On-chain Payroll: A ZK Privacy System for Cardano & Midnight

[Proposal setup] Proposal title

Please provide your proposal title

On-chain Payroll: A ZK Privacy System for Cardano & Midnight

[Proposal Summary] Time

Please specify how many months you expect your project to last

3

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

On-chain transparency violates enterprise privacy(GDPR) and leaks salary secrets.Existing solutions offer only full transparency or centralization.Need to solve structural privacy/compliance conflict.

[Proposal Summary] Supporting Documentation

Supporting links

• https://github.com/mauyin/on-chain-payroll
,
• https://midnight-payroll-demo.vercel.app/

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

Yes

Describe any dependencies or write 'No dependencies'

This project adopts a hybrid deployment strategy to ensure mainnet delivery despite Midnight's current development phase: 1. Midnight (Privacy Layer): DevNet/Simulation for ZK proof generation and private data storage. Code architecture will be mainnet-ready for seamless migration when Midnight mainnet launches. 2. Cardano (Settlement Layer): MAINNET deployment for the Settlement Registry validator. All proof verification and ADA transfers will occur on Cardano mainnet with real assets. 3. Cross-Chain Bridge: Since the official Midnight-Cardano bridge is under development, we implement a controlled Relay Oracle that: - Receives ZK proofs generated on Midnight DevNet - Verifies proofs off-chain - Submits cryptographic attestation to Cardano mainnet validator - Triggers settlement upon successful verification This approach ensures the core value proposition (privacy-preserving payroll with real settlements) is demonstrated on mainnet, independent of Midnight's infrastructure timeline.

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

Please provide here more information on the open source status of your project outputs

MIT License

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal

Privacy

[Campaign Category] Category Questions

What is useful about your DApp within one of the specified industry or enterprise verticals?

The DApp's greatest utility lies in solving the fundamental privacy-compliance conflict that Real World Assets (RWA) and Enterprise Operations face when migrating to Web3.

The On-chain Payroll system enables enterprises to conduct sensitive financial processes on the blockchain without violating employee privacy (e.g., GDPR requirements) or exposing core commercial secrets like salary structures. By using Midnight's ZK-Proofs, the system offers "Compliant Verifiability": the company can prove to auditors or DAO governance that funds were distributed honestly and according to rules, but without revealing who received how much. This capability is critical for attracting traditional businesses to Cardano, as it provides an auditable, decentralized system that satisfies real-world legal and financial requirements, overcoming a major barrier to corporate Web3 adoption.

What exactly will you build? List the Compact contract(s) and key functions/proofs, the demo UI flow, Lace (Midnight) wallet integration, and your basic test plan.

1. Compact Contracts and Key Functions/Proofs

• Midnight Privacy Vault
  • The core Compact contract, serving as the system's "private database". It stores the encrypted Organization Chart and Compensation Logic (salary rules).
  • Data Storage: Handles the encrypted upload and storage of sensitive data (e.g., ID, Level, Salary).
• Compact Contract Engine
  • Responsible for executing the salary calculation logic in a private environment. This includes the Rule Validation Circuit.
  • Logic Execution: Executes logic judgments like "Is KPI met?" or "Calculate seniority bonus".
• Proof of Honest Payment
  • The primary cryptographic output.
  • Proof Generation: Generates a ZK Proof (Zero-Knowledge Proof) that attests that the transfer request is valid according to the secret, encrypted rules, without revealing the rules or amounts.
• Cardano Settlement Registry
  • A lightweight Plutus/Aiken validator on the Cardano mainnet.
  • Proof Verification: Receives the ZK Proof, verifies its validity, and then triggers the transfer of ADA/Tokens from the liquidity vault to the employee's wallet.

1. Demo UI Flow
   • Employer (HR) View 1. Setup: Define and encrypt salary rules (e.g., level tables) on the Midnight DApp. 2. Funding: Deposit budget (ADA/Tokens) into the Cardano Settlement Registry. 3. Issuance: Trigger the "Execute Payroll" function, prompting the system to generate and submit the ZK Proofs.
   • Employee View 1. Settlement: Automatically receive funds on the Cardano mainnet after successful proof verification. 2. Verification (Auditing): Log in to the system to generate a Verifiable Income Certificate (Zero-Knowledge Proof of income) for real-world use (e.g., bank loans).
2. Lace (Midnight) Wallet Integration

• The project aims for easy wallet integration via the Compliance SDK (TypeScript/JS):
• The SDK will contain core functions like create_salary_proof and verify_proof.
• The UI Demo's acceptance criteria require it to be able to connect to Testnet wallets (such as Lace/Nami with a Midnight simulation environment) for interactive testing.

