PrivOTC

PrivOTC — Human-Verified Confidential OTC Trading Protocol
Overview
PrivOTC is a privacy-preserving OTC (Over-The-Counter) trading platform designed to enable large crypto trades without exposing sensitive market information. It combines Chainlink Runtime Environment (CRE), confidential compute, zero-knowledge proofs, World ID human verification, AI-assisted order matching, and smart contract settlement to create a fully automated and privacy-first trading system.
The platform allows traders to negotiate and execute large transactions while keeping trade intent, balances, pricing strategies, and unmatched orders confidential. Only the final settlement is recorded on-chain, ensuring transparency where it matters while protecting sensitive trading information.
PrivOTC effectively acts as a decentralized dark pool for crypto, bringing institutional-grade trading privacy and security to decentralized finance.
The Problem

1. Public Transparency in DeFi Exposes Trading Strategies
   Decentralized exchanges were designed for transparency. While this transparency improves trust and auditability, it also creates serious problems for large traders.
   Every transaction submitted to a blockchain is publicly visible. This includes:

• Wallet addresses
• Trade amounts
• Token pairs
• Transaction timing
• Pending transactions in the mempool
  For small retail trades this is acceptable. However, for large institutional transactions, this transparency creates severe market risks.
  Market Impact
  When a large trader attempts to buy or sell a large quantity of tokens on a public exchange, the market immediately reacts.
  For example, if a fund attempts to buy a large amount of ETH on a decentralized exchange:

1. The transaction becomes visible in the mempool.
2. Bots detect the trade.
3. Bots buy the token before the large trade executes.
4. The price increases before the transaction completes.
5. The trader receives a worse price.
   This is commonly known as front-running.
   Another common attack is the sandwich attack, where bots place trades before and after the victim’s transaction to extract profit.
   These behaviors fall under a broader category known as Maximal Extractable Value (MEV).
   As a result, executing large trades on public DeFi exchanges often leads to:

• severe slippage
• manipulated execution prices
• market instability

2. Centralized OTC Desks Introduce Trust and Privacy Risks
   To avoid the problems of public exchanges, institutions often use centralized OTC desks.
   These OTC desks act as brokers that privately match buyers and sellers.
   However, this introduces several issues.
   Trust Requirements
   Users must trust the broker with sensitive information such as:

• trade size
• price strategy
• portfolio allocation
• timing of trades
  The broker effectively becomes an intermediary with full visibility into the trade.
  Information Leakage
  Because OTC brokers have access to trade details, there is always a risk of:
• internal front-running
• information leakage
• preferential treatment of certain clients
  Counterparty Risk
  Traditional OTC deals may also suffer from settlement risk if one party fails to deliver assets.
  Manual Processes
  Many OTC transactions still rely on manual negotiation through chat platforms or broker communication.
  This creates slow execution and operational inefficiencies.

3. Fake Liquidity and Bot Activity
   Another major challenge in decentralized markets is fake liquidity.
   Attackers can create multiple wallets and submit fake orders to manipulate perceived demand.
   This can lead to:

• spoof trading
• order book manipulation
• liquidity illusions
  Without proper identity verification, it becomes difficult to ensure that participants represent legitimate trading parties.

4. Lack of Privacy-Preserving Financial Infrastructure
   While privacy solutions exist in other blockchain contexts, most decentralized trading platforms still operate with fully transparent order books and balances.
   Large traders require mechanisms to:

• prove solvency
• negotiate trades privately
• execute settlement securely
  without revealing sensitive information.
  Currently, there is no widely adopted decentralized infrastructure that combines privacy, verification, and automated settlement for large trades.
  Our Solution
  PrivOTC introduces a new model for decentralized trading by combining multiple technologies to create a confidential OTC trading system.
  The core design principle is simple:
  Sensitive information remains private, while settlement remains verifiable.
  PrivOTC achieves this through four main innovations:

1. Human verification using World ID
2. Zero-knowledge balance proofs
3. Confidential trade matching using Chainlink CRE
4. Trustless on-chain settlement through smart contracts
   Key Components
5. World ID — Human Verification
   PrivOTC integrates World ID to ensure that each participant represents a unique human.
   This prevents:

• bot trading
• fake liquidity providers
• order spoofing attacks
  When a user joins the platform, they verify themselves using World ID.
  The system generates a zero-knowledge proof of uniqueness, which confirms that the user is a real human without revealing their identity.
  This creates a trading environment where every participant is verified while maintaining anonymity.

2. Zero-Knowledge Balance Proofs
   One of the biggest privacy concerns in trading systems is balance disclosure.
   Traders often need to prove they have sufficient funds before placing a trade.
   However, revealing wallet balances can expose portfolio strategies.
   PrivOTC solves this using ZK-SNARK balance proofs.
   Users generate cryptographic proofs that demonstrate:
   "my wallet contains at least the required amount for this trade"
   without revealing the exact balance.
   This allows the system to verify solvency while preserving financial privacy.
3. Chainlink CRE Confidential Compute
   The Chainlink Runtime Environment (CRE) serves as the orchestration layer of PrivOTC.
   CRE runs the matching engine inside a confidential execution environment (Trusted Execution Environment).
   This ensures that trade orders remain private during processing.
   Key responsibilities of the CRE workflow include:

• receiving encrypted trade intents
• validating World ID proofs
• verifying zero-knowledge balance proofs
• managing the confidential orderbook
• running the matching engine
• coordinating settlement transactions
  Because this logic runs inside confidential compute, order data is never exposed to external observers.
  Even system operators cannot access the raw orderbook.

