Kryptos

Kryptos is a 4-player blockchain-based strategic card game built on Hedera Hashgraph, combining social deduction, zero-knowledge proofs, and on-chain fairness. Players must outthink, accuse, and eliminate others through logical reasoning — while cryptographic verification ensures trustless, private gameplay.

Overview

Each player stakes a fixed amount of ETH and starts with: 3 secret cards 70 intel points, plus 120 intel in a shared pool

The game runs for up to 12 rounds. Players spend intel to interrogate, accuse, or buy assets. At the end, the last remaining player or the one with highest intel wins and receives the entire ETH prize pool.

Interrogation

Interrogation is the main strategic action. A player can ask another:

“Is your card sum ≥ X?”

(using X between 3 and 39).

Private interrogation: Only the interrogator sees the result (costs 8 intel).

Public interrogation: Everyone sees the result (costs 5 intel).

The answer is verified via Noir zero-knowledge proofs, allowing truth verification without revealing cards, ensuring fairness and secrecy.

Accusation

When confident, a player may accuse another of having an exact sum:

“Your total sum = 24.”

If correct, the accused is eliminated, and the accuser earns intel rewards. If wrong, the accuser loses intel and strengthens their opponent. These outcomes are verified on-chain via ZK proofs, maintaining integrity and transparency while keeping card data private.

Assets

Players can spend intel to buy random assets that grant temporary advantages like blocking accusations, bluffing interrogations, or revealing partial information. Random distribution is handled by Hedera’s native randomness service, making every round unpredictable and fair.

Why Web3?

Traditional Web2 Hedera provides transparent randomness, low fees, and fast finality. Smart contracts (Solidity) ensure unchangeable game logic and automated payouts. Circom ZK proofs allow private verification of player actions. Envio dashboard publicly displays verified game events for full transparency.

Kryptos uses a hybrid on-chain / off-chain architecture that balances privacy, gas efficiency, and interactivity:

Frontend: Static HTML + CSS + JavaScript (custom). Players connect via an EVM-compatible wallet on Hedera (for signing and staking). Envio is used as an event dashboard to index and display player actions and game state for UX and replayability.

Smart contracts (Solidity): Deployed on Hedera Testnet. Contracts handle game lifecycle (create/join/start), turn enforcement, intel accounting, staking logic (createGame(), createStakingGame(), joinGame(), startGame(), purchaseAsset(), interrogatePublic(), interrogatePrivate(), accuse(), resolveProof()), verifier integration, and payouts.

ZK layer (Circom): Two sets of Circom circuits:

Universal Interrogation circuit — proves sum ≥ threshold (YES/NO).

Universal Accusation circuit — proves sum == accused_sum (equality). Proofs are generated off-chain by the responding player and submitted (as calldata or via a short commitment + on-chain verify) to the verifier contract.

Verifier contracts: Solidity verifier contracts accept Noir proof objects (public inputs + proof blob) and perform cryptographic verification on-chain. The main game contract calls the verifier to validate responses before applying game state changes.

Randomness & dealing: Hedera’s native randomness is used to generate card values and to select random assets when purchased. This ensures unbiased dealing and asset assignment without relying on a single centralized RNG.

Off-chain indexing & dashboard: Envio ingests on-chain events to provide a real-time action dashboard and historical action log for players and judges.

Data & proof flow (typical interrogation)

Player A sends an interrogation transaction (public/private) and pays the required intel to the contract.

The contract records the interrogation event and notifies Player B (via frontend).

Player B generates a Noir proof locally that their private hand satisfies sum ≥ threshold (or not) without revealing cards.

Player B submits the proof to the verifier contract (either in the same transaction or a follow-up tx). The verifier returns true/false.

The game contract updates state (rewards/penalties, round progression) based on verification and emits an event. If public interrogation, event includes the YES/NO result; if private, only Player A sees the result in their UI (rest see a minimal commitment).

Notable implementation choices & “hacky” bits

Separate universal circuits — we built dedicated interrogation and accusation circuits rather than trying to reuse one circuit for both checks. This prevents proof re-use or accidental shortcuts (e.g., using a ≥ proof to cheat at equality checks) and simplifies the public inputs for verifiers.

Minimal on-chain exposure — smart contracts store only the necessary minimal state (intel balances, turn order, eliminated flags, asset ownership). Card secrets remain off-chain until a reveal is required by a verified accusation.

Proof packing & gas optimizations — proofs are generated off-chain and we keep public inputs small. Where possible, we pack public inputs into compact representations to reduce calldata gas. (On Hedera this reduces fees and keeps UX snappy.)

Atomic UX with Envio — to give players a clean, auditable experience without heavy on-chain reads, we push events to Envio which indexes and displays them in near real-time; players still submit and verify proofs on-chain for finality.

Round/Timeout handling — the contract enforces per-turn deadlines; if a player times out, the game enforces default penalties to prevent stalling.

Tech stack summary

Chain: Hedera Hashgraph (EVM-compatible Testnet)

Smart contracts: Solidity (main game + verifier contracts)

ZK: Circom circuits (interrogation & accusation)

Frontend: HTML / CSS / JavaScript (wallet integration)

Dashboard / indexer: Envio

Wallet tooling: EVM-compatible wallets on Hedera (used for staking and transaction signing)

Other tooling: local Noir toolchain for proof generation; standard Solidity tooling for compilation & deployment to Hedera Testnet.

Partner technologies & benefits

Hedera: native PRNG (fair dealing), low fees, and fast finality — essential for interactive games where latency and randomness matter.

Envio: provides a human-friendly event feed and dashboard for actions, which massively improved the UX and made the game easy to monitor during playtests.

What we tested & deployed

Noir circuits verified locally and integrated with verifier contracts.

End-to-end playtests on Hedera Testnet (game creation, staking flow, interrogation/accusation lifecycle, prize payout).

Contracts and verifiers deployed at the addresses provided in the description.