feat(patterns): migrate batch 1 (30 cards) to schema v2

CHANGELOG.md

@@ -13,6 +13,7 @@ All notable changes to the IPTF Map are documented here.
 - feat(pattern): [zk-promises](patterns/pattern-zk-promises.md) -- stateful anonymous credentials with async callbacks for blind compliance enforcement ([#132](https://github.com/ethereum/iptf-map/pull/132))
 - feat(pattern): [Proof of Innocence](patterns/pattern-proof-of-innocence.md) -- association set membership/exclusion proofs for compliance without surveillance ([#132](https://github.com/ethereum/iptf-map/pull/132))
 - feat(approach|use-case): [Resilient Identity Continuity](use-cases/resilient-identity-continuity.md) and [added approach](approaches/approach-private-identity.md) ([#145](https://github.com/ethereum/iptf-map/pull/145))
+- refactor(pattern): rename `pattern-noir-private-contracts` to [Private Contract DSL](patterns/pattern-private-contract-dsl.md) for vendor-neutral naming ([#154](https://github.com/ethereum/iptf-map/pull/154))
 
 ### Removed
 
@@ -40,7 +41,6 @@ All notable changes to the IPTF Map are documented here.
 - feat(pattern): Private Shared State split into [co-SNARKs](patterns/pattern-private-shared-state-cosnark.md), [FHE](patterns/pattern-private-shared-state-fhe.md), [TEE](patterns/pattern-private-shared-state-tee.md) — each with distinct CROPS profile and trust model ([#104](https://github.com/ethereum/iptf-map/issues/104))
 - feat(pattern): Enhanced [Hybrid TEE + ZK Settlement](patterns/pattern-tee-zk-settlement.md) with trust framework, TEE API surface, stealth address design, anti-pattern table, and PoC learnings ([#79](https://github.com/ethereum/iptf-map/issues/79))
 - feat(pattern): [Compliance Monitoring](patterns/pattern-compliance-monitoring.md) - Transaction screening with privacy-preserving audit trails ([#73](https://github.com/ethereum/iptf-map/pull/73))
-- feat(pattern): [L2 Privacy Evaluation Framework](patterns/pattern-l2-privacy-evaluation.md) - Methodology for institutions to compare privacy L2s (PR-011)
 - feat(pattern): [Cross-chain Privacy Bridge](patterns/pattern-cross-chain-privacy-bridge.md) - Bridge assets between chains while preserving privacy
 - feat(pattern): [Stateless Plasma Privacy](patterns/pattern-plasma-stateless-privacy.md) - Client-side proving with minimal on-chain footprint (Intmax-style)
 - feat(pattern): [vOPRF Nullifiers](patterns/pattern-voprf-nullifiers.md) - Threshold vOPRF-based nullifier generation for credentials/signals ([#61](https://github.com/ethereum/iptf-map/pull/61))
@@ -131,7 +131,7 @@ All notable changes to the IPTF Map are documented here.
 - feat(pattern): [FOCIL-EIP7805](patterns/pattern-focil-eip7805.md) ([#26](https://github.com/ethereum/iptf-map/pull/26))
 - feat(pattern): [Lean Ethereum](patterns/pattern-lean-ethereum.md) ([#26](https://github.com/ethereum/iptf-map/pull/26))
 - feat(pattern): [OIF](patterns/pattern-oif.md) - Optimized Integrity Framework ([#26](https://github.com/ethereum/iptf-map/pull/26))
-- feat(pattern): [Noir private contracts](patterns/pattern-noir-private-contracts.md) ([#21](https://github.com/ethereum/iptf-map/pull/21))
+- feat(pattern): [Noir private contracts](patterns/pattern-private-contract-dsl.md) ([#21](https://github.com/ethereum/iptf-map/pull/21))
 - feat(vendor): [Paladin](vendors/paladin.md) ([#19](https://github.com/ethereum/iptf-map/pull/19))
 - feat(vendor): [State Labs](vendors/tx-shield.md) - Tx Shield, OpenTMP LLM, Collab-Key ([#7](https://github.com/ethereum/iptf-map/pull/7))
 - feat(vendor): [Soda Labs](vendors/soda-labs.md)

