Private Proofs of Innocence


Railway Wallet has integrated the RAILGUN Private Proofs of Innocence (Private POI) assurance system, a decentralized and privacy preserving tool which gives cryptographic assurance of the origin of shielded funds. Users of RAILGUN integrated wallets with Private POI (like Railway Wallet), create a Zero-Knowledge (ZK) proof that their funds are not a part of a publicly known set of undesirable transactions. By using this system, all Railway Wallet users are

Private POI uses only publicly available data and as it is built using ZK cryptography, is entirely privacy protecting. It does not affect the privacy levels of your Railway Wallet 0zk addresses in any way and all private Railway Wallet transactions remain private to everyone and are impossible to deanonymize by anyone. You can read more about Private POI (including architecture and technical descriptions) in the documentation from RAILGUN contributors here.

With this upgrade, there are some changes on how to best use Railway Wallet.


"Shielding" means adding tokens to your hidden 0zk address where you still retain full control of it. Clicking "Shield" in Railway also creates Private Proofs of Innocence (Private POI) which are useful later. This involves a Unshield-only Standby Period.

Please understand this process:

  1. 1 hour must pass before your shielded funds can do things other than go back to your public address. This is called a Unshield-only Standby Period. (In the future this may be upgraded to a shorter time.) During the initial Private POIs beta stage this standby will be one hour, and during this standby period, like any other time with 0zk addresses, no person other than yourself can see or control your tokens. If something urgent comes up, you will still be able to unshield them to origin without waiting.

  2. The Private Proofs of Innocence system creates a Zero-knowledge proof (a small piece of data) that says your shield is not from a certain list of undesirable addresses. You as Railway Wallet user will be able to choose which list to use, in the future. To begin with, there is only the default list, which is the free and public OFAC designated list updated by Chainalysis. (To be clear, no data at all will be shared with them, they are only giving away a free list). In the future, knowledgeable community organizations will probably publish and update more lists to help wallet users avoid bad actors. Railway Wallet itself does not make or update any list or lists. Addresses that shielded tokens from the list will not be able to create a Private POI and will not be able to use Railway Wallet.

  3. Private POI and Railway Wallet app does not share any of your transaction history with anyone - not even with the app publishers or contractors. Transactions sent from 0zk wallets are and will always be impossible to deanonymize by anyone, as they are encrypted to all outside viewers. Private POI proofs are blinded, meaning that they don't reveal any information about the underlying transaction. Proofs are generated on your device and, as they are zero-knowledge, remain completely private. Private POI is a very new and exciting system and Railway Wallet is the first app to ever test it. Please bear in mind the experience will improve in the future and help us with the goal of being the best high-tech, non-profit, free and zero ads, privacy-respecting wallet app.

Private Transfers

Please keep Railway open and active after sending a 0zk-0zk transfer (up to 30 seconds on desktop/web and 1-2 minutes on mobile) until a Private Proof of Innocence is created. This will guarantee that the recipient will be able to use those tokens immediately.


Private Proofs of Innocence are created after a transaction is confirmed. For the transferred tokens to be spendable by the recipient, a valid Private Proof of Innocence will be auto-generated by the sender whilst the Wallet is open. In the meantime, the transfer will show as "Incomplete" on the recipient's wallet. If the sender closes the app before the Private POI is created, they may simply re-open it and wait for the POI to generate.

Is there any risk to the receiver?

If you use Railway Wallet, there is a guarantee that private transactions can generate a Proof of Innocence. There is no risk that tokens will be unspendable if you give enough time after a transaction to allow a proof to generate.

Balance Types

There are 4 balance types within Railway Wallet depending on Private POI status. Please note the following.

Spendable: Tokens marked as Spendable have a valid Private POI and can be spent by your 0zk address with no limitations.

Pending: Tokens currently in the Unshield-Only Standby Period. After this period, you will be able to generate a Private POI. You still retain full control over these tokens during the Unshield-Only Standby Period and can unshield them back to the original depositing address.

Incomplete: “Incomplete” tokens have passed the Unshield-Only spending period and are currently waiting on a Private POI. Please wait a few moments for your wallet to generate a Private POI check OR, if you received tokens from another wallet, please ask the sender to open their Railway Wallet app to complete the Private POI process.

Restricted: Tokens that are from known undesirable activity as indicated by a list provider. These tokens will not become Spendable and Unshielding to the original address is the only option.

Transaction Flow

The standard transaction flow of funds through Railway Wallet and balance types:

  1. Shield tokens into a 0zk address through Railway Wallet for on-chain privacy, private transfers, and private DeFi

  2. Wait for the Unshield-Only Standby Period of 1 hour for newly shielded tokens. Tokens still this Standby Period are part of your Pending Balance.

  3. Once the Unshield-Only Standby Period is complete, these tokens now have a completed Private POI, and are now part of your Spendable Balance. Tokens in a Spendable Balance can be sent to another 0zk address, used in private DeFi, or unshielded to a different 0x address immediately.

  4. Tokens sent from a spendable balance to another 0zk address will be usable by that recipient immediately, without needing to wait for an Unshield-Only Standby Period, as long as the sender keeps the Railway Wallet app open for a few moments (30 seconds on desktop & 1-2 minutes on mobile) after the transaction is confirmed.

  5. Unshield to 0x address through a Broadcaster. Again, this transaction has no waiting time, as the Private POI is carried forward from the initial shield. After the transaction is confirmed, the unshielding wallet will auto-generate a Private POI. Any third-party (like a centralized exchange receiving unshields) can privately verify that the unshield transaction has a completed Private POI, without any other data (like address, balances, or history) being revealed.

Last updated