-chain commitment without ever seeing the underlying score data.
This is the core of Veil’s privacy model, ensuring users can prove their creditworthiness without revealing sensitive information on-chain.
Last updated on