Skip to main content

Withdrawal Proof (POI)

When funds leave Bermuda's shielded pool, the protocol generates a Proof of Innocence (POI) — a cryptographic attestation that the withdrawn funds are not linked to any flagged or sanctioned activity within the pool.

How It Works

At the time of unshielding, the SDK constructs a zero-knowledge proof that demonstrates:

  1. The user's shielded balance is legitimate — It was not received from a flagged source
  2. No association with sanctioned entities — The transaction graph within the pool does not connect the withdrawal to any known bad actor
  3. Compliance rules were satisfied — All applicable policies (pre-shield checks, attestations) were met for the underlying deposits

This proof is submitted alongside the unshield transaction and can be verified on-chain by anyone — without revealing the user's identity, balance, or transaction history.

Why It Matters

The withdrawal proof solves a fundamental challenge in privacy systems: how do you prove your funds are clean without revealing where they came from?

With POI:

  • Users can demonstrate compliance to exchanges, on-ramps, and institutions without de-anonymizing themselves
  • Receiving parties can verify that incoming funds passed through a compliant privacy pool
  • Regulators gain assurance that the privacy layer is not being used to launder illicit funds

Proof of Innocence in Practice

ScenarioHow POI helps
Withdrawing to a centralized exchangeThe exchange can verify the POI to accept the deposit without additional KYC friction
Receiving a private paymentThe recipient can confirm the funds are not tainted
Regulatory auditCompliance teams can verify withdrawal proofs without accessing user data
Cross-chain transfersDestination chains or bridges can check POI before accepting funds

Technical Details

The withdrawal proof is a ZK-SNARK that attests to the exclusion of the user's transaction path from any flagged subgraph within the shielded pool. It is generated client-side by the SDK and verified on-chain by the pool contract — no trusted third party is involved in the verification process.