Provably Private and Performant Payment Paradigms; Response to DARPA Request for Information (SN-26-23)
Zero-Knowledge Proofs for Provably Private Payments: The Aleo Approach
Submitting Organization: Aleo Network Foundation Date: February 13, 2026
The Aleo Network Foundation (the “Foundation”) appreciates the opportunity to submit comments in response to DARPA’s Request for Information (RFI) on Provably Private and Performant Payment Paradigms (P5). The Foundation's leadership team includes former personnel who have served in U.S. Military Special Operations Forces, the U.S. intelligence community, financial regulators, and large technology and payments firms.
The Aleo Network (“Aleo”) is the first ever Layer-1 blockchain with programmable privacy built into its infrastructure. The Foundation is a 501(c)(4) corporation that provides grants and other ancillary support to builders and developers on Aleo and the broader ecosystem, specifically focused on the potential of applied cryptography and zero-knowledge proofs in the context of decentralized technologies like the internet.
At its core, Aleo is powered by zero-knowledge cryptography, combining privacy preserving features with smart contract programmability. By embedding privacy features into Aleo’s infrastructure from the outset, Aleo supports decentralized, privacy-preserving computing that advances financial transactions over the internet by protecting user data and enabling a secure experience online with broad applicability to the emerging stablecoin ecosystem.
Born from the pages of a 2018 zero-knowledge smart contract project, Zexe (co-authored by Howard Wu, Aleo’s co-founder), Aleo’s genesis block was released in 2024, enabling private-by-default functionality and applications combined with secure and confidential user experiences that bridge programmability, risk management, and privacy. Since then, the Foundation has established partnerships with several industry leaders and consortiums including Circle, Paxos, Request Finance, the Global Dollar Network, and Google Cloud.
Introduction
International payment infrastructure faces an emerging strategic challenge. As SWIFT’s effectiveness as a U.S. policy tool creates incentives for adversaries to develop alternative cross-border financial infrastructure, global technical innovation is increasing in the payments space. The question is not whether alternative payment systems will emerge, but whether they will be built on open, auditable cryptography with democratic governance and privacy preservation or on closed systems with opaque (and potentially adversarial) state control.
Zero-knowledge cryptography has proven that cryptographic privacy works—systems like Zcash have demonstrated that transactions can be hidden while remaining verifiable. The RFI cites Zcash deanonymization research; it’s important to clarify that such research applies to unshielded (transparent) transactions. The zero knowledge cryptography itself—the shielded transactions—remains cryptographically sound with no known public breaks. However, privacy coins like Zcash lack the programmability required for enterprise-scale payment infrastructure. Without the ability to encode differential authorization based on transaction size or implement onchain access controls, these systems have achieved a very small level of adoption even within the cryptocurrency ecosystem. When privacy is optional and static, it goes unused.
Aleo brings this proven zero-knowledge cryptographic foundation to payment infrastructure scale through programmability. Using predicates (programmable compliance1 rules) and the Leo programming language, Aleo enables cryptographic controls without requiring centralized know-your-customer (KYC) databases. The system has operated as a production mainnet since September 2024, demonstrating technical readiness beyond academic research.
This RFI response demonstrates three key points: First, cryptographic privacy and performance are compatible at institutional scale when proper architecture is employed. Second, the technology exists and is production-ready today. Third, the U.S., through DARPA’s further validation of the technology, is positioned to lead both the technology and policy standards for global payments before adversarial alternatives become entrenched.
The Problem: Current Systems Force Unacceptable Choices
Today’s payment infrastructure presents three broken models, each forcing stakeholders into untenable positions.
Trust-Based Confidentiality
Traditional banking and SWIFT operate on operational confidentiality: banks and intermediaries see all transaction details but promise not to misuse this access. A typical international wire transfer exposes details to your bank, the recipient’s bank, three to five correspondent banks, the SWIFT organization itself, and anyone who successfully compromises these parties. Privacy depends entirely on the operational security and legal restraint of every party in this chain.
This trust-based model fails in multiple ways. The 2016 SWIFT messaging system compromise enabled the Bangladesh Bank heist, resulting in $81 million stolen (Kabir, 2023). More fundamentally, these systems create centralized KYC databases that become honeypots for hackers. When payment infrastructure links personally identifiable information to financial activity in centralized databases, it creates targeting opportunities for adversaries. Database breaches of this magnitude create severe compromises of operational security and result in irrevocable exposure of sensitive information.
