VEIL v1.1 Technical Whitepaper

Abstract

VEIL is a privacy-first prediction-market protocol implemented as its own Avalanche L1 Subnet using a custom HyperSDK-based VM ("VEIL-VM"). Privacy is native to the chain: (i) an encrypted mempool using epochal threshold public-key encryption with on-chain decryption liveness and slashing, (ii) a commitment-based shielded ledger with ZK-SNARK proofs for membership, ownership, and value conservation, and (iii) stealth payouts and optional viewing keys.

Markets use a modular market-maker interface supporting LMSR (default for thin markets) and CPMM/CFMM variants (for deep binary markets). Trading executes via uniform batch auctions over fixed commit windows to remove path-dependence and neutralize order-flow MEV. Outcomes are resolved by a staked, rotating oracle committee (commit→reveal→threshold-sign) with explicit slashing and a bonded dispute/jury path. The $VEIL token secures the subnet (staking), pays gas, and governs emissions and market parameters via ve-locking.

1. Introduction

Transparent blockchains degrade forecasting quality by exposing order flow and identities, enabling copy-trading, front-running, and social/regulatory chilling. Application-layer mixers and commit-reveal schemes help but do not remove mempool leakage or state-level linkability.

VEIL treats privacy as a consensus property. We integrate: (a) encrypted mempool with threshold decryption—ciphertexts are ordered before content is known; (b) shielded ledger with commitments, nullifiers, and ZK proofs; (c) uniform batch auctions to execute trades from commit windows at a single clearing price; and (d) stake-secured oracles with slashing and disputes. VEIL runs on a sovereign Avalanche Subnet for low, predictable costs and fast finality; AWM enables asset ingress/egress and export of resolution attestations to external chains.

2. System Architecture

VEIL consists of five integrated layers:

1. Consensus: Avalanche Subnet + HyperSDK with programmable state machine
2. VEIL-VM: Privacy runtime with encrypted mempool, shielded note state, ZK verification intrinsics, auction executor
3. Markets Layer: IMarketMaker abstraction with LMSR and CPMM modules, market factory, settlement
4. Oracle Layer: VRF-selected validator committees; commit→reveal→threshold signature; disputes
5. Governance & Token: $VEIL for gas, staking; veVEIL for gauge voting and parameter control

Asset model: users hold shielded notes for supported assets (e.g., bridged USDC.e) and for $VEIL. Market shares are represented as outcome tokens within the VM but always transferred as shielded notes.

3. Subnet & Epochs

Block time target 1–2s; finality within a few seconds. Epoch length default 1h. Per epoch:

• Encryption committee size k_enc (e.g., 15) with threshold t_enc (e.g., 10)
• Oracle committee size k_orc (e.g., 11) with threshold t_orc (e.g., 8)

Selection is stake-weighted VRF; committees can overlap. Gas is deterministic; base fee adjusts to block occupancy.

4. Privacy Engine

Cryptographic primitives: commitments (Pedersen/Poseidon), sparse Merkle accumulator (root R), nullifiers nf, ZK-SNARKs (Groth16 for spend circuits, Plonk for flexible modules). Proofs cover membership, ownership, conservation, and policy predicates.

Shielded notes: a spend produces nullifiers, output commitments, and a proof π attesting Σinputs = Σoutputs + fee, membership, and ownership. ZK verification is a VM intrinsic; verification costs are deterministic and metered.

Encrypted mempool with DKG and liveness: At each epoch boundary, a stake-weighted DKG derives pk_epoch and t_enc key-shares. Clients encrypt tx bodies under pk_epoch. Blocks finalize with ciphertexts ordered. Committee publishes partial decryptions; the VM aggregates ≥ t_enc to recover tx bodies. If insufficient partials by T_decrypt, a decryption-timeout proof triggers availability faults and potential slashing; next-epoch fallback attempts re-decryption.

Stealth addresses & viewing: recipients get one-time stealth addresses, wallets scan with viewing keys; users may export viewing keys for audits.

5. Markets & Execution

IMarketMaker interface supports LMSR and CPMM modules.

LMSR numerics: C(q)= (1/α)·log(∑ e^(α q_i)); p_i = e^(α q_i)/∑ e^(α q_j); pay = C(q+∆ e_k) − C(q). Implement with log-sum-exp, 192-bit fixed-point, bounds on α and ∆.

