Open by Default, Private When Needed: Compliance-Friendly Privacy On Stellar

Financial systems are built around promises. Traditional banking promises financial privacy with regulated oversight. Blockchains promise transparency through trustless verification. For over a decade, developers have had to choose between the transparency of public blockchains and the financial privacy users expect."

A new model is emerging on Stellar, where trustless transparency remains the foundation and new building blocks at the protocol layer enable developers to design privacy-preserving applications with innovative compliance approaches. In January 2026, the Protocol X-Ray upgrade will introduce cryptographic primitives that enable developers to verify zero-knowledge proofs created with Noir circuits within a Stellar smart contract.

The idea behind the Stellar network’s privacy upgrades is ambitious and effective. Keep the ledger public so the network can be audited and verifiable, then enable developers to build privacy tools at the application level. The result: next-generation decentralized applications where financial privacy, transparency, and compliance can coexist.

Let’s look at how this might work in practice using association sets and view keys.

An association set is like a private booth at a restaurant, where invited participants can transact privately. A view key provides a window into the booth, allowing participants within the association to reveal attributes of their transactions.

The public can see a stablecoin balance entering the association set, and they can verify the total supply and that any transfers within the group do not affect that total supply. Participants within the association can transact stablecoins between themselves, and the internal flow is private. In addition, A view key enables users to selectively disclose transaction details to counterparties or regulators as needed for compliance purposes.

This workflow enables businesses to operate privately, while allowing explicitly authorised auditors with view keys to perform selective disclosure, and preserving the network’s role as a transparent, neutral verifier.

This new model is not a black box; it is a controlled aperture that combines financial privacy with compliance tools.

To demonstrate this further, I’ve published a simple Noir circuit that illustrates how an association set can assist with meeting compliance criteria without exposing private transaction data. The code is open source at: https://github.com/jamesbachini/Noirlang-Experiments/blob/main/association_sets/src/main.nr

The circuit takes a public commitment to the Association Set, a public per-transaction limit, and a public commitment to a specific transfer. Privately, it receives the sender and receiver identifiers, the transaction amount, and a view key that an auditor can later use.

It then proves three things at once: first, that both accounts belong to the declared Association; second, that the private amount stays under the public compliance threshold (max_tx_amount in the code). Third, that the private details, combined with the view key, recreate the public commitment stored on the chain. This allows an auditor to verify the transaction in full without revealing any underlying data to the broader network.

Confidentiality does not have to undermine transparency, and compliance does not necessarily require exposing sensitive data. With Association Sets, view keys, and zero-knowledge tooling, Stellar offers developers the building blocks, tools, and capabilities to build solutions that mirrorhow traditional finance operates.