A 42-page technical description of the protocol: the privacy model, the proof system, the economic design, and the threat surface.
WCOR is a privacy-preserving payment protocol for regulated assets. The design combines a Pedersen-committed account model, PLONK-based zero-knowledge proofs over a Halo2-compatible curve, and a custody-neutral settlement layer. Every transfer is confidential by default; selective disclosure is available to the sender, recipient, and — with cryptographic authorization — a jurisdictional auditor.
Public ledgers guarantee integrity and liveness but broadcast ordering, amounts, and participation. For institutional users the last two are unacceptable. Existing privacy systems trade regulatory compatibility for anonymity. WCOR instead targets confidentiality with auditability: amounts are private to all non-parties; participation is private relative to counterparties; and authorized disclosure is a first-class feature.
Accounts are Pedersen commitments to balances. State transitions are proven correct with succinct non-interactive arguments. A transfer produces a proof that (a) the sender's new balance is non-negative, (b) the recipient's new balance is the old plus the transferred amount, and (c) any policy predicates attached to the transfer are satisfied. The proof is attached to the transaction; verifiers on-chain check the proof and apply the state update.
We target the BN254 curve for pairing-friendly operations and use Halo2 PLONK with a KZG polynomial commitment. Range proofs for amounts use log-sum-check arguments with a ~28 µs per-constraint prover cost on current hardware. The commitment scheme is Pedersen on JubJub.
Proof generation is a market. Provers stake $WCOR and bid on mempool jobs; users pay in-kind. A base fee, proportional to circuit size, is burned on submission. Section 7 of the paper formalizes the security budget under rational-adversary assumptions.
Every transfer commits to a viewing key held by the sender. The sender can issue short-lived disclosure tokens that let a named party (custodian, auditor, court) reveal a subset of transactions. Disclosures are themselves proofs — no trust in a WCOR operator is required.
Threat model, governance, upgradability, Schnorr aggregation, cross-chain attestations, deployment & operations, and a formal-verification appendix. Open the full PDF →