4. AI-Assisted Trade Matching
   PrivOTC introduces an AI-powered matching engine to evaluate trade compatibility.
   The AI agent analyzes factors such as:

• asset compatibility
• price spread
• order timing
• trade size alignment
  The model generates a compatibility decision that determines whether two orders should be matched.
  This process occurs entirely inside the confidential compute environment.
  As a result, the orderbook remains private while enabling intelligent trade pairing.

5. Smart Contract Escrow and Atomic Settlement
   Once a match is identified, the settlement process begins.
   Both parties deposit funds into an escrow smart contract.
   The system then executes an atomic settlement transaction, meaning:

• either both sides of the trade complete successfully
• or the transaction fails entirely
  This eliminates counterparty risk.
  If the trade cannot be completed within a specified time window, the escrow automatically refunds participants.

6. Tenderly Virtual TestNets for Development and Validation
   PrivOTC uses Tenderly Virtual TestNets to simulate blockchain environments that mirror real mainnet state.
   This allows developers to:

• test smart contract deployments
• debug transactions
• analyze execution traces
• simulate realistic trading scenarios
  Using Tenderly ensures that the system behaves correctly under real market conditions before deployment.
  How PrivOTC Is Different from Existing Solutions
  PrivOTC introduces several innovations that distinguish it from both centralized OTC desks and existing decentralized exchanges.
  Brokerless Trading
  Traditional OTC systems rely on brokers.
  PrivOTC removes this intermediary entirely.
  Trade matching is performed automatically inside confidential compute.
  Private Orderbook
  Existing decentralized exchanges expose their entire orderbook publicly.
  PrivOTC keeps the orderbook confidential.
  Only matched trades become visible through settlement events.
  Human-Verified Participants
  Most trading platforms cannot distinguish between humans and bots.
  PrivOTC integrates World ID to ensure each participant represents a unique individual.
  Balance Privacy
  Traditional systems require users to reveal wallet balances.
  PrivOTC uses zero-knowledge proofs to verify solvency without exposing balances.
  Automated Settlement
  Centralized OTC deals often require manual settlement coordination.
  PrivOTC executes settlement automatically through smart contracts.
  How the System Works
  The PrivOTC workflow follows a series of steps.
  Step 1 — Human Verification
  The user verifies their identity using World ID.
  A zero-knowledge proof confirms that the user is a unique human.
  Step 2 — Balance Proof Generation
  The user generates a ZK-SNARK proof that demonstrates they have sufficient funds for the trade.
  This proof is validated by a smart contract.
  Step 3 — Trade Submission
  The user submits a trade intent containing:
• asset pair
• trade amount
• price preference
  The order is encrypted and sent to the CRE workflow.
  Step 4 — Confidential Orderbook Storage
  Orders are stored inside the confidential runtime.
  Unmatched orders remain hidden.
  Step 5 — AI Matching
  The AI agent evaluates order compatibility and identifies potential matches.
  Step 6 — Trade Confirmation
  When a match is identified, both participants are notified.
  Step 7 — Escrow Deposit
  Both traders deposit funds into the escrow smart contract.
  Step 8 — Atomic Settlement
  The settlement contract executes the trade on-chain.
  Tokens are exchanged simultaneously.
  Step 9 — On-Chain Record
  Only the settlement transaction becomes publicly visible.
  All other trade information remains confidential.
  Impact
  PrivOTC introduces a new infrastructure layer for decentralized finance.
  By combining privacy, verification, and automation, the platform enables secure large-volume trading without sacrificing decentralization.
  This approach benefits:
• institutional traders
• large token holders
• DAO treasuries
• market makers
  It reduces market manipulation, improves trade execution fairness, and expands the possibilities for privacy-preserving financial applications.

How It Is Built
PrivOTC is built as a full-stack decentralized application that combines confidential computation, zero-knowledge cryptography, human verification, and automated smart-contract settlement. The system is composed of four main layers: the frontend interface, the identity and proof layer, the confidential compute workflow powered by Chainlink CRE, and the on-chain settlement layer.

1. Frontend Application
   The user interface is built using Next.js with TypeScript, providing a responsive web application where traders can verify identity, generate proofs, and submit trade intents.
   Key responsibilities of the frontend include:

• connecting to the user’s wallet
• verifying identity through World ID
• generating zero-knowledge balance proofs
• submitting encrypted trade orders
• displaying trade status and settlement results
  The frontend communicates with the backend workflow through secure API endpoints that trigger the Chainlink CRE workflow.

