“prove-once, monitor-forever” construction for balance thresholds without revealing the collateral address?

Privacy
1

The core research question

We’re trying to understand whether there exists a construction with this shape:

One-time (or very infrequent) user setup produces a private handle/credential.
After that, verifiers can continuously check “still ≥ threshold” against an evolving public chain state without learning the collateral address A and without the user needing to regenerate proofs every epoch.

Put differently: can we get a Tornado-like “spent/unspent” check for threshold eligibility, without revealing the underlying address?

Use case

A privacy-preserving proof of funds primitive. This can be used for things like tiered benefits (e.g., crypto credit card tiers) and also loans (underwriting proof of substantial assets). How this ideally would work:

  • User holds collateral (tokens) in wallet A.

  • Card provider links tiers/benefits to a spending wallet B (later the user may switch to wallet C).

  • We want the provider to grant/maintain a tier for B/C without ever learning wallet A, and ideally without any third party learning A either.

  • The tier should remain valid only while the collateral stays above a threshold (or at least within some freshness window).

We’re looking for a construction that achieves as many of these as possible:

  1. Address privacy: verifier (card provider) cannot learn the collateral address A, and ideally no operator learns A either.

  2. Ongoing eligibility / revocation: verifier can check that the user is still eligible (collateral still ≥ threshold) over time.

  3. Low user burden: user should not have to constantly generate new proofs (ideally one-time setup, then passive monitoring/verification).

  4. Wallet portability: user can switch “benefit wallet” B → C without revealing A.

  5. Non-transferability / anti-rent: a third party shouldn’t be able to reuse/steal credentials to claim a tier for their own wallet.

  6. Works with existing ERC-20 / EVM chains (ideally without modifying the token contract).

Constructions we’ve considered (and their downsides)

User generates ZK proofs from chain state (no operator learns A)

User proves knowledge of an address A (hidden) whose balance/storage value in a state proof is ≥ X.
Issue: freshness requires repeating proofs (each epoch / periodically / on demand), because the chain state root changes.

What we’re asking the community

  1. Is there a known primitive / paper / protocol that enables “prove once, monitor forever” style threshold eligibility for externally-held balances without revealing the address and without recurring user proofs?

  2. If the answer is “no,” can someone formalize the obstruction / impossibility intuition under reasonable assumptions (EVM-style account model, no token modifications, no trusted operator)?

  3. Are there relaxations that make it possible while still being practical? For example:

    • allow modifying the token/staking contract to maintain commitments

    • allow an MPC/TEE-based watcher that learns A but is cryptographically constrained

    • accept very infrequent user refresh (weekly/monthly) rather than every epoch

Threat model clarifications

  • The card provider/verifier is not trusted with collateral identity.

  • We care about on-chain observers correlating A ↔ B/C as well.

  • We likely need non-transferability to prevent renting tiers to third-party wallets (so “bearer credential” is not acceptable unless explicitly delegated).