approaches/approach-private-identity.md

@@ -263,7 +263,7 @@ When sources are honest, the cryptographic layer enforces one-to-one binding. Wh
 - **ZK Frameworks:** [Semaphore](https://github.com/semaphore-protocol), [Noir/Barretenberg](https://docs.aztec.network/), [Circom/Groth16](https://docs.circom.io/), [Iden3](https://github.com/iden3)
 - **Credential Systems:** [ZKPassport](https://zkpassport.id/), [Self](https://self.xyz/), [Rarimo](https://rarimo.com/), [Anon Aadhaar](https://github.com/anon-aadhaar), [zkEmail](https://prove.email/), [TLSNotary](https://tlsnotary.org/), [POD2](https://github.com/0xPARC/pod2), [OpenAC](https://eprint.iacr.org/2026/251), [Human Passport](https://passport.human.tech/), [Holonym](https://holonym.id/)
 - **Validated Deployments:** ZKPassport Aztec sale (120+ countries), Anon Aadhaar, World ID (25M registrations), [OpenCerts](https://www.opencerts.io/) (2M+ certs)
-- **Related Patterns:** [Private MTP Auth](../patterns/pattern-private-mtp-auth.md), [ZK-KYC/ML + ONCHAINID](../patterns/pattern-zk-kyc-ml-id-erc734-735.md), [zk-TLS](../patterns/pattern-zk-tls.md), [Selective Disclosure](../patterns/pattern-regulatory-disclosure-keys-proofs.md), [co-SNARK](../patterns/pattern-co-snark.md), [Verifiable Attestation](../patterns/pattern-verifiable-attestation.md), [vOPRF Nullifiers](../patterns/pattern-voprf-nullifiers.md), [Stealth Addresses](../patterns/pattern-stealth-addresses.md), [ERC-3643 RWA](../patterns/pattern-erc3643-rwa.md), [Compliance Monitoring](../patterns/pattern-compliance-monitoring.md), [Network Anonymity](../patterns/pattern-network-anonymity.md), [Noir Private Contracts](../patterns/pattern-noir-private-contracts.md), [Privacy L2s](../patterns/pattern-privacy-l2s.md), [TEE-Based Privacy](../patterns/pattern-tee-based-privacy.md)
+- **Related Patterns:** [Private MTP Auth](../patterns/pattern-private-mtp-auth.md), [ZK-KYC/ML + ONCHAINID](../patterns/pattern-zk-kyc-ml-id-erc734-735.md), [zk-TLS](../patterns/pattern-zk-tls.md), [Selective Disclosure](../patterns/pattern-regulatory-disclosure-keys-proofs.md), [co-SNARK](../patterns/pattern-co-snark.md), [Verifiable Attestation](../patterns/pattern-verifiable-attestation.md), [vOPRF Nullifiers](../patterns/pattern-voprf-nullifiers.md), [Stealth Addresses](../patterns/pattern-stealth-addresses.md), [ERC-3643 RWA](../patterns/pattern-erc3643-rwa.md), [Compliance Monitoring](../patterns/pattern-compliance-monitoring.md), [Network Anonymity](../patterns/pattern-network-anonymity.md), [Private Contract DSL](../patterns/pattern-private-contract-dsl.md), [Privacy L2s](../patterns/pattern-privacy-l2s.md), [TEE-Based Privacy](../patterns/pattern-tee-based-privacy.md)
 - **Prior Art:** [Vitalik zk-identity framework](https://vitalik.eth.limo/general/2025/06/28/zkid.html), [Human](https://human.tech/) (plural-identity scoring), [zk-creds (Rosenberg et al., 2023)](https://eprint.iacr.org/2022/878), [zk-promises (Shih et al., 2025)](https://eprint.iacr.org/2024/1260), [PLUME (Aayush Gupta, ERC-7524)](https://aayushg.com/thesis.pdf)
 - **PoC:** [Resilient Private Identity](https://github.com/ethereum/iptf-pocs/tree/master/pocs/private-identity/resilient-private-identity)
 - **Vendors:** [Aztec](../vendors/aztec.md), [Miden](../vendors/miden.md), [Zama](../vendors/zama.md), [Fhenix](../vendors/fhenix.md), [TACEO](../vendors/taceo-merces.md), [Privacy Pools](../vendors/privacypools.md), [Chainlink ACE](../vendors/chainlink-ace.md), [EY](../vendors/ey.md)

