$CLAWD
zk-router
v0.1.0
SOL0.00%·$CLAWD0.00%·Routeroffline·Requests·Saved·ZK stamps·Models0·TEE

ZK Primitives

clawd-zk · Solana · Light Protocol

A zero-knowledge primitive layer for Solana-native AI models. The on-chain program and TypeScript SDK that give every model in the Clawd fleet a verifiable, tamper-proof, rent-free on-chain identity.

Source Light Protocol Helius Photon

Three ZK Primitives

Nullifier Registry

A 32-byte deterministic per-action hash that proves an action was taken exactly once. Stored as a compressed PDA — 15,000 lamports vs. 890,880 for a regular PDA (~60× cheaper).

  • Anti-double-publish for model attestations
  • Anti-double-claim for inference rewards
  • Anti-double-issuance of agent tokens
Groth16 Proof Verification

On-chain bn128 / alt-bn128 zk-SNARK verifier (~200k CU). Lets agents prove off-chain computation — inference correctness, encrypted-state commitment, license-bound action auth — without re-executing on-chain.

  • Model inference correctness proofs
  • Encrypted-state commitment
  • License-bound action authorization
  • ZK identity attestations
Compressed State (Light Protocol)

Model metadata, attestation records, and encrypted parameters live in rent-free compressed accounts in 26-deep (V1) or 32-deep (V2) state trees. Reads via Helius Photon; writes via CPI to the Light System Program.

  • 67M leaves per state tree (V2: 4B)
  • 128-byte validity proofs for Merkle inclusion
  • Photon indexer for compressed-state reads
  • ~5,000 lamports per state tree touched

System Architecture

Clawd Agent (off-chain) ├── Nullifier computation (Poseidon hash) ├── Groth16 prover (snarkjs / gnark / etc.) └── Photon RPC client (validity proofs, compressed reads) │ │ (1) signed transaction ▼ Solana (on-chain) ├── clawd-zk program │ ├── ① verify Groth16 (~200k CU) │ ├── ② create nullifier compressed PDA │ └── ③ write attestation / encrypted state ├── Light System Program (CPI: proof verify + state tree append) └── State Trees (67M leaves V1 · 4B leaves V2) │ │ (2) state roots ▼ Photon Indexer (Helius / Triton) └── getCompressedAccount · getValidityProof

The Three Instructions

publish_attestation

Creates a nullifier compressed PDA and writes an attestation record. Groth16 proof gates the write.

attester (32 bytes)model_hash (32 bytes)payload_commitment (32 bytes)nullifier[0..N]
~618k CU
~25,000 lamports
consume_attestation

Reads an existing attestation via validity proof, transitions status 0→1 (active→consumed).

consumer (32 bytes)attestation_address (32 bytes)consume_nonce (32 bytes)
~310k CU
~5,000 lamports
commit_encrypted_state

Writes an encrypted state commitment. Plaintext stays off-chain; the on-chain record is the ciphertext hash.

committer (32 bytes)model_hash (32 bytes)ciphertext_commitment (32 bytes)version (u64)
~410k CU
~5,300 lamports

Cost Economics

ActionCostvs. StandardSavings
New compressed nullifier15,000 lamports890,880 (regular PDA)~60×
State tree touch5,000 lamportsN/A (no equivalent)
New state leaf~300 lamportsvariessubstantial
Validity proof verify~100k CU~50k CU (CPI)added security

Repo Layout

zk-primitives/ ├── programs/clawd-zk/ ← Anchor program (<400 lines Rust) │ ├── src/lib.rs ← entry point, instruction dispatch │ ├── src/nullifier.rs ← compressed-PDA nullifier logic │ ├── src/proof.rs ← Groth16 verifier wrapper │ └── src/state.rs ← compressed state writes/reads ├── client/ ← TypeScript SDK (@clawd/zk-client) │ ├── src/nullifier.ts ← nullifier computation (Poseidon) │ ├── src/proof.ts ← public-input packing + serialization │ ├── src/state.ts ← Light Protocol helpers │ └── src/client.ts ← ClawdZkClient (high-level) ├── tests/ │ ├── nullifier.test.ts ← vitest, off-chain │ └── nullifier.rs ← cargo test-sbf, on-chain └── configs/ └── light-trees.yaml ← canonical V2 tree pubkeys

SDK Quick Start

import { ClawdZkClient, computeNullifier } from "@clawd/zk-client"; import { createSolanaRpc, createKeyPairSignerFromBytes } from "@solana/kit"; const rpc = createSolanaRpc("https://mainnet.helius-rpc.com?api-key=..."); const signer = await createKeyPairSignerFromBytes(secretKey); const client = new ClawdZkClient({ rpc, programId: PROGRAM_ID }); // 1. Compute the nullifier (Poseidon hash, off-chain) const nullifier = await computeNullifier({ secret: signer.secretKey, context: "model-attestation:abc123", }); // 2. Build the publish-attestation instruction const ix = await client.publishAttestation({ signer: signer.address, modelHash: hexToBytes("ab12..."), payloadCommitment: hexToBytes("cd34..."), nullifier, proof: { a: proofA, b: proofB, c: proofC, verifyingKey }, }); // 3. Send — 618k CU, ~25k lamports const sig = await sendAndConfirm([ix], signer); console.log("attestation:", sig);

Why this matters for the Clawd stack

Provenance

Every inference or attestation gets a nullifier — the same model can't claim the same reward twice.

Confidentiality

Weights and training data can be committed in encrypted form, with ZK proof of the committer's authority.

Portability

Any Clawd agent on any device can read a model's attestation via a single Helius Photon getCompressedAccount call.

This is the missing layer between "we trained a model" and "we have provable, on-chain, sovereign identity for that model."

Status

Anchor program compiles
Off-chain SDK types + tests written
Light Protocol CPI wired
Generate LIGHT_CPI_SIGNER via anchor idl build
Per-circuit Powers-of-Tau ceremony for Groth16 VK
light test-validator + cargo test-sbf on devnet tree
Borsh encoding (replace JSON shim)