Where NFTs meet privacy: Building private NFTs with Leo

Just as art collectors don't broadcast their home gallery's contents, NFT collectors shouldn’t have to publicly share their digital holdings. But when every transaction and wallet address is publicly visible, collectors' entire portfolios are fully exposed, potentially making them targets for scams or theft. Without privacy, the NFT space can't fully mature into meaningful digital ownership that serves real-world needs.

The team at Arcane Finance sought to change that with the first NFT collection launched on Aleo Mainnet, Cyber Wizards. This collection of 10,000 unique NFTs combines the cutting-edge privacy and security technologies offered by Aleo with innovative smart contract design using the Leo programming language and the DokoJS framework. 

“At Arcane Finance, privacy isn’t just a feature—it’s a fundamental right that I deeply believe in,” said Max Sultakov, co-founder at Arcane Finance. “With Cyber Wizards, we’re bringing privacy to digital ownership in a way that feels natural and empowering. It’s incredibly exciting to see how Aleo’s groundbreaking technology enables us to build something that gives people real control over their assets." 

In this article, we delve into the technical aspects of creating the collection, the tools chosen, the contract architecture, and the privacy mechanisms implemented.

From ID generation to storage: How to mint a private NFT

During each mint, the client generates a random sequence of 32 ASCII characters, used as the token ID. The client receives signed pricing data for minting via a REST API and passes this along with the token ID to the contract. A random number generator is invoked on the blockchain to ensure fair and random distribution of NFTs.

Data about the token ID and the random number are stored in the contract’s mint_history mapping. Minting information is openly stored in this mapping. A separate backend indexer monitors the state of mint_history and, based on this data, associates the token ID with the corresponding metadata in the S3 storage.

Arcane based their work on ArtFactory by DemoxLabs, which is a fully modular starter kit designed for building NFT projects on the Aleo blockchain. Its robust architecture and commitment to decentralized principles provided the technical inspiration and foundation for the project. This system exemplifies a trustless and permissionless architecture, with all on-chain operations enforced through Aleo programs to ensure cryptographic integrity.

Aleo enables private ownership by default

On Aleo, developers can choose what information is public and what is private. Public states are stored using the account model as done in Ethereum, and private states are stored via the record model. 

With Cyber Wizards, ownership of NFTs is confirmed through NFT records, allowing for confidential storage and transfer of assets. Users have the flexibility to convert their NFTs between private and public modes at their discretion, giving them control over their level of privacy.

Secure private ownership is ensured through holding the NFT record on the Aleo blockchain. If needed, an NFT can be converted to public mode, and ownership is then recorded in the nft_owners mapping, available for public verification. This approach provides transparency and the ability to confirm ownership in public mode without compromising privacy in private mode.

Optimized for efficiency and user experience

Cyber Wizards was designed to provide a seamless, efficient, and user-friendly experience while prioritizing privacy. By reducing transaction complexity, optimizing gas costs, and ensuring flexibility in NFT management, Arcane created a platform that protects user data without compromising usability. 

Optimizing transaction count for improved user experience

The initial reference implementation required three transactions to obtain an NFT: addition, minting, and claiming. This could negatively impact the user experience due to high transaction costs and process complexity. The team optimized the contract to reduce the number of required transactions, simplifying user interaction with the platform and lowering gas fees.

Managing rarity and traits off-chain for efficiency

To reduce gas costs and lighten the contract’s load, rarity and traits are not stored within the contract. This decision allows the team to manage the uniqueness and characteristics of each Cyber Wizard off-chain, optimizing network performance and making the minting process more efficient.

Storing metadata in Amazon S3 with flexible management

All traits and metadata are stored externally in Amazon S3 storage. The base URL for accessing metadata is stored in the contract and can be changed by the administrator if necessary. This method provides flexibility in managing NFT data and allows for quick updates or changes to metadata without modifying the smart contract. 

Planned multi-mint via external helper contract

To further enhance the user experience, Arcane plans to implement a multi-mint feature through a separate helper contract. This will allow users to mint multiple NFTs in a single transaction, reducing network load and gas fees. This functionality is currently under development and will be introduced in upcoming updates.

Conclusion

Privacy in NFTs addresses a critical, but often overlooked challenge in digital ownership while enabling new use cases that mirror how we handle valuable assets in the physical world. 

As the first NFT collection on the Aleo Mainnet, Cyber Wizards opens new possibilities for private and secure digital collectibles. Utilizing the Leo language and DokoJS framework enabled Arcane to create efficient and reliable smart contracts, while the emphasis on privacy and flexible management gives users control over their NFTs.

Arcane Finance continues to work on enhancing functionality and plans to introduce new features, such as multi-minting, to further develop the Aleo ecosystem and drive innovation in the NFT space. Follow their progress on X or by joining their Discord.