1. Basic Test Plan

• ZK Logic Testing
  • The ZK Circuit must be rigorously tested. The system must successfully generate a valid Proof for compliant inputs (e.g., Level 3 employee) and fail to generate a Proof for non-compliant inputs.
• Cross-Chain Verification - The Cardano validator (Plutus/Aiken) must successfully recognize and accept a valid ZK Proof to execute the transaction. Note: The MVP accepts manual proof submission if the official bridge is not ready.
• Functional Coverage
  • The project is committed to completing $\ge 50$ successful "Proof-Verification" process tests.
• Scenario Testing
  • Testing will cover normal payroll, rule interception (e.g., attempting to claim with the wrong level), and preventing duplicate claims.
• Privacy Verification
  • Non-authorized parties querying the encrypted data must be rejected or receive indecipherable data, while authorized parties using a View Key can decrypt the data.

How will other developers learn from and reuse your repo? Describe repo structure, README contents, docs/tutorials, test instructions, and extension points. Which developer personas benefit, and how will you gauge impact (forks, stars, issues, remixes)?

1.Repository Structure

The repository will adopt a modular structure to clearly separate the core components, allowing developers to target the specific layer they need:

• /contracts/midnight: Contains the Compact contract code for the Midnight Privacy Vault and the core ZK Circuit logic. This is the source for the private computation.
• /contracts/cardano: Contains the Plutus/Aiken scripts for the Cardano Settlement Registry (the validator that verifies the ZK Proofs).
• /sdk: Contains the open-source TypeScript/JS SDK and the accompanying Demo UI. This provides the highest level of abstraction for integrators.
• /docs: Dedicated folder for detailed architectural explanations and tutorials.

2.Documentation Strategy

The project includes Developer Documentation as a core deliverable.

• README Content: The top-level README will feature a quick-start guide, the Dual-Layer Architecture Diagram, a clear explanation of the Model-Proof-Settlement pattern, and immediate installation/setup instructions for the Testnet environment.
• Docs/Tutorials: Tutorials will cover three main workflows: 1. How to define a new private rule using Compact, 2. How to generate the ZK Proof using the SDK, and 3. How to deploy and interact with the Cardano Validator.Test Instructions: The repository will include a Unit Test Report (Milestone 2) and clear instructions on how to run the automated tests for both the ZK circuit and the Cardano validation script.

3.Extension Points and Universal Primitive

The project is explicitly designed as an Infrastructure Primitive. The core extension point is the ZK Rule Validation module.

• Universal Primitive: The underlying ZK logic for "Attribute-Based Private Distribution" is generic and not limited to payroll.
• Reusability: Developers can reuse the ZK circuit code and the Cardano verifier to build other privacy-focused applications, such as: privacy airdrops (proof of holding a specific NFT/Token without revealing the address), privacy crowd-funding (proving a donation size met a tier), or DAO privacy proposal systems.

4.Developer Personas Who Benefit

• Midnight DApp Developers
  • Learn best practices for defining Compact Data Schemas and receive working examples of complex ZK Circuit logic for private computation.
• Cardano Smart Contract Developers
  • Gain concrete examples of writing Plutus/Aiken scripts that are optimized for cross-chain ZK Proof verification and secure asset settlement.
• Frontend/SaaS Integrators
  • Benefit directly from the TypeScript SDK, which abstracts complex cryptography into simple functions (create_salary_proof, verify_proof), enabling easy integration into any HR SaaS or Web3 DApp.

1. Impact Gauging (Success Metrics)

Success will be measured through concrete, verifiable metrics:

Technical Metrics:

• 100+ ZK proofs generated on Midnight DevNet during development and testing

• 10+ mainnet settlement transactions executed (real ADA transfers on Cardano mainnet)

• 50+ successful 'Proof-Verification' test cycles covering normal payroll, rule rejection, and duplicate claim prevention

Adoption Metrics:

• 1+ company or DAO pilot using this payroll primitive (even internal/demo usage counts)

• 1+ complete organizational structure (org chart with 5+ roles + salary rules) demonstrated in live system

• 10+ GitHub Stars/Forks indicating developer interest and code reuse potential

Deliverable Metrics:

• 1 SDK published to NPM with mainnet configuration

• 1 mainnet-connected demo website accessible globally

• 1 video tutorial (10+ minutes) demonstrating complete employer-to-employee flow

• 1 Final Report documenting architecture decisions, mainnet deployment process, and lessons learned

