BlindPay is a privacy-first payment protocol built on Zama’s fhEVM that encrypts transaction amounts, merchant addresses, and payment statuses on-chain using Fully Homomorphic Encryption. Merchants create invoices and receive payments without exposing any sensitive data on the blockchain everything is encrypted before it leaves the browser. Funds are claimed through a cryptographic commitment scheme, so no on-chain address reveal is ever needed. We also deployed our own MockUSDC token on Sepolia with a built-in faucet for easy testing.
The Problem
Every transaction on a public blockchain is an open book. Send a payment, and the world sees how much, to whom, and when. For individuals this means zero financial privacy. For businesses it means competitors bots, and bad actors can index your entire revenue, your customers, and your payment patterns in real time.
Existing privacy solutions either mix transaction trails after the fact or rely on separate private chains band-aids that sacrifice composability, audit-ability, or both
What BlindPay Does Differently
BlindPay brings confidential payments directly to the EVM using Fully Homomorphic Encryption. Instead of hiding transactions after they happen, we encrypt them before they ever reach the chain — and the smart contract processes them without ever decrypting.
The contract sees ciphertexts. It validates ciphertexts. It moves funds using ciphertexts. At no point does any node, validator, or block explorer see the actual amount, the merchant’s address, or the payment status in plaintext.
Under the Hood
Encryption happens in your browser. A 4.7MB TFHE WebAssembly module runs locally, encrypting invoice amounts into euint64, addresses into eaddress, and statuses into ebool before any transaction is signed.
The smart contract operates blind. Built on Zama’s fhEVM, the BlindPay contract creates invoices, accepts payments, and releases funds — all on encrypted values. It never needs to see what’s inside.
Fund claiming uses cryptography, not identity. Merchants don’t reveal their address on-chain to collect payments. Instead, they prove ownership through a commitment hash — keccak256(merchant, salt, claimSecret)
— a scheme where knowledge of the secret is the only key.
Events reveal nothing useful. On-chain events emit only salts and receipt hashes. No amounts. No addresses. An observer sees that something happened, but not what.
Why This Matters
Without BlindPay, a single invoice payment on Ethereum tells the world: who paid, who received, how much, and when. With BlindPay, that same payment is a black box — verifiable by the parties involved, invisible to everyone else.
This unlocks real use cases that public blockchains currently cannot serve:
-
A freelancer invoicing a client without their rate being public record
-
A business accepting crypto payments without competitors tracking their revenue
-
A donor contributing to a cause without their wallet being permanently linked to it
-
A protocol integrating payments without ever touching plaintext financial data
The Bigger Picture
Blockchains solved trust. They haven’t solved privacy. For on-chain commerce to go mainstream, users and businesses need the same financial confidentiality they expect from traditional payment systems — without giving up the transparency, composability, and self-custody that make crypto worth using in the first place.
BlindPay bridges that gap. Not with workarounds or trade-offs, but with math — Fully Homomorphic Encryption that lets public blockchains process what they cannot see.
- Site: blind-pay.vercel.app