SSL — Stealth Settlement Layer

Stealth Settlement Layer (SSL) is a privacy-preserving trading infrastructure for tokenized Real World Assets (RWAs) built using Chainlink’s Confidential Routing Engine (CRE). It enables institutional-grade confidential trading on public blockchains while maintaining regulatory compliance and sybil resistance.
Public blockchains expose all trading activity including wallet addresses, order size, price, and timing. This transparency creates major problems for institutional traders because large trades can be front-run, copied by competitors, or exploited through MEV strategies. Because of these risks, most institutional trading today occurs in private “dark pools” rather than public exchanges.
SSL brings the concept of dark pools to decentralized finance by allowing traders to submit encrypted orders that are matched privately while still settling assets on-chain.
What problem it solves
Institutional traders require three things that most DeFi exchanges cannot provide:

• Privacy of trading strategies
• Protection from front-running and MEV
• Compliance with identity and regulatory requirements
  Current decentralized exchanges expose order books and transactions publicly, making them unsuitable for large professional traders.
  SSL solves this by combining confidential computing, encrypted order matching, identity verification, and private settlement to create a secure and compliant dark-pool style trading environment for tokenized assets.
  How it works

1. Identity Verification
   Before trading, users verify their identity using World ID to prove they are unique humans.
   The verification proof is sent to a Chainlink CRE workflow running inside a Trusted Execution Environment (TEE).
   If the proof is valid, the workflow submits a report to an on-chain WorldIDVerifierRegistry contract marking the user as verified.
   Chainlink ACE compliance policies then ensure that only verified wallets can interact with the settlement vault.
2. Confidential Order Submission
   When placing a trade, the user generates a single-use shield address for settlement.
   Order details such as trading pair, price, size, and side are encrypted in the browser using ECIES encryption with the CRE enclave public key.
   The encrypted order is then sent to the backend and forwarded to the confidential matching workflow.
3. Private Order Matching
   The matching workflow runs inside a Chainlink CRE Trusted Execution Environment.
   Inside the enclave:

• The encrypted order is decrypted
• The secure order book is fetched and decrypted in memory
• Orders are matched using price-time priority
  Because the process occurs entirely inside the enclave, the order details remain invisible to the blockchain, backend servers, and infrastructure operators.

1. Secure Market Price Verification
   Before executing a trade, the workflow retrieves live market prices from the Finnhub API using Chainlink Confidential HTTP.
   API credentials are injected directly into the enclave using Vault DON secret injection, ensuring they never leave the secure execution environment.
   If the trade price deviates by more than 5% from the live market price, the transaction is rejected to protect traders from price manipulation.
2. Private Settlement
   When a match occurs, assets are transferred to single-use shield addresses generated specifically for that trade.
   This allows the settlement to occur on-chain while preventing observers from linking the transaction to the trader’s primary wallet.
   After settlement is completed, the workflow sends an encrypted callback to the backend using AES-GCM encrypted responses so the database can update the order status securely.
   AI Trading Assistant
   SSL includes an AI-powered trading assistant built using Google Gemini.
   The assistant can:

• Parse natural language trading commands
• Convert them into structured orders
• Provide market insights based on aggregated dark pool settlement data
  For example, a user can type:
  “Buy 10 tNVDA at market price”
  The AI interprets the request and prepares a valid order that the user can review and sign.
  The system also provides a sentiment indicator based on anonymized settlement data, giving traders insights into market trends without revealing individual trades.
  Impact
  By combining confidential computing, identity verification, encrypted order flow, and private settlement mechanisms, SSL enables institutions to trade tokenized assets securely on public blockchains without exposing their strategies.
  The project demonstrates how Chainlink CRE can enable compliant, privacy-preserving financial infrastructure and unlock institutional participation in decentralized markets.

Frontend

• Built with React 19, Vite, and TailwindCSS
• Provides the trading interface, World ID verification widget, and AI chatbot
• Handles client-side encryption of orders using ECIES
• Generates single-use shield addresses for private settlement
• Integrates wallet interactions using MetaMask
  Backend
• Developed using Bun and Hono
• Uses PostgreSQL with Prisma to store the encrypted order book
• Responsible for:
  • Managing encrypted order submissions
  • Triggering Chainlink CRE workflows
  • Handling encrypted callbacks from CRE
  • Running the AI assistant service
  • Aggregating settlement data for the sentiment oracle
    Smart Contracts
• Written in Solidity and developed using Foundry
• Key contracts include:
  • WorldIDVerifierRegistry for storing verified identities
  • ACE compliance policies to enforce access control
  • Convergence Vault for secure token settlement
• Deployed on Ethereum Sepolia
  Confidential Compute Layer
• Uses Chainlink CRE (Confidential Routing Engine) workflows running inside Trusted Execution Environments (TEEs)
  Two main workflows:
  Verify Workflow
• Verifies World ID zero-knowledge proofs
• Submits verification results to the on-chain registry
  Matching Workflow
• Decrypts encrypted orders inside the enclave
• Executes a price-time priority matching engine
• Verifies trader identities on-chain
• Executes private settlement transactions
  External Data Integration
• Real-time asset prices are fetched from the Finnhub API
• Accessed using Chainlink ConfidentialHTTPClient
• API credentials are securely injected using Vault DON Secrets
• Ensures external API keys never leave the secure enclave
  Privacy Mechanisms
• ECIES encryption for client-side order encryption
• Trusted Execution Environments for confidential order matching
• AES-GCM encrypted responses from CRE workflows
• Shield addresses for private on-chain settlement
  AI Layer
• Powered by Google Gemini
• Provides:
  • Natural language order parsing
  • Trading assistant capabilities
  • Market sentiment insights based on aggregated settlement data
    Development Tools
• Bun for backend runtime
• Foundry for smart contract development
• CRE CLI for confidential workflow simulation
• Prisma for database management
• Viem for blockchain interactions
  SSL combines confidential computing, encrypted order flow, on-chain compliance enforcement, and AI-assisted trading to create a secure dark-pool trading infrastructure for tokenized real-world assets.