I’m working on an experimental digital cash protocol built around a state-only model: there is no global transaction history to observe or analyze. The system maintains consensus only over the current state root, while all transfers are validated via cryptographic proofs of correct state transitions. Privacy is achieved conceptually by removing history as an object, not by obscuring it.
Each account maintains a balance, a monotonic counter, and a cryptographic commitment linked to the global state root. Transfers prove correctness of local state updates (balance, counter, root linkage) without revealing transaction paths or reconstructable flows. A minimal, per-account numeric history exists only to validate state correctness, not to expose relationships.
I’m currently interested in discussing ZK constructions suitable for this model: efficient state-transition proofs, handling double-spend prevention without transaction graphs, and practical choices between Plonk-style SNARKs, Halo2, or alternative approaches. Any thoughts on circuit design, constraint minimization, or known pitfalls in similar architectures would be greatly appreciated.
This is a research-driven, open-source protocol, not a commercial product. I’m primarily looking for critique, ideas, and pointers to existing work I might have missed.