domains/post-quantum.md

@@ -81,7 +81,7 @@ Ethereum inherits PQ transport encryption for some surfaces (Go 1.24 ships hybri
 
 | Surface                              | Broken Primitive               | Solution Path                                                                                      | Status    | Pattern                                                                                                                |
 | ------------------------------------ | ------------------------------ | -------------------------------------------------------------------------------------------------- | --------- | ---------------------------------------------------------------------------------------------------------------------- |
-| Note discovery / viewing keys        | EC-based key derivation        | ML-KEM (outside ZK circuit) + OMR                                                                  | Tractable | [Shielding](../patterns/pattern-shielding.md), [Noir Private Contracts](../patterns/pattern-noir-private-contracts.md) |
+| Note discovery / viewing keys        | EC-based key derivation        | ML-KEM (outside ZK circuit) + OMR                                                                  | Tractable | [Shielding](../patterns/pattern-shielding.md), [Private Contract DSL](../patterns/pattern-private-contract-dsl.md) |
 | Proven-correct encryption to auditor | ElGamal (EC scalar mul)        | Lattice PKE outside circuit + Poseidon symmetric encryption inside circuit (detect-and-flag model) | Partial   | [Regulatory Disclosure](../patterns/pattern-regulatory-disclosure-keys-proofs.md)                                      |
 | Protocol-enforced decryptability     | Proving lattice PKE in-circuit | Field mismatch (q=3,329 vs BN254); simpler than full ML-KEM but still expensive                    | Unsolved  | —                                                                                                                      |
 
@@ -98,7 +98,7 @@ Ethereum inherits PQ transport encryption for some surfaces (Go 1.24 ships hybri
 | [PSI-DH](../patterns/pattern-private-set-intersection-dh.md)                                  | DDH / commutative encryption       | Medium    | Lattice-based PSI                  |
 | [MPC Custody](../patterns/pattern-mpc-custody.md)                                             | Threshold ECDSA/EdDSA              | Low       | ML-DSA / hash-based threshold      |
 | [TEE Key Manager](../patterns/pattern-tee-key-manager.md)                                     | ECDSA/BLS signing                  | Low       | PQ signing in TEE                  |
-| [Noir Private Contracts](../patterns/pattern-noir-private-contracts.md)                       | Barretenberg (PLONK)               | High      | Hash-based commitments / STARKs    |
+| [Private Contract DSL](../patterns/pattern-private-contract-dsl.md)                       | Barretenberg (PLONK)               | High      | Hash-based commitments / STARKs    |
 | [Private Shared State (co-SNARK)](../patterns/pattern-private-shared-state-cosnark.md)        | Groth16                            | Medium    | co-STARK alternatives              |
 | [TEE+ZK Settlement](../patterns/pattern-tee-zk-settlement.md)                                 | Groth16/PLONK                      | Medium    | STARKs                             |
 | [co-SNARK](../patterns/pattern-co-snark.md)                                                   | co-SNARK (Groth16-based)           | Medium    | co-STARK                           |