The structural problem is clear: privacy in traditional finance is operational, not mathematical. Regardless of security investments, insiders with legitimate access can see everything. And SWIFT, despite its acronym, is not quick. Settlement can take up to five days and cost up to $25-50 per transaction.
Transparent Blockchains
Public blockchains like Bitcoin and Ethereum operate on full transparency with pseudonymous addresses. The assumption is that addresses cannot be linked to real identities. This assumption fails systematically: graph analysis can identify users behind many transactions, as the RFI correctly notes. Blockchain analysis firms have built massive businesses selling deanonymization services. KYC requirements at exchanges link addresses to identities, and temporal correlation reveals patterns. These systems actually provide worse privacy than traditional banking because every transaction is public by design. Performance is equally problematic: no more than a few dozen transactions per second, 10+ minute confirmation times, and $1-50 transaction costs.
Privacy Without Programmability
Privacy coins like Zcash successfully proved that zero-knowledge cryptography could shield transaction details, and their shielded pools remain cryptographically sound. However, they failed to disrupt global payment infrastructure because they lack a critical component: programmability.
Programmability is the foundation for creating sophisticated financial services, enabling interlocking systems where protocols can be combined to build applications like decentralized exchanges or automated lending. Without it, first-generation privacy coins cannot support the features required for serious financial infrastructure. They lack the ability to encode configurable rules, implement differential logic for transactions of different sizes, or enforce onchain access controls. Essential enterprise features like multi-signature wallets, time-locks, and conditional payments remain largely out of reach.
The result is a failure to capture meaningful market share, with less than minimal adoption even among cryptocurrency users predisposed toward privacy. When built for individual transactions rather than as financial infrastructure, these systems served as a technical proof-of-concept but failed to achieve strategic impact. Furthermore, their performance mirrors that of Bitcoin: a ceiling of approximately 7 transactions per second, with shielded transactions costing nearly ten times more than transparent ones.
The Forced Choice
The current paradigm forces an unacceptable choice: trust operators and accept database breach risks, sacrifice privacy entirely for transparency, or implement privacy without programmability. None of these options are viable for high-value international payments where billions are at risk from compromised databases, for national security operations where personnel cannot be linked to financial activity via KYC breaches, for democratic societies where mass surveillance conflicts with civil liberties, or for U.S. strategic interests as adversaries build surveillance-by design alternatives like China’s CBDC. (Fanusie & Jin, 2025)
The real problem is not how to make a better privacy coin. Rather, the challenge is: How can we bring cryptographic privacy to payment infrastructure scale while addressing a wide range of needs that DARPA might seek from private payments?
The Solution: Programmable Privacy for Payment Infrastructure
Technical Architecture
Aleo’s architecture builds on proven zero-knowledge cryptographic foundations, validated in academic research (Bowe et al., 2018) and deployed systems, now engineered for payment infrastructure scale with programmability.
Records: Encrypted Value Units
Similar to Bitcoin’s UTXO model but fully encrypted, records serve as the fundamental value units. Onchain, only a cryptographic commitment is visible: an opaque hash that reveals nothing about the transaction. Validators processing transactions see a sequence of meaningless commitments: cm1, cm2, cm3. Offchain, only the record owner can decrypt the contents using their address secret key, seeing “I have 100 tokens in record cm2” while observers see only the commitment. This enables institutional-scale transactions to be processed with the same privacy guarantees as small ones.
Predicates: Programmable Transactions
Each record has a birth predicate (creation rules) and death predicate (spending conditions). This is the key architectural difference from privacy coins: the ability to encode payment infrastructure requirements directly into the transaction rules.
This capability enables customizable rules for different transaction types, amounts, and participants—all enforced onchain without a central authority seeing transaction details. Rules can now be enforced cryptographically rather than through institutional monitoring.
Zero-Knowledge Proofs
Under the hood, users generate a zero-knowledge proof stating “I satisfied all predicates.” The proof reveals nothing about amounts, addresses, which specific predicates were triggered, or why the transaction occurred. Validators verify the proof in milliseconds—regardless of transaction complexity (Bowe et al., 2018). Validators perform the following checks: Is the proof mathematically valid? Have the serial numbers been used before? Are commitments properly formatted? If all checks pass, the transaction is accepted and appended to the blockchain. This architectural choice—provers generating proofs offchain while validators verify in constant time onchain—is what makes throughput independent of transaction complexity.
