Sending cryptocurrency to an email address or phone number should be as simple as a bank transfer, yet naive schemes that map identifiers directly to blockchain addresses expose the recipient's balances and transaction history to anyone who knows the identifier. HFIPay separates private routing, sender-side quote verification, and on-chain claim authorization. A relay resolves the human-friendly identifier off-chain and commits only a per-intent blinded binding rho_i plus the quoted payment tuple; the chain sees neither the identifier nor a reusable recipient tag. In a verified-quote deployment, the relay returns a sender-verifiable off-chain proof linking rho_i to an attested binding-key commitment, so the relay cannot substitute a different recipient before funding. To claim, the recipient proves in zero knowledge -- via ZK-ACE -- that the funded intent's blinded binding matches a handle derived from the same deterministic identity, authorizing release of the quoted asset and amount to a chosen destination. We formalize two privacy goals: enumeration resistance and pre-claim unlinkability, and distinguish a baseline deployment (relay trusted for binding correctness) from the verified-quote deployment (binding is sender-verifiable without a public registry). When composed with an NVM runtime, the same mechanism extends to cross-chain settlement. The result is a relay-assisted but non-custodial architecture: relays are privacy and availability dependencies, but cannot redirect funds.

翻译：将加密货币发送至电子邮件地址或手机号应如同银行转账般简单，但直接将标识符映射至区块链地址的朴素方案会导致任何知晓该标识符的人都能查看接收方的余额与交易历史。HFIPay分离了隐私路由、发送方侧报价验证与链上授权申领三大环节。中继节点在链下解析人类友好标识符，仅将每个意图的盲化绑定值ρ_i及报价支付元组提交至链上，区块链既不会获知该标识符，也不会记录可重复使用的接收方标签。在已验证报价部署中，中继返回发送方可验证的链下证明，将ρ_i与经过认证的绑定密钥承诺相关联，从而确保中继无法在资金锁定前替换接收方。申领时，接收方通过ZK-ACE零知识证明技术，证明已锁定意图的盲化绑定值与同一确定性身份派生出的句柄相匹配，从而授权将所报价的资产及数额释放至指定目的地。我们正式定义了两种隐私目标：枚举抵抗性与申领前不可链接性，并将基础部署（依赖中继确保绑定正确性）与已验证报价部署（无需公共注册表即可由发送方验证绑定）加以区分。当与NVM运行时组合使用时，同一机制可扩展至跨链结算。最终架构为依赖中继但非托管的方案：中继属于隐私与可用性依赖方，但无法转移资金。