2. Identity Layer — World ID Integration
   PrivOTC integrates World ID to ensure that every participant is a real human and to prevent bot manipulation or fake liquidity.
   The process works as follows:
3. The user initiates verification through the World ID IDKit widget.
4. The user scans the verification request using the World App.
5. World ID generates a zero-knowledge proof of personhood.
6. The proof is submitted to the backend workflow.
7. The system verifies the proof and stores a nullifier to prevent duplicate participation.
   This ensures that each trading participant is a unique human without revealing personal identity.
8. Zero-Knowledge Balance Proofs
   To protect financial privacy, PrivOTC uses ZK-SNARKs to allow traders to prove they have sufficient funds without revealing their exact wallet balances.
   This system is implemented using:

• Circom for writing the cryptographic circuit
• Groth16 proving system
• snarkjs for generating and verifying proofs
  The balance proof circuit allows users to prove:
  “My wallet holds at least the amount required for this trade.”
  Inputs such as the actual balance and wallet details remain private, while the proof output confirms sufficiency.
  A smart contract called BalanceVerifier.sol verifies these proofs on-chain.

4. Chainlink CRE Workflow (Core Orchestration Layer)
   The central logic of the system runs inside a Chainlink Runtime Environment (CRE) workflow, which orchestrates the trading process and ensures confidential computation.
   The CRE workflow is written in TypeScript using the CRE SDK and contains several handlers responsible for different stages of the process.
   Handler 1 — Trade Intake
   This component receives incoming trade requests from the frontend.
   It performs:

• World ID proof validation
• zero-knowledge balance proof verification
• trade data validation
  Valid orders are then added to a confidential orderbook.
  Handler 2 — Confidential Matching Engine
  The matching engine runs periodically using a cron capability in CRE.
  It scans the confidential orderbook and identifies compatible buy and sell orders.
  Matching logic evaluates:
• token pair compatibility
• price overlap
• order timing
• trade size
  The system uses an AI agent powered by Groq’s LLaMA 3.1 70B model to assist with compatibility evaluation.
  The AI request is executed using ConfidentialHTTPClient, ensuring that order data remains encrypted and is only processed inside the Trusted Execution Environment.
  Handler 3 — Settlement Coordination
  Once a trade is matched, the CRE workflow triggers on-chain settlement.
  Using the EVMClient capability, the workflow sends a transaction to the settlement contract.
  The transaction is signed using Runtime.report(), ensuring verifiable execution by the Chainlink network.

5. Smart Contracts
   PrivOTC uses multiple smart contracts written in Solidity (version 0.8+) and deployed on a Tenderly Virtual TestNet environment.
   Key contracts include:
   EscrowVault.sol
   Handles asset custody for matched trades.
   Both traders deposit funds into the contract before settlement.
   If a trade fails to complete within the defined time window, funds are automatically refunded.
   OTCSettlement.sol
   Executes the atomic trade settlement.
   This contract ensures that:

• both sides of the trade execute simultaneously
• partial executions cannot occur
• funds are transferred securely
  ProofVerifier.sol
  Verifies World ID proofs and ensures that nullifiers cannot be reused.
  BalanceVerifier.sol
  Verifies the ZK-SNARK balance proofs generated by the frontend.

6. Confidential Orderbook
   Unlike traditional exchanges, PrivOTC does not store orders publicly.
   Instead, trade intents are stored inside the Trusted Execution Environment used by the CRE workflow.
   Properties of this orderbook:

• never written to disk
• never exposed to external APIs
• only accessible during workflow execution
• unmatched orders remain confidential
  Only matched trades trigger blockchain transactions.

7. Tenderly Virtual TestNet Integration
   All contracts and settlement transactions are deployed and tested using Tenderly Virtual TestNets.
   Tenderly provides:

• a fork of Ethereum mainnet state
• unlimited testing funds
• detailed transaction debugging tools
• execution traces and simulation capabilities
  This environment allows the team to test complex workflows, verify smart contract behavior, and demonstrate the full trade lifecycle safely.

8. End-to-End Workflow
   The complete system operates as follows:
9. The user verifies identity through World ID.
10. The user generates a zero-knowledge proof of sufficient balance.
11. The user submits an encrypted trade intent through the frontend.
12. The CRE workflow validates proofs and stores the order in a confidential orderbook.
13. The matching engine periodically scans orders and identifies compatible trades.
14. When a match is found, both traders deposit funds into the escrow contract.
15. The CRE workflow triggers the settlement contract.
16. The smart contract executes an atomic asset swap.
17. The settlement transaction is recorded on-chain.
    All unmatched orders and private trading data remain confidential throughout the process.
    Technology Stack Summary
    LayerTechnologyFrontendNext.js, TypeScriptIdentityWorld IDPrivacyZK-SNARKs (Circom, Groth16)OrchestrationChainlink Runtime EnvironmentAI MatchingGroq LLaMA 3.1 70BSmart ContractsSolidityTestingTenderly Virtual TestNetsProof Verificationsnarkjs