patterns/pattern-co-snark.md

@@ -1,64 +1,102 @@
 ---
-title: "Pattern: co-SNARKs (Collaborative Proving)"
+title: "Pattern: Delegated Proving (co-SNARKs)"
 status: draft
-maturity: PoC
+maturity: testnet
+type: standard
 layer: hybrid
-privacy_goal: Enable multi-party ZK proving over distributed private inputs without disclosure
-assumptions: co-SNARK protocol infrastructure, MPC network coordination, honest majority among proving parties
-last_reviewed: 2026-01-14
+last_reviewed: 2026-04-23
+
 works-best-when:
-  - Multiple parties each hold sensitive data or models, and need to jointly prove compliance, settlement, or state updates without revealing inputs.
+  - A user or institution lacks the compute, memory, or battery to generate a zero-knowledge proof client-side and wants to offload the work without disclosing the witness.
+  - The delegatee set can be run by independent operators so no single party sees the full witness.
 avoid-when:
-  - A single party can generate the proof without external data.
-dependencies:
-  - co-SNARK protocols (e.g. TACEO)
+  - Client-side proving is feasible and low-latency is critical.
+  - Only one proving node is available (no honest-majority distribution possible); use a TEE-based prover instead.
+
 context: both
+context_differentiation:
+  i2i: "Between institutions, delegated proving is typically contracted between known parties with SLAs and legal recourse. The prover set can be small and stable. Honest-majority risk is mitigated by bilateral agreements and audit logs."
+  i2u: "For users, the prover set must be permissionless or at least operator-diverse so that no coalition can recover the witness. Economic bonding with slashing and publicly auditable proving logs protect against collusion. A user has no recourse if the prover set silently leaks their witness."
+
 crops_profile:
   cr: medium
-  os: yes
-  privacy: full
-  security: medium
+  o: yes
+  p: full
+  s: medium
+
+crops_context:
+  cr: "Reaches `high` when the prover network is permissionless and bond-backed with slashing for Byzantine behaviour. Drops to `low` when a single proving service controls the pipeline."
+  o: "Proving-framework implementations are published under permissive licenses; production deployments may bundle proprietary orchestration."
+  p: "The witness stays hidden from each individual prover and from the verifier. Metadata about who requested a proof, when, and against which circuit can still leak."
+  s: "Rides on the soundness of the underlying SNARK and the honest-majority assumption of the MPC protocol. Trusted-setup requirements inherit from the SNARK (Groth16 needs per-circuit setup; PLONK/KZG uses universal setup)."
+
+post_quantum:
+  risk: high
+  vector: "Pairing-based SNARKs (Groth16, PLONK/KZG) broken by CRQC. MPC communication inherits the underlying key-exchange assumptions."
+  mitigation: "co-STARK alternatives with hash-based commitments. See [Post-Quantum Threats](../domains/post-quantum.md)."
+
+standards: []
+
+related_patterns:
+  composes_with: [pattern-shielding, pattern-safe-proof-delegation, pattern-permissionless-spend-auth]
+  alternative_to: [pattern-tee-based-privacy]
+  see_also: [pattern-private-shared-state-cosnark, pattern-zk-proof-systems]
+
+open_source_implementations:
+  - url: https://github.com/TaceoLabs/co-snarks
+    description: "co-SNARK proving framework supporting Groth16 and PLONK (research/testnet)"
+    language: "Rust"
 ---
 
 ## Intent
 
-Enable **collaborative zero-knowledge proving** over distributed private inputs.  
-Co-SNARKs let institutions, investors, or service providers jointly prove properties without disclosing raw data, and optionally commit the result as an **onchain state update**.
+Offload zero-knowledge proof generation to a distributed prover network without revealing the witness. The user secret-shares their witness across several proving nodes; the nodes jointly run an MPC protocol to compute a single SNARK proof; no individual node ever reconstructs the full witness. The resulting proof is identical to one produced client-side and is verified on-chain or off-chain with no changes on the verifier side.
+
+This pattern covers delegated proving for a single prover's witness. For multi-party joint computation over shared secret inputs (e.g. a consortium ledger), see `pattern-private-shared-state-cosnark`.
+
+## Components
+
+- User or application holds the witness and wants a proof generated without exposing the witness.
+- Share-distribution layer splits the witness using secret-sharing (additive or Shamir) and routes shares to proving nodes.
+- Distributed prover network runs the MPC protocol to jointly compute the SNARK. Each node sees its share; the full witness is never reconstructed.
+- Coordinator sequences MPC rounds and assembles the final proof. Can be one of the proving nodes or a separate role.
+- Verifier checks the final proof exactly as it would check a client-side SNARK. No changes on the verification side.
+
+## Protocol
 
-## Ingredients
+1. [user] Secret-share the witness across N proving nodes.
+2. [prover] Proving nodes jointly execute the co-SNARK MPC protocol, exchanging shares across multiple rounds to compute witness polynomials and commitments.
+3. [prover] The coordinator assembles the final proof from the MPC output.
+4. [user] Receive the assembled proof from the coordinator.
+5. [contract] A verifier contract (or off-chain verifier) checks the proof against the public statement.
 