Key DARPA Questions
What is an appropriate definition of privacy for a payment system?
A payment system is private if the sender, receiver, amount, time of a transaction remain hidden from observers. These properties support operational security needs involving digital transactions:
Unlinkability: Multiple transactions by the same party cannot be correlated.
Forward Secrecy: Past transactions remain private even if future cryptographic keys are compromised.
This fundamentally differs from other privacy models. SWIFT provides “confidential” privacy through operational trust in intermediaries. Bitcoin provides “pseudonymous” privacy that is linkable via graph analysis. Privacy coins like Zcash and Monero provide cryptographic privacy but lack programmability to set rules and manage risks. Aleo provides cryptographic privacy combined with programmability.
Important limitations exist: A payment system cannot hide real-world outcomes like purchasing a yacht. What can be hidden is the transaction graph: who paid whom, when, and how much. This represents maximum achievable privacy within physical reality constraints. In the payment infrastructure context, privacy protects financial flows and prevents personnel from being linked to financial activity, but cannot prevent observation of downstream behavior.
Are there fundamental tradeoffs between privacy, performance, and security?
Yes—but architectural choices make the trade off better than zero-sum
As with most engineering challenges there are tradeoffs made in the design of payment systems. The more private and disintermediated a system is, the more difficult it is to audit it and provide security assurances. The more secure and private a system, the more difficult it becomes to operate at high throughputs as the complexity comes at a cost. However, the extremes of these tradeoffs are primarily architectural in nature.
Compare SWIFT to blockchains like Bitcoin: SWIFT provides a much higher transactions per second (TPS) rate, but Bitcoin's architectural innovation brought finality on the order of minutes instead of days all while being fully trust-less. This approach improved security of funds: everyone in the world could verify the Bitcoin accounting model. The cost was privacy; instead of only a few banks being involved in your transaction, the entire world bore witness to it.
Zcash was a major breakthrough in payment privacy architecture: parties could now transact privately on a public ledger with similar finality and TPS as Bitcoin. This demonstrated that the tradeoffs in play are not zero-sum. Aleo's innovation lies in realizing that ZK proofs could be moved off chain to provers working in parallel. Now validator work remains the same regardless of transaction complexity. The result is throughput and finality times that are independent of privacy overhead.
Performance data:
System | Finality | Throughput | Cost | Privacy | Compliance |
|---|---|---|---|---|---|
SWIFT | 1-5 days | ~500 TPS | $25-50 | Trust-based | Central databases |
Zcash | ~25 min | ~7 TPS | 10x shielded | Cryptographic | Cannot encode |
Aleo | ~3 sec (est.) | 1,000+ TPS (theor.) | <$0.01 (est.) | Cryptographic | Programmable |
The real engineering challenge—not a fundamental tradeoff—is proof generation latency. Aleo’s network already can achieve sub-10 second proofs for most commonly used transaction types using GPUs. The infrastructure roadmap includes trusted execution environment (TEE) enclave-based delegation proving to provide server grade hardware performance to low-power mobile users by the first half of 2026 and cryptographic delegated proving by 2027, which will eliminate the required trust model of the TEE entirely.
While privacy can make areas of security like auditability more difficult, it's possible to build controls directly into the privacy layer to reduce risks. Zero knowledge access controls can provide similar capabilities to traditional PKI controls. Unlinkable ZK commitments enable both private ownership and a secure anti-double-spend primitive. One does not have to choose between the extremes of a CBDC state full-surveillance model or a fully private model that forsakes auditability and risk controls.
What is an appropriate threat model?
Onchain Threats:
The infrastructure built by Aleo defends against multiple adversary types. Passive network observers see only encrypted commitments such that graph analysis reveals nothing. Malicious validators see only encrypted records and proofs; they cannot decrypt without a key. Even if a majority of validators were to collude and censor transactions, they could not break privacy (information-theoretic security) or forge proofs. Malicious nation-state offensive cyber capabilities face end-to-end encryption and unlinkable onchain commitments. System operators have no privileged access—the code is open-source and auditable, with no special decryption keys built in. Future quantum computers pose a threat to discrete logarithm assumptions, but post-quantum migration paths exist (zk-STARKs), and the protocol includes cryptographic agility for algorithm upgrades.
Offchain Threats:
Collections of identity data are under constant target by criminals and rogue nation states. Historical breaches demonstrate the vulnerability: OPM (21.5 million records), Equifax (147 million records), and the financial sector from 2024 to 2025 saw the most breaches compared to other industries (Pape, 2026).