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

On-chain Payroll is a decentralized application built on the Model-Proof-Settlement pattern:

Core Module Architecture:

• Midnight Privacy Vault (Data Layer): Implemented in Compact language. This serves as a secure, encrypted storage for enterprise organizational structures (Org Charts) and compensation rules (Compensation Logic), functioning as the system's "private database."
• Compact Contract Engine (Computation Layer): Handles payroll calculations locally or on Midnight nodes. It verifies that inputs (e.g., employee levels) align with predefined logic to produce outputs (e.g., salary amounts) and generates tamper-proof Zero-Knowledge (ZK) Proofs.
• Cardano Settlement Registry (Asset Layer): A lightweight Plutus/Aiken validator. It avoids complex computations, focusing solely on validating ZK Proofs and facilitating ADA/Token transfers.
• Compliance SDK (Integration Layer): Encapsulates intricate cryptographic operations, enabling seamless one-click integration of "private payroll" features into any Web3 wallet or HR SaaS platform.

Why Cardano + Midnight?

Cardano offers unparalleled security and determinism, making it ideal for high-value financial settlements. Midnight provides the privacy and programmability required for compliance, addressing GDPR and trade secret protection challenges. Together, they enable data to operate in privacy while value flows transparently.

Verification Model:

The Cardano Settlement Registry validates settlements through a Relay Oracle attestation model. The Oracle verifies ZK proofs off-chain and provides a cryptographic attestation that the Aiken validator verifies on-chain. This architecture is designed to upgrade to native ZK verification when Cardano's cryptographic primitives mature (CIP-0381 and future CIPs).

Employee Onboarding Flow:

Employees connect their Cardano wallet (Lace/Nami) to the system. The employer registers the employee's public key in the Midnight Privacy Vault. View Keys for salary verification are derived deterministically from the employee's wallet signature, ensuring employees can always recover access without storing additional secrets.

Dispute Resolution:

The system maintains a cryptographic commitment log. If disputes arise, authorized parties (HR + Employee + optional Arbiter) can collaboratively reveal specific records using multi-party View Key disclosure. The ZK proof itself provides mathematical evidence of whether rules were correctly applied.

Transaction Economics:

• Cardano settlement: 0.2-0.5 ADA per employee payment ($0.10-0.25 USD)
• Batch optimization: Up to 50 settlements per transaction possible
• Cost comparison: Traditional payroll services charge $4-10/employee/month
• For a 100-person company: ~$25/month in blockchain fees vs $400-1000/month traditional

Auditor Interface:

The Compliance SDK includes audit-specific functions:

• generate_audit_report(period, view_key): Produces standard-format report
• verify_aggregate_proof(report): Confirms totals without individual details
• export_regulatory_package(): GDPR/SOC2 compliant documentation bundle

Auditors receive cryptographic proof that sum(individual_payments) = total_disbursed, without accessing individual records.

[Your Project and Solution] Impact

Please define the positive impact your project will have on Midnight ecosystem

On-chain transparency clashes with privacy and compliance needs, blocking enterprise adoption.

Case 1: GDPR Barrier

A European fintech startup aimed for full on-chain operations but halted payroll due to GDPR Article 9 violations—public ledgers expose sensitive salary data, risking 4% revenue fines. Result: Abandoned blockchain for payroll.

Case 2: Talent Poaching

A DeFi protocol's transparent treasury revealed developer salaries ($180k/year), enabling competitors to poach 40% of the team with $220k offers in three months.

Current solutions force a tradeoff: full transparency (privacy breach) or centralized opacity (trust erosion). Enterprises need verifiable payments without exposing details.

Real-World Impacts

Compliance Trap: A German Web3 firm tried ADA-based salaries for efficiency but faced labor law breaches and GDPR risks. On-chain visibility sparked resignations over pay disparities—why no major firms use blockchain payroll.

DAO Dilemma: A Cardano DAO's $500k contributor budget demands transparency but risks poaching, internal strife, and doxxing. They can prove totals but not fair distribution without harm.

Solution: Privacy-Preserving On-Chain Payroll

Prove rule adherence and totals via cryptography, while shielding individual details. This fills a Cardano gap with "enterprise-grade private payments."

Ecosystem Benefits

Reusable Infrastructure: ZK modules for attribute-based distributions, adaptable for private airdrops, crowdfunding, or DAOs.

RWA & Corporate Adoption: Reduces privacy barriers for traditional firms and global teams.

Regulatory Value: Demonstrates auditable yet GDPR-compliant blockchain.

