How does Mirror actually work?
A plain-English breakdown of the technology, the protocol, and why none of this was possible before Confidential Data Rails.
Signal acquisition interest
The moment a founder hints at wanting to exit, valuation drops, employees panic, and competitors move in. Silence is survival — even when an exit is the right move.
Reveal acquisition criteria
Sharing what sectors, stages, or prices you're targeting inflates every target's valuation. Competitors learn your strategy. The informal channel must stay informal.
So both sides hire bankers. Bankers charge 2–5% of deal value to hold the information both sides can't share. That's $50B a year for a coordination problem.
Nobody can safely go first
Both sides need to share sensitive information to find out if a deal is worth pursuing. But sharing that information before trust is established is catastrophically risky. So nothing happens — or bankers step in and extract value from the gap.
TEE-backed encryption
Data is encrypted to a threshold public key controlled by a decentralized network of Trusted Execution Environments — physically sealed hardware on Story validator nodes.
On-chain conditions
A read condition contract lives on Story Protocol. When someone wants to access vault data, validators check whether the on-chain condition is met before releasing their partial decryption keys.
Client-side decryption
When a quorum of validators confirms the condition, the requester receives enough partial keys to assemble the full decryption key. Data decrypts on their device — never in the clear on any server.
Private data that behaves like a programmable, composable on-chain object
It has an address. It has rules. Other contracts can interact with it. The blockchain records what happened without ever seeing the data. No trusted middleman required — the TEE is the trust.
Startup seals intent
Company name, ARR, growth, target price — all encrypted before leaving the browser. Public signals (sector, stage, deal type) stored separately for matching. Private data is sealed with a staged read condition starting at Stage 0: nobody can read it.
Acquirer seals criteria
Company name, budget range, strategic rationale, must-haves — all encrypted and sealed. Public signals tell the matching agent what they're looking for without revealing who they are or how much they'll pay.
Protocol finds the fit — privately
The matching agent reads only the public signals from both vaults and computes a compatibility score (0–100). When the score crosses 60, MirrorMatcher.recordMatch() is called on-chain. Both parties are notified. Neither side's identity or sensitive data has been touched.
Each stage requires mutual on-chain consent. Neither party can advance a stage alone. The smart contract enforces the order — not the platform, not a human decision.
Zero reads allowed
No names revealed
Coarse fields only
Simultaneous
All financials
Match found — no data revealed yet
Both dashboards show: "A match exists. 87% compatibility." That's all. No names. No company size. No financials. The matching agent found fit from public signals alone.
Thin profile — coarse fields only, still no names
Both wallets call confirmAdvanceToStage2(). When both confirm, StagedReadCondition upgrades to Stage 2. The counterparty agent can now read: sector, size range, deal type, geography.
Identity revealed — simultaneously, on both screens
Both wallets call MirrorNDA.sign(). When both have signed, NDAComplete fires — MirrorMatcher advances to Stage 3 atomically. Both company names appear on both dashboards at the exact same moment. Negotiation Rights NFTs mint to both wallets.
Full access — seller's choice, at their pace
The sell-side wallet voluntarily calls grantStage4(). The full CDR vault unlocks for the buyer: ARR, revenue, growth rate, churn, target price, price floor, deal notes.
The new primitive
A CDR read condition that upgrades across 4 stages. Called by validators on every access attempt. Emits zero events on denied reads — no on-chain trace of a failed access.
// Stage 0: nobody reads (sealed)
// Stage 1: matching agent only
// Stage 2: counterparty agent
// Stage 3: counterparty wallet
// Stage 4: full financial access
function isReadAllowed(
address caller,
bytes conditionData
) returns (bool allowed)Controls all stage transitions
Both parties must confirm before any stage advances. Records matches on-chain when agent finds fit. Events emit only matchId and stage number — no company names, no financial data in any on-chain log.
// Agent calls this on match found
recordMatch(sellUUID, buyUUID, score)
// Both parties must call to advance
confirmAdvanceToStage2(matchId)
// Called by MirrorNDA when both sign
onNDAComplete(matchId)Dual-signature NDA
Both parties sign independently. When both have signed, NDAComplete fires automatically — calling MirrorMatcher.onNDAComplete() to trigger Stage 3. The reveal is atomic. Permanent, composable, on-chain.
// Any registered party can sign
sign(matchId)
// Fires when both parties sign
event NDAComplete(matchId)
// Auto-calls MirrorMatcher
onNDAComplete(matchId)Soulbound NFT at Stage 3
ERC-721 minted to both parties when identities are revealed. Non-transferable by design — this is a cryptographic record of mutual consent, not a financial instrument.
// Mints to both parties at Stage 3
mint(matchId, sellParty, buyParty)
// Soulbound — reverts on transfer
_update() → revert on from ≠ 0
// On-chain JSON metadata
tokenURI(tokenId)The banker is the bug. CDR is the fix.
Mirror is not a product built using CDR. It is a product that is only possible because of CDR. The $50B M&A advisory industry exists to solve an information asymmetry problem. CDR is the first technology that solves the same problem without a trusted middleman.