-- **Cryptography**: co-SNARK ([Collaborative zk-SNARKs](https://eprint.iacr.org/2021/1530.pdf), e.g. TACEO)
-- **Infra**: Offchain MPC network, optional L1/L2 onchain commitments
-- **Standards**: Can tie into ERC-3643 (identity claims), [attestations](pattern-verifiable-attestation.md), ERC-7573 for settlement
+## Guarantees & threat model
 
-## Protocol (concise)
+Guarantees:
 
-1. Each participant provides private inputs (e.g. compliance model, investor data, transaction intent).
-2. Parties jointly run a co-SNARK protocol to produce a single proof.
-3. Proof can be verified by a regulator, counterparty, or onchain contract.
-4. Can maintain a **shared private state** in a 3PC setting, committing roots onchain.
+- The witness stays hidden from every individual prover and from the verifier.
+- Verification cost is identical to a client-side SNARK for the same circuit.
+- Preserves trade secrets, user balances, or model weights under honest-majority assumptions.
 
-## Guarantees
+Threat model:
 
-- Prove statements across multiple private data silos without disclosure.
-- Preserve trade secrets and client privacy.
-- Anchor proofs or state commitments onchain if required.
+- Soundness of the underlying SNARK, including any trusted-setup ceremony.
+- Honest-majority assumption across proving nodes. A colluding majority can recover the witness and, in some constructions, forge proofs.
+- Non-censoring coordinator. A malicious coordinator can refuse to finalize or selectively drop requests.
+- Authenticated and confidential channels between nodes. Metadata about participation and timing is out of scope.
 
 ## Trade-offs
 
-- Heavy communication and coordination overhead (scales with number of parties).
-- Requires new infra (MPC nodes, co-prover setup).
-- Delegated proving possible, but introduces new trust assumptions.
-- Honest-majority assumption: if a majority of proving parties collude, proof integrity is compromised.
-- **CROPS context (both)**: CR could reach `high` if economic incentives like bond-backed provers with slashing are added for Byzantine behavior. Security improves to `high` by replacing trusted setup with a universal setup. In I2I settings, multi-party proving typically involves known counterparties with existing legal agreements, so the honest-majority assumption carries lower practical risk. In I2U settings, end-users contributing private inputs face greater exposure if the proving coalition is dominated by institutional actors.
-- **Post-quantum exposure**: co-SNARK (Groth16-based) relies on pairings broken by CRQC. Mitigation: co-STARK alternatives. See [Post-Quantum Threats](../domains/post-quantum.md).
+- Heavy communication overhead. Round count and bandwidth scale with both the number of provers and circuit size.
+- New infrastructure requirements: MPC nodes, share routing, key management.
+- Liveness depends on all designated nodes remaining online through the proving session. Dropouts typically force a restart.
+- Latency is higher than client-side proving because of MPC round trips; not suitable for sub-second proving budgets.
 
-## Examples
+## Example
 
-- **Compliance**: Bank + investor prove AML/KYC checks without sharing raw data.
-- **Shared state**: Consortium of custodians maintain a private ledger offchain, publish commitment + co-SNARK consistency proof to L1.
-- **Settlement**: Cross-institution cash/asset swap where each side’s balance sheet remains private.
+- A user holds a shielded balance and wants to prove a spend on a mobile device. The wallet secret-shares the spending witness across three independent proving operators. The operators jointly produce a Groth16 proof. None of them sees the balance or the spend amount. The user submits the proof to the shielded pool contract.
 
 ## See also
 
-- TACEO co-SNARK: https://core.taceo.io/articles/mpc-kyc/
+- [Collaborative zk-SNARKs (Ozdemir & Boneh, 2021)](https://eprint.iacr.org/2021/1530.pdf)
+- [TACEO private proof delegation](https://core.taceo.io/articles/private-proof-delegation/)