[2509 Grant proposal] MoonVeil

Overview

Moonveil is a privacy-preserving Layer 2 protocol for Bitcoin, designed to run on Rootstock. It enables users to spend Bitcoin UTXOs privately while preserving Bitcoin’s native script logic (P2PKH, P2SH, etc.) in zero-knowledge circuits.

At its core, Moonveil maps Bitcoin’s UTXO model into a privacy-preserving UTXO pool deployed on Rootstock. Each transaction is a Rootstock transaction that updates two state trees — a UTXO tree and a nullifier tree — ensuring private balance transfers. Users deposit Bitcoin via the Rootstock bridge, mint shielded UTXOs, and privately spend them by generating zero-knowledge proofs of valid Bitcoin script execution.

Vision: To let Bitcoin users enter Moonveil directly via the Rootstock bridge without needing to interact with EVM to offer a Bitcoin → private Bitcion User experience.

Team Background

Mohammed - Github: mohammed7s
An open-source builder focused on zero-knowledge proofs, privacy, and financial systems. Implemented zk-email in o1js and developed openbanking.nr (zk circuits for Open Banking). Contributor at Attested Frontiers, an R&D collective for verifiable attestations, collaborating with cryptographers and smart contract engineers on applied zk research. Experience spans Noir, o1js, Groth16 proving systems, and secure transaction parsing. Currently exploring the emerging BitVM/BitVMX era of Bitcoin, with a focus on extending Bitcoin’s capabilities through verifiable and privacy-preserving systems.

Funding

$60,000 total requested; 20,000 for milestone1
Milestone 1: $20,000
Milestone 2: $20,000
Milestone 3: $20,000

Implementation Strategy

Milestone 1: P2PKH Circuit & Rootstock EVM Verification (Essentials)

Deliverables:

• Implement Bitcoin opcodes needed for P2PKH verification in Noir (OP_DUP, OP_HASH160, OP_EQUALVERIFY, OP_CHECKSIG, OP_EQUAL)
• Generate and verify Groth16 proofs inside Rootstock EVM contract
• Implement stack-based virtual machine logic
• Basic transaction parsing for P2PKH scripts

KPIs:

• Successful on-chain verification of P2PKH spend.
• Open-source code in GitHub repo.

Milestone 2: Opcode Coverage & P2SH & P2SW (Core Set)

Deliverables:

• Extend Noir circuit to support core opcode set beyond P2PKH (~25 opcodes total)
• Implement support for P2SH script verification with redeem script execution
• Implement support for P2WSH (SegWit)
• Multi-signature support (OP_CHECKMULTISIG) with common configurations
• Enhanced transaction parsing for both legacy and SegWit formats
• Update Rootstock integration to handle all script types

KPIs:

• On-chain verification of both P2SH 2of3 multisig spend.
• On-chain verification of P2WSH script spend
• BIP 143 test vector compliance
• unit tests covering opcodes in the core set

Milestone 3: Shielded Pool Contract & State Management

Deliverables:

• Deploy Rootstock smart contract to manage UTXO tree and nullifier tree.
• Implement shielded transaction pool (privacy pool) for deposits/withdrawals.
• frontend client application for user interaction

KPIs:

• Public testnet deployment of Moonveil state contract.
• e2e flow
• app with bitcoin wallet integration

Technical Specs

Core components:

• bitcoin-script.nr library

  • noir based circuits with groth16 proofs
  • Stack-based VM with fixed arrays
  • ~25 opcodes covering P2PKH and script support
  • Tx parsing (legacy and segwit)

• Roostock smart contracts

  • Shielded pool contract: state tree management, deposit, withdrawal
  • ScriptSig proof verifier

• Frontend Client

  • web application
  • note management
  • tx builder

• Privacy Architecture

  • UTXO tree: sparsed maerkle tree for note commitments
  • Nullifier tree: Indexed merkle tree preventing double-spend

Value Prop for Rootstock

• Novel Privacy Solution: First Bitcoin-native privacy protocol on Rootstock, filling critical market gap
• Bitcoin Liquidity Attraction: Direct bridge integration brings Bitcoin holders into Rootstock ecosystem
• Developer Infrastructure: Open-source bitcoin-script.nr library enables new privacy applications
• Technical Leadership: Positions Rootstock as premier platform for Bitcoin ZK innovation
• TVL Growth: Shielded BTC deposits increase total value locked on Rootstock
• Research Contribution: Advances state-of-art in Bitcoin privacy and ZK verification
• Ecosystem Differentiation: Unique selling point versus other Bitcoin Layer 2 solutions