Aleo’s architectural solution eliminates the central database. Compliance is verified via cryptographic attestations, with predicates checking validity and zero-knowledge proofs confirming requirements are satisfied. Validators confirm compliance but do not see who owns which accounts. View keys enable targeted investigations without creating a database to breach. The result: no honeypot for adversaries, operational security maintained.
Ecosystem Risk Monitoring:
While onchain privacy protects transaction details from validators, comprehensive security requires monitoring the broader ecosystem for threats. Aleo Network Foundation is partnering with specialized cyber ecosystem analysis vendors to provide the following capabilities:
Network Health Monitoring: Validator behavior analysis and anomaly detection
Threat Intelligence: Emerging attack patterns and vulnerability disclosures
Risk Scoring: Ecosystem-wide assessment without compromising privacy
Incident Response; Coordinated response capabilities for systemic threats
This layered approach combines cryptographic privacy at the transaction level with ecosystem visibility at the network level, ensuring security without sacrificing privacy guarantees. Partner selection and the integration framework will be determined during Phase 2 of the proposed pilot program discussed in the validation section below.
Acknowledged Limitations:
The system cannot protect against compromised endpoints. No payment system by itself can prevent a user’s device from being hacked and private keys getting stolen. Out-of-band correlation through physical surveillance or spending pattern analysis falls outside the payment protocol scope. This threat model is appropriate for payment infrastructure because it addresses realistic adversaries (nation-states, compromised databases, malicious insiders) and acknowledges physical reality (data security cannot mitigate all external, real-word behavior).
How do payment systems differ from general networking for security and privacy? Payment systems are hard due to the inherent risks present in financial transactions, especially with (near) instant settlement. A single intrusion or fault could lead to loss of funds and trust in the system. A general networking system may be tolerant to packet loss, corruption, or eventual consistency. However, a payment system with autonomous settlement must be always globally consistent, non-repudiable, and verifiable by all parties. Luckily, payment systems benefit from having structured data: sender, receiver, and amount fields are well-defined, unlike arbitrary data in general networking. Traditional cryptographic payment systems offer a limited set of operations such as send, receive, and verify balance. Aleo innovates on these systems to offer the full cryptographic security demanded of a payments network while still offering sufficient programmability to describe complex business logic.
Typically most general computing and networking systems offer confidentiality and integrity as their privacy layer. Transport Layer Security (TLS), for example, offers complete confidentiality of data transiting between the user and the service. However, this confidentiality is only one facet of privacy that might be relevant to users of a network. Privacy of association, for example, is not met with TLS. Any ISPs sitting between the user and the destination service can gather metadata: source/destination IPs, time of access, duration of access, estimated size of the communication, and more. Such metadata is hard to conceal and requires sophisticated privacy tooling to avoid in general computation.
Privacy for payments demands more than just transport layer confidentiality. Associations between parties ("Alice paid Bob") is valuable information as transaction graphs can be used to de-anonymize and potentially track otherwise encrypted transactions. Full privacy, in the context of payments, must minimize (not just obscure) metadata. Aleo's UXTO and record scanning model means that no network observer, even the validators, can observe the amounts, IPs, or wallet addresses of sender or recipient.
Validation: DARPA-Aleo Research Pilot
The Foundation proposes to help DARPA validate this P5 approach through a one-year pilot program. The pilot will consist of two phases, beginning with technical validation and followed by implementation design, with primary focus on adoption barriers (regulatory acceptance, institutional network effects).
Phase 1: Technical Validation (Months 1-6)
Prove infrastructure-scale capability through simulated international flows (multi-currency, multi-jurisdiction), adversarial red team testing, and SWIFT interoperability demonstrations. Success metrics: >=1,000 TPS sustained, 1 block finality, <$0.01 per transaction, Privacy: Transaction unlinkability maintained even when adversary controls majority of network infrastructure. Deliverable: Technical report validating performance without privacy compromise.
Phase 2: Implementation Design (Months 7-12)
Building on technical validation, Phase 2 identifies the institutional, regulatory, and interoperability requirements necessary for real-world deployment. This includes engaging financial institutions and relevant government stakeholders to assess adoption pathways, conducting risk assessments and ecosystem monitoring to address external threats. Phase 2 will also include the development of a cross-jurisdiction implementation framework and a deployment roadmap that addresses infrastructure integration with legacy payment systems. Deliverable: Implementation roadmap identifying deployment requirements, stakeholder engagement findings, and recommended next steps for full-scale adoption.
