The protocol we propose in the paper enables censorship-resistant group chats whose membership is proven by NFT ownership while preserving privacy. Each user records a verifiable commitment—a baby-JubJub public key bound to an NFT—into an on-chain sparse Merkle tree managed by the Anthill contract. Messages are accepted only with Groth16 proofs demonstrating (i) control of a registered commitment, (ii) continued ownership of the NFT, and (iii) any optional rate-limit or accountability rule. By choosing different public signals, one circuit realises four privacy tiers: Fully Anonymous (unlinkable messages), Linkable Anonymous (messages linkable yet user identity hidden), Publicly Identified (sender disclosed), and Rate-Limited Accountability (spam-resistant with key forfeiture on abuse). The design is moderator-free, relies solely on standard zk-SNARKs and EdDSA, and deploys on any EVM chain. Pro�totype circuits and contracts for Polygon achieve end-to-end authentication in under 100 ms on consumer hardware.
