Security & Privacy
Privacy-first architecture, pseudonymity, and cryptographic privacy on Solana Token-2022.
The ƒxyz Network enforces privacy and security through architecture, not policy. Members are identified by DIDs and star names -- never by real names or personal emails. KYC is handled by Bridge.xyz; the network never stores or processes identity documents.
Privacy Architecture
- Pseudonymity by default: Members are identified by DID (
did:privy:...) internally, star names publicly, and wallet addresses on-chain. No real names or personal emails are stored anywhere in the system. - KYC without PII storage: Bridge.xyz handles identity verification on their hosted pages. The network receives only approval/rejection status -- no personal data.
- ElGamal confidential transfers (feature-flagged): Solana Token-2022 includes an ElGamal-based confidential transfer extension. Code exists at
packages/florin-sdk/src/confidential-crypto.tsbut the extension is not enabled by default pending ZK-ElGamal re-enablement on Solana mainnet. - CryptoGraph ACL system: The Neo4j knowledge graph uses a tiered access control system where node-level
_acl, circle-levelpropertyACL, and tier-privacy fallbacks control who can see what data. - Tiered access: Different membership tiers control visibility of financial data, governance details, and network metrics.
Security Measures
- Arcjet rate limiting: API and application endpoints are protected by Arcjet middleware against abuse and brute-force attacks.
- Token-2022 program: All tokens (Florin, Joule, HoW) use Solana's Token-2022 program, which supports built-in transfer hooks and access controls.
- Squads multisig treasury: Treasury operations require multi-signature approval.
- Privy authentication: Member authentication via Privy with wallet and social login support. Note: Stripe acquired Privy (June 2025) and already owns Bridge.xyz : both KYC and auth are now Stripe-stack; concentration risk is acknowledged and multi-wallet-infra alternatives are under evaluation.
What We Do Not Do
- Store real names, personal emails, or identity documents
- Run our own KYC/KYB verification (Bridge.xyz handles this)
- Expose DIDs in email addresses or public identifiers
- Use trust assumptions where cryptographic verification is possible
References
- ElGamal, T. "A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms." IEEE Trans. IT 31(4), 1985 - Encryption scheme used for Florin confidential transfers
- Goldwasser, S., Micali, S. & Rackoff, C. "The Knowledge Complexity of Interactive Proof-Systems." SIAM J. Computing 18(1), 1989 - Foundational paper defining zero-knowledge proofs
- "A Survey on the Applications of Zero-Knowledge Proofs." arXiv:2408.00243, 2024 - Comprehensive survey of ZKP applications in blockchain and finance
- Oude Roelink, B. "Comparing zk-SNARK, zk-STARK, and Bulletproof Protocols for Privacy-Preserving Authentication." Security and Privacy, 2024 - Systematic comparison of ZKP protocol families
- Solana Token-2022 Confidential Transfers - ElGamal-based confidential transfer extension used by Florin
- Regulation (EU) 2016/679 - GDPR (EUR-Lex) - EU data protection requirements for privacy architecture
Capital & Allocation Circles
How capital & allocation circles organize contributions within the ƒxyz Network -- founding contributions, collective capital, and voucher vesting
fxyz Roadmap : From Lagrange Fi to Global Financial Graph
The evolution and future of the fxyz Network. Tracing the arc from Lagrange Fi through 2026 Solana mainnet launch, including stablecoin corridor expansion and AI agent integration.