Conclusion: Strategic Imperative for U.S. Payment Infrastructure
Novel payment systems will emerge globally—the question is who leads with what values. The aim is for the U.S. to lead both technology and policy framework before adversarial alternatives entrench.
By launching a year-long pilot on Aleo, DARPA's P5 Program will enable the U.S. to demonstrate technical feasibility for privacy-preserving payment infrastructure, establish a policy roadmap, and position the United States to lead global competition for the future of finance. The technology exists. The implementation is achievable. It’s time to build.
1“Compliance” in this paper refers to complying with a set of externally-derived parameters and does not necessarily refer to a full or specific set of financial regulations. Financial regulatory compliance varies based on multiple factors, including type of activity, scope, and jurisdiction.
References
Academic and Technical Publications
Sean Bowe, Alessandro Chiesa, Matthew Green, Ian Miers, Pratyush Mishra, and Howard Wu, "Zexe: Enabling Decentralized Private Computation," Cryptology ePrint Archive, Report 2018/962 (2018), https://eprint.iacr.org/2018/962.pdf
Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., & Virza, M. (2014). Zerocash: Decentralized Anonymous Payments from Bitcoin. IEEE Symposium on Security and Privacy. https://ieeexplore.ieee.org/document/6956581
Technical Reports and Documentation
3. BlockyResearch. (2025, November). Aleo and the Architecture of Trustless Privacy: How Zero-Knowledge Proofs Power the First Private Smart-Contract Blockchain. https://blockyresearch.com/en/reports/aleo-and-the-architecture-of-trustless-privacy-how-zero-knowledge-proofs-power-the-first-private-smart-contract-blockchain
4. Aleo Network Foundation. "Aleo Announces Biggest Upgrade Since Mainnet." Aleo.org, July 23, 2025. https://aleo.org/post/announcing-snarkOS-v4.0.0/
5. Aleo Network Foundation. How Aleo Works. https://aleo.org/how-aleo-works
6. Aleo Network Foundation. How the View Key Solves the Privacy vs. Compliance Dilemma. https://aleo.org/post/aleo-view-key-compliance/
7. Aleo Developer Documentation. https://developer.aleo.org
Government and Policy Documents
8. Defense Advanced Research Projects Agency (DARPA). Request for Information: Provably Private and Performant Payment Paradigms (P5).
9. Aleo Network Foundation. (2025, October 17). Response to Treasury RFC on Digital Asset Illicit Finance Detection. https://aleo.org/treasury-RFC-response.pdf
Strategic Context and Market Analysis
10. Board of Governors of the Federal Reserve System. (2024, August 30). Internationalization of the Chinese Renminbi: Progress and Outlook. FEDS Notes. https://www.federalreserve.gov/econres/notes/feds-notes/internationalization-of-the-chinese-renminbi-progress-and-outlook-20240830.html
11. Aleo Network. (2025, August 28). Aleo Joins The Global Dollar Network to Advance Privacy-Preserving Stablecoin Infrastructure. https://aleo.org/post/aleo-joins-global-dollar-network-private-stablecoin/
12. Fanusie, Yaya J. and Emily Jin. "The Programmable State: The e-CNY and China's Quest for Smarter Surveillance." Lawfare, April 17, 2025. https://www.lawfaremedia.org/article/the-programmable-state--the-e-cny-and-china-s-quest-for-smarter-surveillance
Security Incidents Referenced
13. Kabir, Mohammad Sami A. "Lessons Learned From the Bangladesh Bank Heist." ISACA Journal, Volume 6, December 6, 2023. https://www.isaca.org/resources/isaca-journal/issues/2023/volume-6/lessons-learned-from-the-bangladesh-bank-heist
14. U.S. Office of Personnel Management Data Breach (2015). Exposure of 21.5 million personnel records including security clearance information. U.S. Government Accountability Office, GAO-17-614 (August 3, 2017). https://www.gao.gov/products/gao-17-614
15. Equifax Data Breach (2017). Compromise of 147 million consumer records including personal and financial information. Federal Trade Commission (July 22, 2019). https://www.ftc.gov/news-events/news/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related-2017-data-breach
16. Pape, Carter. "Banks Remain Most Breached Sector as Attacks Hit Record." American Banker, January 29, 2026. https://www.americanbanker.com/news/itrc-2025-data-breach-report
