Private Proof of Innocence

The problem PPOI solves

A privacy system that anyone can use must address a difficult question: how do you prevent bad actors from laundering illicit funds through the shielded pool, without requiring users to reveal their identity?

If illicit funds enter the anonymity set, the entire pool's reputation suffers. But traditional compliance approaches (KYC, identity verification) defeat the purpose of a privacy protocol entirely. PPOI is RAILGUN's answer to this problem.

How it works

When you shield tokens, the PPOI system generates a zero-knowledge proof demonstrating that your deposit does not originate from addresses flagged in sanctioned or known-illicit lists. This proof is verified by decentralized POI nodes — independent operators who validate proofs without ever seeing the underlying transaction details.

The key insight is that the proof reveals nothing about who you are or what you deposited. It only demonstrates the negative claim: "this deposit is not linked to a known bad source." Your privacy is fully preserved.

Decentralized POI nodes

POI validation is not centralized. Independent node operators run the POI verification software. Each node maintains its own copy of the sanctioned-address lists and validates proofs against them. No single entity controls the compliance process.

Nodes communicate validation results through on-chain merkle trees. When a POI node validates your deposit, it adds the result to a shared merkle tree. The RAILGUN Wallet SDK checks this tree to determine when your balance transitions from "pending" to "spendable."

The list key

POI nodes use a list key to identify which sanctioned-address list they are validating against. The Wallet SDK is configured to expect a specific list key, and the POI node must support that same key. If there is a mismatch, the scan will fail with a "rejected list key" error — this is a backend configuration issue, not a user error.

Timing breakdown

PPOI clearance involves several sequential steps:

1. Block confirmations — the shield transaction must be confirmed on-chain (usually 1-2 blocks)
2. POI node processing — the node detects the new shield event and generates/validates the proof
3. Merkle tree update — the validation result is written to the on-chain merkle tree
4. Wallet SDK detection — the app scans the updated tree and transitions your balance to "spendable"

What if PPOI fails?

If PPOI clearance does not complete, your tokens remain in the shielded pool in a "pending" state. They are not lost — they are safely held by the RAILGUN smart contract. Once the POI node issue is resolved (e.g., node comes back online, configuration is fixed), your tokens will become spendable.

In the unlikely event that your deposit is flagged (i.e., it originates from a sanctioned source), the tokens remain in the pool but will not become spendable through normal channels. This is a protocol-level enforcement, not something the app controls.