Current Progress & GitHub Repository

Existing Work: shadowBTC Repository (github.com/mohammed7s/shadowbtc)
(Will migrate to MoonVeil repo)

• Experimental Noir circuits for Bitcoin script verification
• Foundation for Moonveil development

We like the concept of using zero-knowledge proofs to enable Bitcoin transaction privacy, as it could provide Rootstock with unique value. However, we have several questions. The grant request of $60,000 seems relatively high given the uncertainty around user adoption and overall product utility. Could the team clarify how this budget was determined and provide a detailed cost breakdown? Additionally, the milestones are defined in terms of deliverables but currently lack clear timelines, making it difficult to assess feasibility. Finally, who are the intended users, retail Bitcoin holders or institutional players and what adoption path does the team envision?

Hi there Moonveil team, thank you for the proposal .

While the concept of ZK-based privacy on Bitcoin is interesting, we are not convinced yet on the concrete value this brings to Rootstock. The requested $60k is too high given the uncertainties around adoption, security, and overall ecosystem fit. At this stage, we would expect a much smaller, research-focused grant tied to clear testnet proof-of-concept results.

Please also clarify:

1. How exactly this drives measurable growth for Rootstock (users, TVL, transactions).
2. Who the end users are and why they would adopt Moonveil over other privacy solutions.
3. How you will ensure audits, security, and compliance before moving to a shielded pool.

Right now the scope feels premature for this funding level, and we’d suggest revising down with a more focused, milestone-gated plan.

Best!

Hey! Thanks a lot for the feedback! really appreciate the guidance and suggestions.

Re product:

• The target is standard bitcoin users. Who would appreciate a private bitcoin environment 1:1 and continue to use bitcoin script to lock UTXOs.
• We are thinking a use case we would develop on top of this solution would be a Private Bitcoin payroll product. So for teams that pay their employees in BTC can do so privately.
• The idea is to abstract away Rootstock alltogether, such that its the DA layer/backend. This is an interesting problem on its own; the limitation is we want the user to just have a bitcoin secp256k1 key they would use for bitcoin ops and not manage two wallets. Looking at EIP7702, 4337 and smart contract accounts as tools with varying tradeoffs.
• The target level of privacy is full tx privacy. Users should not be able to tell the balances or tx graph.
• Another design principle should be the seperation of bitcoin script validation and shielded pool. Such that the shielded pool could be reused for other use cases openly.

Re grant:

• The initial budget is based on 2 engineers x 3 months of work. Which would cover a full scope for the app. But, upon feedback I agree, maybe its too ambitious and no need to do it all at once before some research, validation and community engagement first.
• Maybe we can aim for a simplified poc that can be deployed on testnet and would work e2e. with no optimizations. It would target only p2pkh for bitcoin validation. and the client app just a cli wallet, with a simple but fully functioning shielded pool mechanism following the Aztec UTXO design. (see Aztec inspired with encrypted logs)
• More progress has been done since the initial post. But still needs work on contracts, client app, and backend to create an e2e version. I pushed progress on this branch: GitHub - mohammed7s/shadowBTC at feature/bitcoin-script-progress
• We would also add documentation on our research findings on three questions:
  1. zk proof and different approaches to verify BTC transactions. There are two key approaches: 1) SP1/Risc0 verify bitcoin crate (complex) and 2)more direct Noir based circuits approach. Both have tradeoffs.
  2. How Rootstock can act as a backend (abstracted layer) for bitcoin native users. UX vs trust assumptions tradeoffs. 7702,4337, fastBTC bridge etc.
  3. Shielded pools designs and tradeoffs in complexity, ux and levels of privacy.
• Budget for this phase can be $12k and based on the feedback/conviction can initiate a separate grant proposal to take to production. The timeline is 6 weeks from approval.

Happy to receive more feedback, any thoughts are welcome!

Hi @mohammed

Thanks for sharing this proposal and for the detailed write-up. It’s clear you have deep technical understanding of zero-knowledge proofs and Bitcoin scripting.

As it stands right now, the idea feels quite ambitious for a single-person build. I’d personally suggest that the Collective explore this topic through a collaborative research track, similar to how Ethereum’s early ZK efforts started, small and open working groups.

That kind of setup could help align people experimenting with ZK on Rootstock and create shared libraries or standards that benefit everyone, including projects like MoonVeil.