Commitments

• Mainnet Proof: 10+ real transactions on Cardano.
• SDK: Integrate privacy payroll in <1 day.
• Ecosystem First: Pioneer reference architecture for enterprise use.
• Documentation: Full guides for forking/extending (e.g., private grants, treasury management).

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Team Strengths: I am a full-stack developer with experience in TypeScript (Frontend/SDK) and Rust/Haskell (Cardano smart contracts). I have hands-on experience with Plutus/Aiken development and understand the eUTxO model.

Mainnet Deployment Strategy:

Given Midnight is in DevNet phase while we commit to Cardano mainnet delivery:

1. Hybrid Architecture: Privacy computation on Midnight DevNet, settlement on Cardano Mainnet. This decouples our delivery from Midnight's mainnet timeline.
2. Relay Oracle Design: A controlled relay service bridges proofs from Midnight to Cardano. This is a temporary solution until the official bridge matures, but ensures mainnet functionality.
3. Phased Mainnet Rollout:
   • Month 2: Deploy validator to Cardano Pre-production testnet for integration testing
   • Month 3 Week 1-2: Security review and mainnet dry-run
   • Month 3 Week 3-4: Mainnet deployment with small-value test settlements

Risk Management:

Risk: Midnight DevNet instability could block proof generation

Mitigation: Implement proof caching and retry logic; prepare fallback to local ZK simulation if needed

Risk: Cardano mainnet transaction costs exceed budget

Mitigation: Budget includes 50 ADA reserve for mainnet transactions; optimize validator for minimal execution units

All deliverables will undergo rigorous testing before mainnet deployment. We commit to technical honesty - if mainnet deployment faces blockers, we will transparently communicate and propose alternatives.

The Relay Oracle only transfers proofs and does not process private data nor handle funds.

All financial settlement logic remains fully on-chain and verifiable on Cardano.

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

Backend side development : 5000USDM

Including

• Midnight/Compact logic for privacy layer
• ZK engineering
• Smart contract on cardano mainnet for settlement layer

Frontend development: 2000USDM

• Wallet integration
• UI interface
• backend and smart contract integration

All engineering (backend, ZK circuits, Plutus/Aiken validator, frontend UI, SDK, Oracle server) is implemented by a single developer.

The cost allocation reflects time estimation rather than outsourcing expenses.

This proposal is not building a commercial product,

but an open-source payroll primitive (contracts + SDK + validator) intended for reuse.

The scope is tightly defined and optimized for a 3-month solo delivery.

[Final Pitch] Value for Money

How does the cost of the project represent value for the Midnight ecosystem?

1. High ROI Infrastructure: This proposal requesting only $7,000 in seed funding, with the goal not of building a fully commercialized startup but of delivering an open-source, reusable privacy payroll primitive to the Cardano community. This foundational infrastructure will allow any subsequent DAO tools or HR SaaS projects to directly integrate our SDK, eliminating the need to develop ZK circuits from scratch and thereby maximizing efficiency and value for the broader ecosystem.
2. Addressing Real-World Adoption Barriers: As outlined earlier, the lack of robust privacy features remains one of the primary obstacles preventing enterprises from adopting Web3 technologies. This project, executed at a minimal cost, will explore and validate Midnight's practical applicability in enterprise compliance scenarios, effectively lowering entry barriers and paving the way for high-value corporate users to integrate into the Cardano ecosystem.
3. Technical Honesty and Risk Management: This project fully recognizes that Midnight is still in its early development phase, presenting ongoing challenges in cross-chain interoperability. The budget will primarily focus on overcoming key technical hurdles in logic validation and privacy circuits. We commit to delivering high-quality, verifiable code and practical feasibility demonstrations, prioritizing substantive results over superficial marketing claims.

[Self-Assessment] Self-Assessment Checklist

I confirm that the proposal clearly provides a basic prototype reference application for one of the areas of interest.

Yes

I confirm that the proposal clearly defines which part of the developer journey it improves and how it makes building on Midnight easier and more productive.

Yes

I confirm that the proposal explicitly states the chosen permissive open-source license (e.g., MIT, Apache 2.0) and commits to a public code repository.

Yes

I confirm that the team provides evidence of their technical ability and experience in creating developer tools or high-quality technical content (e.g., GitHub, portfolio).

Yes

I confirm that a plan for creating and maintaining clear, comprehensive documentation is a core part of the proposal's scope.

Yes

I confirm that the budget and timeline (3 months) are realistic for delivering the proposed tool or resource.

Yes

[Required Acknowledgements] Consent & Confirmation

I Agree

Yes