Uniform batch auctions: fixed commit windows (e.g., 2–5s). Traders submit encrypted commits; after ordering, decrypt and clear at a uniform price computed from opening state and net order flow. Slippage constraints enforced.

Lifecycle: create (creator bond, schema), trade, close, resolve, redeem, invalid policy.

6. Oracle & Resolution

Stake-weighted VRF committee of size k_orc with threshold t_orc per market. Commit: d_i=H(o || salt_i). Reveal: post (o, salt_i). Finalize on ≥ t_orc consistent reveals; aggregate BLS signature over the digest. Optional export via AWM; consumer chains verify against a published committee key set.

Disputes: bonded window with evidence; randomized veVEIL jury with capped quadratic weights and commit-reveal votes. Incentive condition: for committee stake S, slash rate s, max manipulable payoff M, dispute success q, dishonesty irrational if sS·Pr[overturned] > M·(1−q). VEIL caps M and sets s,k,t to satisfy this under conservative q.

7. Token & Economics

$VEIL roles: gas/fees, staking, bonds, governance (veVEIL), emissions.

Illustrative supply: 1.0B genesis; inflation 8% → 2% over 4 years: I(y)=max(2%, 8%−1.5%(y−1)). Year-1 routing example: 45% validators/oracles, 25% liquidity gauges, 20% ecosystem, 10% treasury. Fees split by epoch across validators, veVEIL, oracle/dispute pools, treasury.

veVEIL: lock 1–48 months; vote market-category gauges and oracle multipliers; bribes transparent and capped.

8. Governance & Safety

Validator governance for chain-critical params with timelock. veVEIL governance for economic params.

Emergency guardrails: narrowly scoped category pause via 2-of-3 multisig, max 24h, mandatory on-chain disclosure, automatic sunset. Funds never seizable; shielded ledger immutable.

9. Security & Threat Model

• MEV: ciphertexts ordered pre-content; batch auctions remove path dependence
• Oracle attacks: selection, thresholds, slashing, capped exposure, bonded disputes
• Privacy attacks: relays/Tor, ciphertext padding, fixed cadence, default private mode with rebates
• Numerical stability: 192-bit fixed-point, log-sum-exp, α/∆ caps
• Liveness: decryption timeouts, fallback, proposer rotation
• Audits: VM/crypto/circuits; MPC ceremony for Groth16; property tests and bounties

10. Implementation Details

Transactions: Deposit, Transfer, TradeCommit, TradeReveal, CreateMarket, ResolveCommit, ResolveReveal, ResolveFinalize, Dispute.

State: Merkle root R, nullifier set N, Markets registry (params, q, status, module), CommitWindow, OracleState, Gauges, Treasury.

Market-maker modules: LMSR.apply and CPMM.apply maintain invariants. Network-privacy practices at client and node layers (proxies, padding, cadence).

11. Interoperability

Asset ingress/egress via AWM; convert deposits to shielded notes; redeem withdrawals to destination chain.

Resolution exports: (digest, aggregate BLS sig) via AWM; consumer contracts verify against committee pubkeys/roots. Reference verifier contracts provided.

12. Performance Targets & Benchmark Plan

Targets (not promises): inclusion <3s; decrypt+execute <5s typical (<10s P95); private trade cost target <$0.02 after batching; 2–4k TPS for simple shielded transfers.

Benchmarks: (1) proof verify costs & batch-verify 64/128; (2) partial decrypt aggregation for k_enc∈{11,15,21}; (3) auction clearing for 100/1k/10k orders over 2s/5s windows; (4) end-to-end latency across regions with/without relay. Publish results and set fees accordingly.

13. Compliance (Non-Advice)

Protocol is neutral. Front-ends may apply region/category filters and KYB for large creators. Viewing keys enable voluntary audits. Market schemas reduce invalidity. Governance can set category toggles at the gateway/UI layer; base protocol remains general-purpose.

14. Future Work

Proof aggregation (BLS/IPA), combinatorial markets with ZK payoffs, optional TEE-assisted matching (ZK canonical), differentially private analytics, cross-subnet liquidity incentives.

15. Conclusion

VEIL integrates encrypted mempool ordering, a shielded commitment ledger, ZK verification, and batch-auction execution into a dedicated Avalanche Subnet, enabling private, credible, and fast forecasting. Staked oracles with slashing and disputes deliver timely resolutions. Modular market makers (LMSR/CPMM), pragmatic targets, and a benchmark plan position VEIL to withstand adversarial and technical scrutiny.

Appendices