LatticA-payroll

LatticA is a privacy-preserving payroll and transaction system built on an auditable dark pool. It is designed for teams and organizations that want to move payroll and sensitive financial flows on-chain without exposing compensation data publicly, while still remaining capable of responding to audits and regulatory requests. The system is based on a fork of the Mezcal dark pool architecture and extends it with a cryptographic audit layer that preserves privacy by default and enables compliance only when explicitly authorized.

Traditional ZK-based dark pools rely on hash-based identities, typically using a hash of a secret key as the user identifier. While this approach is efficient, it makes identity proofing, encrypted communication, and structured audit responses effectively impossible. LatticA addresses this limitation by introducing a dual-structure proof system that supports both privacy and accountability. Instead of simple hash-based addresses, we use elliptic curve public keys derived from secret keys, enabling public-key encryption and verifiable identity linkage without revealing information on-chain.

At the core of the audit system is an RLWE-based encryption module. Every shielded transaction generates an encrypted audit witness that is cryptographically bound to the zero-knowledge proof used for the transaction itself. These audit records are unreadable by default and cannot be accessed by a single party. Decryption requires threshold cooperation, meaning that at least two authorized auditors must jointly reconstruct decryption capability. This ensures that no single operator, admin, or infrastructure provider can unilaterally deanonymize users or inspect payroll data.

The RLWE audit layer is parameterized to balance security and performance. We use a polynomial degree of 1024 and a large prime modulus to ensure post-quantum security properties, with controlled noise bounds and multiple message slots to encode structured audit data efficiently. Each audit ciphertext is stored in a fixed, predictable format that can be verified inside zero-knowledge circuits, ensuring that audit data is complete, well-formed, and tied to a valid transaction.

Because RLWE encryption is computationally heavy, a major focus during the hackathon was optimization. We restructured the encryption process as a matrix–vector multiplication and embedded the RLWE public key as a constant inside the Noir circuits. By relying on linear combinations rather than naive polynomial operations, we significantly reduced both gas costs and proof generation time, making RLWE-based audits practical in a ZK payroll context.

We benchmarked the full proof pipeline to validate feasibility. Circuit loading and initialization complete in under a second, witness generation completes in under two seconds, and proof generation completes in just over ten seconds on a standard development machine. While memory usage is non-trivial, these results demonstrate that auditable, privacy-preserving payroll is viable with current ZK tooling and can be further optimized post-hackathon.

During the hackathon, we also built and tested a full end-to-end flow. An enterprise deposits funds into the shielded pool, employees or contractors withdraw privately, encrypted audit witnesses are generated automatically, and an authorized audit query can later produce a minimal compliance report without revealing unrelated transactions. This flow was validated both via command-line demos and through a web-based frontend.

The frontend demo allows users to walk through the full lifecycle of shielding funds, transferring privately, unshielding, and issuing an audit query. A local development network is used for testing, with contracts deployed locally and a browser-based interface connected via a standard wallet setup. This demonstrates that the system is not just cryptographic infrastructure, but something that can be integrated into real payroll tooling.

Key management is a critical part of the design. Audit keys are generated deterministically when needed and can be split into multiple secret shares for authorized auditors. Public keys are compiled directly into the ZK circuits, while secret keys remain offline. This separation ensures that audit capability exists without introducing a centralized point of failure or trust.

The Noir circuit suite includes a core RLWE encryption library, an audit circuit that proves identities are correctly encrypted, a fraud-proof circuit that can detect inconsistencies in audit entries, and a rollup circuit for batching shielded transactions. Together, these components form the cryptographic backbone of the system.

The project is built using a modern Web3 stack, including Noir for zero-knowledge circuits, Solidity and Hardhat for smart contracts, and a SvelteKit-based frontend. It integrates established cryptographic primitives such as Poseidon hashing, Baby JubJub and Grumpkin curves, and Barretenberg proving infrastructure. Testing and benchmarking were conducted throughout the hackathon to ensure correctness and performance.

Overall, the work completed during the hackathon demonstrates that LatticA is not just a conceptual proposal, but a functioning prototype of auditable, privacy-first on-chain payroll. It shows that dark pools can be extended with compliance-compatible audit layers without collapsing into full transparency, laying the groundwork for real-world adoption by DAOs, Web3 companies, and institutions.