ZLOB

We aimed to build a private zkCLOB with client side proofs and KYC to participate in trading. The original idea was to build a rollup with an in-protocol orderbook. Also use MoPro for fast proofs on mobile for traders.

Many market makers want to place limit orders for their algorithms in ways that dont expose their balances and/or their orders placed and matched. We use circom circuits to hide who is sending the orders that are being matched. We also operate similar to a centralized exchange and also hide client balances by only posting the state roots for the accounts tree.

We use circom and snarkjs on web to generate the proofs for each order. The proof generation takes around 2 to 3 seconds with wasm.

We also wanted to provide verifiable price-time priority and batch orders into blocks and post proofs onto ETH L1 using the OP stack but ran into time constraints.

To make this product, we used a bunch of zero-knowledge products Undermining our product are

• Mopro: Orders are proved valid client-side and submitted as opaque, unlinkable messages. Anyone can verify the validity of the transaction execution without needing to know the sender’s identity.
• CLOB execution engine: A price-time priority matching engine produces canonical fills and a new state root(custom Rust impl)
• Succient ZkVM1: The CLOB transition function runs inside SP1 zkVM; the resulting proof attests “given inputs X, the engine produced state Y by running program P.”
• Self.xyz supplies attestations and selective-disclosure ZK proofs without revealing PII while using government-issued identities.

Client

TypeScript + WASM bindings for prover libraries. It integrates Self.xyz circuits in Circom and compiled them with SnarkJS

Sequencer

• Built with Rust + Axum
• tokio + RwLock for lightweight mempool management.
• Runs a CLOB engine (inspired by Hyperliquid) written in Rust, deterministic and replayable.
• The sequencer only verifies proofs and enqueues orders; it does not need to know the sender identity.

Rollup + zkVM

• SP1 zkVM runs the order-matching engine deterministically and outputs a succinct proof of state transition. Each batch produces:
• A StateDelta (who traded what, fees, balances).
• A new StateRoot.
• An SP1 proof binding input orders to the state update.

Identity / Policy Layer

• Self.xyz was critical: it allowed us to require proofs like “user is jurisdiction X, not sanctioned” without storing or revealing any raw KYC data.