PAAP -- Private Agent-to-Agent Payment Protocol

March 23, 2026 · View on GitHub

A privacy-preserving payment method for HTTP agent payment protocols using zero-knowledge proofs. Compatible with x402 and MPP as a "shielded" payment scheme.

How It Works

PAAP uses a two-phase anonymous token architecture to separate payment from access, making them cryptographically unlinkable:

Phase 1 -- Pre-pay: The agent performs a shielded JoinSplit transaction into the on-chain ShieldedPool. A receipt_commitment is emitted and inserted into a global receipt Merkle tree.

Phase 2 -- Access: The agent generates a ZK proof that it knows a receipt in the tree with sufficient value, revealing only an anonymous token_id. The server verifies the proof and grants access. The server cannot link the token to the original payment (preimage resistance).

Agent                           Server
  |                               |
  |---- GET /resource ----------->|
  |<--- 402 {scheme:"shielded"} --|
  |                               |
  |  [Phase 1: Pre-pay]           |
  |  JoinSplit -> ShieldedPool    |
  |  receipt_commitment -> tree   |
  |                               |
  |  [Phase 2: Access]            |
  |  Token proof from receipt     |
  |---- X-PAYMENT: {token} ------>|
  |<--- 200 OK + content ---------|

Directory Structure

paap/
├── programs/          ZK guest circuits (ZisK)
│   ├── spend/         JoinSplit spend circuit
│   └── token/         Anonymous access token circuit
├── contracts/         Solidity (ShieldedPool, ReceiptTree, RelayAdapter)
├── sdk/               Rust SDK (wallet, prover, scanner, x402 compat)
├── relayer/           Gas abstraction relay service
├── tests/             E2E integration tests
└── config/            Deployment configs

Quick Start

# Run all tests
cargo test -p sdk -p spend-program -p token-program
cd contracts && forge test

# Deploy to Sepolia
cp config/sepolia.env.example contracts/.env
# Fill in DEPLOYER_PRIVATE_KEY
cd contracts && source .env && forge script script/Deploy.s.sol:Deploy --rpc-url $RPC_URL --broadcast

Protocol Compatibility

PAAP works as a drop-in payment scheme for existing agent payment protocols:

  • x402: Registered as scheme "shielded" in the 402 Payment Required flow
  • MPP: Registered as method "paap" in the Model Payment Protocol

See PROTOCOL.md for the full cryptographic specification.

Research

PAAP draws on ideas from:

License

MIT