Privacy model
Aegis targets selective privacy: hide balances and flows by default inside the shielded set; disclose only what you choose to a counterparty or auditor.
What privacy means here
| Protected (when ZK path is active) | Still visible on-chain |
|---|---|
| Shielded balance amounts | Block timestamps, gas payer |
| Sender ↔ receiver link inside pool | Public pool reserves |
| Vote choice (shielded tally modes) | Contract addresses you interact with |
| Claim eligibility details | Relayer endpoint if you use one |
Shielded set
- Shield visible AGS into a commitment (Groth16 mint path).
- Transfer inside the set without revealing endpoints to observers.
- Unshield to a transparent address when you exit.
When publicEntryEnabled is false on the token, entry uses PrivacyEntryRouter with EIP-712 intents — optionally relayed by a third party that pays gas.
Local secrets
- Witness material stays in the browser unless you opt into another flow.
- Optional commitment vault encrypts UX cache on disk (AES-GCM); unlocking is per-session in memory.
- Remote prover URLs are optional — you can also prove locally in the browser when that mode is available.
Fingerprinting posture
Session identifiers and analytics are off by default in the live app. Privacy-sensitive routes disable third-party widgets.
Disclosure budget
Not everything can be private on a public chain. Operational docs for partners describe what each module leaks by design. Users should assume timing, gas patterns, and RPC metadata can correlate activity.
WARNING
Privacy tech reduces linkability; it does not guarantee anonymity against a global passive adversary.