1.The problem with M&A today
Startups cannot

Signal acquisition interest

The moment a founder hints at wanting to exit, valuation drops, employees panic, and competitors move in. Silence is survival — even when an exit is the right move.

Acquirers cannot

Reveal acquisition criteria

Sharing what sectors, stages, or prices you're targeting inflates every target's valuation. Competitors learn your strategy. The informal channel must stay informal.

So both sides hire bankers. Bankers charge 2–5% of deal value to hold the information both sides can't share. That's $50B a year for a coordination problem.

The core dysfunction

Nobody can safely go first

Both sides need to share sensitive information to find out if a deal is worth pursuing. But sharing that information before trust is established is catastrophically risky. So nothing happens — or bankers step in and extract value from the gap.


2.What is Confidential Data Rails?
Step 1

TEE-backed encryption

Data is encrypted to a threshold public key controlled by a decentralized network of Trusted Execution Environments — physically sealed hardware on Story validator nodes.

Step 2

On-chain conditions

A read condition contract lives on Story Protocol. When someone wants to access vault data, validators check whether the on-chain condition is met before releasing their partial decryption keys.

Step 3

Client-side decryption

When a quorum of validators confirms the condition, the requester receives enough partial keys to assemble the full decryption key. Data decrypts on their device — never in the clear on any server.

result ↓
The CDR primitive

Private data that behaves like a programmable, composable on-chain object

It has an address. It has rules. Other contracts can interact with it. The blockchain records what happened without ever seeing the data. No trusted middleman required — the TEE is the trust.

Every alternative fails
Centralized server — operator sees everything, becomes the banker, can be subpoenaed
Fully offchain storage — private but loses composability, contracts can't reference it
FHE — composable but 1000× too slow for real applications today
Trusted oracle — requires trusting a person or company that can be coerced
CDR delivers all three
Private — TEE is physically sealed hardware, not a software promise
Composable — vaults are on-chain objects, contracts interact with them
Trustless — conditions enforced by protocol, not by any company or person
Programmable — read conditions can be any on-chain logic

3.How Mirror uses CDR
Sell-side vault

Startup seals intent

Company name, ARR, growth, target price — all encrypted before leaving the browser. Public signals (sector, stage, deal type) stored separately for matching. Private data is sealed with a staged read condition starting at Stage 0: nobody can read it.

SellSideVaultOwnerOnlyWriteStagedReadCondition
Buy-side vault

Acquirer seals criteria

Company name, budget range, strategic rationale, must-haves — all encrypted and sealed. Public signals tell the matching agent what they're looking for without revealing who they are or how much they'll pay.

BuySideVaultOwnerOnlyWriteStagedReadCondition
matching agent reads only public signals
MirrorMatcher.sol + Matching Agent

Protocol finds the fit — privately

The matching agent reads only the public signals from both vaults and computes a compatibility score (0–100). When the score crosses 60, MirrorMatcher.recordMatch() is called on-chain. Both parties are notified. Neither side's identity or sensitive data has been touched.


4.The four revelation stages

Each stage requires mutual on-chain consent. Neither party can advance a stage alone. The smart contract enforces the order — not the platform, not a human decision.

0SealedBoth register
Zero reads allowed
1Match foundScore ≥ 60
No names revealed
2Thin profileBoth confirm
Coarse fields only
3Identity revealBoth sign NDA
Simultaneous
4Full accessSeller grants
All financials
1

Match found — no data revealed yet

Both dashboards show: "A match exists. 87% compatibility." That's all. No names. No company size. No financials. The matching agent found fit from public signals alone.

2

Thin profile — coarse fields only, still no names

Both wallets call confirmAdvanceToStage2(). When both confirm, StagedReadCondition upgrades to Stage 2. The counterparty agent can now read: sector, size range, deal type, geography.

3

Identity revealed — simultaneously, on both screens

Both wallets call MirrorNDA.sign(). When both have signed, NDAComplete fires — MirrorMatcher advances to Stage 3 atomically. Both company names appear on both dashboards at the exact same moment. Negotiation Rights NFTs mint to both wallets.

4

Full access — seller's choice, at their pace

The sell-side wallet voluntarily calls grantStage4(). The full CDR vault unlocks for the buyer: ARR, revenue, growth rate, churn, target price, price floor, deal notes.


5.The smart contracts
Novel CDR pattern · StagedReadCondition.sol

The new primitive

A CDR read condition that upgrades across 4 stages. Called by validators on every access attempt. Emits zero events on denied reads — no on-chain trace of a failed access.

// Stage 0: nobody reads (sealed) // Stage 1: matching agent only // Stage 2: counterparty agent // Stage 3: counterparty wallet // Stage 4: full financial access function isReadAllowed( address caller, bytes conditionData ) returns (bool allowed)
Coordination · MirrorMatcher.sol

Controls all stage transitions

Both parties must confirm before any stage advances. Records matches on-chain when agent finds fit. Events emit only matchId and stage number — no company names, no financial data in any on-chain log.

// Agent calls this on match found recordMatch(sellUUID, buyUUID, score) // Both parties must call to advance confirmAdvanceToStage2(matchId) // Called by MirrorNDA when both sign onNDAComplete(matchId)
Consent · MirrorNDA.sol

Dual-signature NDA

Both parties sign independently. When both have signed, NDAComplete fires automatically — calling MirrorMatcher.onNDAComplete() to trigger Stage 3. The reveal is atomic. Permanent, composable, on-chain.

// Any registered party can sign sign(matchId) // Fires when both parties sign event NDAComplete(matchId) // Auto-calls MirrorMatcher onNDAComplete(matchId)
Proof-of-Intent · NegotiationRights.sol

Soulbound NFT at Stage 3

ERC-721 minted to both parties when identities are revealed. Non-transferable by design — this is a cryptographic record of mutual consent, not a financial instrument.

// Mints to both parties at Stage 3 mint(matchId, sellParty, buyParty) // Soulbound — reverts on transfer _update() → revert on from ≠ 0 // On-chain JSON metadata tokenURI(tokenId)

6.Frequently asked questions
Can Mirror read my vault contents?
No. Vault contents are encrypted client-side before transmission using the CDR network's threshold public key. The Mirror platform has no access to private data without the CDR conditions being met on-chain.
What if no match is ever found?
Your vault stays sealed forever. Nobody ever knows you registered. The zero-downside mechanic is intentional — sealing a vault costs nothing and exposes nothing.
What if I change my mind after registering?
You can withdraw at Stage 1 or Stage 2. Once both parties sign the NDA at Stage 3, the identity reveal is permanent and on-chain.
Is the NDA legally binding?
The on-chain NDA is a cryptographic record of mutual consent — not a legal document and not legal advice. Whether this has legal standing in your jurisdiction is a question for your lawyer.
What network is this on?
Mirror runs on Story Protocol's Aeneid Testnet. Chain ID: 1315. RPC: aeneid.storyrpc.io. CDR is currently testnet-only.
What makes this technically novel?
Mirror introduces staged revelation vaults — CDR read conditions that upgrade progressively based on multi-party on-chain consent. Every previous CDR project uses a static read condition. Mirror is the first to make the condition itself dynamic, requiring bilateral consent at each step.

The banker is the bug. CDR is the fix.

Mirror is not a product built using CDR. It is a product that is only possible because of CDR. The $50B M&A advisory industry exists to solve an information asymmetry problem. CDR is the first technology that solves the same problem without a trusted middleman.