PrivMart

This is a decentralized e-commerce platform that handles everyday payments (e.g., deposits, withdrawals, purchases, refunds) with enhanced features like discounts, order verification, and privacy

Comment

Inspiration

The spark for PrivMart came from my frustration with the lack of privacy in e-commerce. Every time you buy something online whether it is a phone from Amazon or a shirt from Etsy, your personal data is at risk. In 2021, over 1.5 billion user records were exposed in e-commerce breaches, from payment details to home addresses. As someone who values control over my data, I could not accept that shopping online meant sacrificing privacy. Enter Aleo, a blockchain that uses ZKPs to prove computations without revealing the data behind them. I thought: what if buyers could purchase products without exposing their identity, and sellers could list inventory without publicizing their stock? Inspired by privacy-focused projects like Zcash and Aleo’s vision for programmable privacy, I set out to build PrivMart (A marketplace where trust is enforced by cryptography, not centralized servers)

What it does

  1. Private Transactions: Buyers deposit funds, purchase products, and withdraw balances without revealing their identity or transaction details, thanks to Aleo ZKPs.

  2. Product Listings: Sellers (via an admin) list products with details like price, stock, and discounts (%), all stored privately in mappings.

  3. Atomic Purchases: Buyers can purchase products with a discount applied, while sellers receive the full amount, ensuring fairness.

  4. Refunds & Updates: Admins can process refunds (restocking products and updating balances) and update order statuses ("paid" to "shipped"), all verified with cryptographic hashes.

  5. Seller Earnings: Sellers withdraw earnings privately, with balances tracked securely.

How we built it

As a Leo developer, I use the Leo programming language to build PrivMart iteratively. Here’s how it came together:

  1. Foundation: I started by importing credits.aleo for token transfers and defined structs: (a) Product: Includes id, price, stock, category, and discount_rate for flexible listings. (b) Order: Tracks buyer, quantity, total_paid, and a verification_hash for integrity. (c) Receipt: Logs payments with timestamps for transparency.

  2. Storage Design: Used mappings for efficient data access. counters to ensure unique IDs without collisions.

  3. Core Transitions: (a) Deposit/Withdraw: Buyers fund their balance via credits.aleo/transfer_public, with finalize functions updating buyer_balance. (b) Buy Product: Validates stock, applies discounts, creates orders/receipts, and updates stock atomically. (c) Process Refund: Verifies order status and hash, restocks products, and refunds buyers. (d) Admin-only functions [list_product, deactivate_product] - use assert(caller == ADMIN) for security.

  4. Testing: Deployed on Aleo’s testnet, simulating scenarios like a buyer purchasing with a 20% discount or a seller withdrawing earnings. I used Leo’s CLI to compile ZKP circuits, ensuring privacy holds.

  5. Privacy Focus: Ensured sensitive fields (buyer, total_paid) are private, using ZKPs to prove computations without leaks. For example, the verification_hash ensures order integrity without exposing details.

I coded in VS Code, leaning on Leo’s documentation and Aleo community forums for guidance. The process felt like assembling a cryptographic puzzle where every piece had to fit perfectly.

Challenges we ran into

  1. Balancing Privacy and Functionality: Applying discounts privately was tricky. I needed to validate discount_code without exposing it, using valid_discounts mapping. Ensuring atomicity (i.e deducting balance and updating stock in one go) required multiple rewrites to avoid partial states.

  2. Storage Efficiency: Mappings can grow large, so I optimized with get_or_use for default values, reducing gas costs. But early versions had redundant writes, inflating costs.

  3. Learning Curve: Aleo upgrade model (@noupgrade) were initially confusing. I spent time studying Aleo’s docs to get it right, since I could not deploy my program without inserting the constructor function

Accomplishments that we're proud of

  1. Privacy-First Shopping: Built a fully functional e-commerce contract where buyers and sellers transact without exposing sensitive data, a first step toward a real-world private marketplace.

  2. Robust Discount System: Implemented a discount mechanism that is fair to both parties where buyers save, sellers get full payment.

  3. Atomic Transactions: Ensured purchases and refunds are all-or-nothing, preventing partial failures.

  4. Clean Code: Structured the contract with clear structs, mappings, and transitions, making it maintainable and extensible.

What we learned

  1. Leo & Aleo: Mastered Leo’s syntax for structs, mappings, and async transitions. Understood how Aleo’s ZKPs compile to circuits, balancing on-chain and off-chain logic.

  2. E-Commerce Logic: Gained insights into stock management, discount calculations, and refund workflows, all while keeping data private.

  3. User-Centric Design: Realized that privacy isn’t just technical—it’s about giving users control and peace of mind.

What's next for PrivMart

  1. Multi-Seller Support: Extend the contract to allow any verified seller to list products, not just an admin, using a permissioned system.

  2. Advanced Discounts: Add time-based or quantity-based discounts to make PrivMart competitive with traditional platforms.

  3. Scalability: Optimize mappings and explore Aleo’s storage solutions to handle thousands of products and users.

  4. Real-World Deployment: Partner with Aleo ecosystem to deploy PrivMart on mainnet, targeting privacy-conscious shoppers and sellers.

  5. Community Growth: Open-source PrivMart on GitHub, inviting other Leo developers to contribute features like reviews or escrow.

Built With

Share this project:

Updates