A Midnight × XRPL reference dApp

Midnight × XRPL
Private Credential Gateway

Prove you qualify — privately. Let the XRP Ledger enforce it — natively.

The problem

Compliance vs. privacy

To reach gated things you must prove you qualify — but proving usually means handing over your identity.

KYC-gated pools want proof you're verified — and collect your documents.
Age-gated commerce wants your birthday — and stores it.
Token-holder drops want your wallet — and dox it publicly.

The idea

Prove privately → enforce on-ledger

No middleman holds your data. No server decides each payment.
Private eligibility, public enforcement.

Architecture

Three pieces

① Midnight contract

The privacy layer. Holds a Merkle tree of valid credentials + a policy (e.g. "adult, in CA") and verifies the zero-knowledge proof.

② Gateway service

The trusted issuer — a Certificate Authority. Holds an XRPL issuer key. Non-custodial: never touches user funds.

③ XRPL

The enforcement layer. Native Credentials + Deposit Authorization, live on mainnet. The ledger blocks or allows.

How it works

The flow

A nullifier is burned on prove — the same credential can't be used twice.

The privacy property

What's private vs. public

🔒 Private — never on-chain	🌐 Public — on-chain
Birthday, ID, raw KYC data	"A valid proof exists"
Which credential / leaf you hold	The XRPL credential (a badge)
The underlying eligibility data	The gated payment result

The gateway sees your address + that a proof exists — not your data. XRPL sees the badge — not why it was granted.

Verified live — browser, real chains

The ledger enforces it

Midnight Preprod + XRPL testnet · via 1AM

prove eligibility✓ block 1425151

issue credential✓ created

user accepts✓ tesSUCCESS

WITHOUT credentialtecNO_PERMISSION

WITH credentialtesSUCCESS

Same payment — blocked one way, allowed the other. The ledger decided, not us.

Trust model

What you trust — and don't

Trustless

The Midnight proof (the chain verifies it) and the XRPL enforcement (the ledger verifies the credential). Neither can be faked.

Trusted — like a CA

The gateway, to only issue for valid proofs. Risk is false-issuance, not theft — it never holds user funds.

Why it matters

A new primitive

Credentials on XRPL exist. Private proofs on Midnight exist. Wiring them together is the new part.

🏛 Compliant-but-private pools 🪪 KYC-gated payments 🔞 Age-gated commerce 🦭 Token-holder drops · no doxxing 🔁 Permissioned DEX / AMM domains

Status

Where it stands

✓ Full flow verified end-to-end, live, in a browser

✓ Contract deployed on Midnight testnet · gateway running

✓ Nullifier replay protection demonstrated

✓ Built on XRPL Credentials — live on mainnet today

Private eligibility.
Public enforcement.

Midnight × XRPL — Private Credential Gateway

Built solo by Dpac Jones

Shared with the NightSign team · Atlantis · 2026