A production-ready privacy protocol for Solana that hides transaction amounts using custom Bulletproof zero-knowledge proofs. Built from scratch with proven cryptography, deployed on devnet, and verified with real transactions.
- β Hidden transaction amounts through Pedersen commitments
- β Custom Bulletproof implementation (no external dependencies)
- β Zero-knowledge range proofs for transaction validation
- β Hybrid verification system (on-chain + off-chain)
- β Multi-recipient transfers with all amounts encrypted
- β Native SOL privacy with escrow management
- β Regulatory compliance (addresses visible, amounts hidden)
- β On-chain program deployed to Solana devnet
- β 110+ comprehensive tests covering all components
- β Security fixes applied (all critical issues resolved)
- β Real devnet transactions verified with hybrid verification
Current Status: β LIVE ON DEVNET - All core features implemented, tested, and verified
β οΈ SECURITY WARNING: This project has NOT undergone a professional security audit. Devnet testing only. DO NOT use with real funds. Use at your own risk.
solana-privacy-transfer/
βββ src/ # Client-Side Implementation (TypeScript)
β βββ wallet/ # Wallet implementation
β β βββ ConfidentialWallet.ts # Main wallet with ZK proof integration
β β βββ SolPrivacyMethods.ts # SOL privacy transfer methods
β βββ crypto/ # Cryptographic operations
β β βββ zkproofs/ # Zero-knowledge proof system
β β β βββ primitives.ts # Curve25519, Pedersen, Transcript
β β β βββ bulletproof.ts # Bulletproof range proofs
β β β βββ innerProduct.ts # Inner product arguments
β β β βββ equalityProof.ts # Schnorr-like equality proofs
β β β βββ validityProof.ts # Composite validity proofs
β β β βββ proofSerialization.ts # Full proof serialization
β β β βββ compactProofSerialization.ts # Compact proof format
β β β βββ dalek-compat.ts # Dalek-compatible generators
β β βββ elgamal.ts # ElGamal encryption (deprecated)
β βββ privacy/ # Privacy layer
β β βββ PrivacyLayer.ts # High-level ZK proof API
β βββ storage/ # Key and data storage
β β βββ KeyStorage.ts # AES-256-GCM encrypted keys
β β βββ AccountStorage.ts # Account persistence
β β βββ TransactionHistory.ts # Transaction records
β β βββ EncryptedBalanceTracker.ts # Encrypted balances
β βββ batch/ # Batch processing
β β βββ BatchQueue.ts # Parallel processing with p-limit
β βββ cli/ # Command-line interface
β β βββ index.ts # CLI commands (9 commands)
β β βββ utils.ts # CLI utilities
β βββ types/ # TypeScript interfaces
β β βββ index.ts # Type definitions
β βββ utils/ # Utility functions
β βββ errorHandler.ts # Retry logic with exponential backoff
βββ programs/ # On-Chain Program (Rust/Anchor)
β βββ privacy-transfer/ # Solana smart contract
β βββ src/
β β βββ lib.rs # Program instructions and logic
β β βββ proof_verification.rs # On-chain proof verification
β β βββ crypto_primitives.rs # Cryptographic primitives
β β βββ merlin_transcript.rs # Fiat-Shamir transcript
β βββ Cargo.toml # Rust dependencies
β βββ target/ # Compiled program artifacts
β βββ deploy/ # Deployable .so file
β βββ idl/ # Interface definition (JSON)
βββ scripts/ # Testing & Utility Scripts
β βββ test/ # Test scripts
β βββ test-real-sol-transfer-devnet.ts # Real devnet transactions
β βββ test-security-fixes.ts # Security fixes verification
β βββ verify-deployment.ts # Deployment verification
β βββ ... # Additional test scripts
βββ docs/ # Comprehensive Documentation
β βββ HYBRID_VERIFICATION_IMPLEMENTATION_REVIEW.md # Hybrid verification
β βββ SECURITY_FIXES_SUMMARY.md # Security fixes applied
β βββ ARCHITECTURE.md # System architecture
β βββ ON_CHAIN_PROGRAM.md # On-chain program documentation
β βββ ... # Additional technical docs
βββ Anchor.toml # Anchor configuration
βββ package.json # Project dependencies
βββ tsconfig.json # TypeScript configuration
βββ README.md # This file
- β Custom Bulletproof Implementation - Range proofs with logarithmic size
- β Pedersen Commitments - Homomorphic encryption for balances
- β Schnorr Equality Proofs - Commitment consistency validation
- β Zero-Knowledge Proofs - Prove validity without revealing amounts
- β Privacy Layer API - High-level proof generation and verification
- β Compact Proof Format - Optimized for Solana transaction limits (690 bytes)
- β
Solana Program Deployed - Program ID:
HHvRt9CScrgHkfhDGUiwbskYpCSA9PetdT4uVwQ5C7f5 - β Encrypted Account Storage - Pedersen commitments on-chain
- β SOL Escrow Management - Native SOL privacy transfers
- β Confidential Transfers - Hidden amounts with proof validation
- β Enhanced Proof Verification - Structural validation on-chain
- β Input Validation - Comprehensive validation for all instructions
- β Overflow Protection - Checked arithmetic for all operations
- β Wallet Implementation - Secure key management (AES-256-GCM)
- β Transaction Building - Automated proof generation
- β Balance Tracking - Encrypted balance synchronization
- β Batch Processing - Parallel transfer processing
- β Transaction History - Complete audit trail
- β Security Fixes Applied - All critical issues resolved
- β Hybrid Verification System - On-chain + off-chain verification
- β Proof Hash Verification - Links compact β full proofs
- β Real Devnet Testing - Verified with actual transactions
- β Comprehensive Error Handling - Standardized across codebase
- β Reentrancy Protection - Documented and implemented
- β 110+ Tests Passing - Comprehensive test coverage
- β Devnet Verification - Live transactions with hidden amounts
- β Public View Testing - Verified privacy on Solana Explorer
- β Multi-Recipient Testing - Multiple recipients with hidden amounts
- β Performance Benchmarks - Proof generation ~3 seconds
- β Hybrid Verification Tests - On-chain + off-chain verified
Due to Solana's constraints (4KB stack limit, 1232 byte transaction limit), we use a hybrid verification architecture:
- On-Chain: Structural validation (fast, efficient)
- Off-Chain: Full cryptographic verification (complete security)
- Proof Hash: Links compact β full proofs (integrity verification)
What Gets Verified:
- β Proof deserialization
- β Proof structure validation
- β Commitment format validation
- β Commitment matching
- β Non-zero checks
- β Component uniqueness checks
- β Range size validation
Location: programs/privacy-transfer/src/proof_verification.rs
What Gets Verified:
- β
T commitment equation:
g^t * h^taux == V^(z^2) * g^delta(y,z) * T1^x * T2^(x^2) - β Inner product argument verification
- β Multi-scalar multiplication verification
- β
Equality proof verification:
h^s == R + c*D - β Balance equation verification
- β All mathematical properties verification
Location: src/crypto/zkproofs/bulletproof.ts
What Gets Verified:
- β Proof hash computation (SHA-256, truncated to 16 bytes)
- β Proof hash verification
- β Compact β full proof linking
- β Proof integrity verification
Location: src/crypto/zkproofs/compactProofSerialization.ts
Real Devnet Transaction: CGuZqRu4UxXFhgzU3YojPykh48eTgh3NvxUSFE63yzRteEYzYbbZ6LCsEuVv1nQ44Rry7Z1cviUmPW5anN8ZVfm
Results:
- β On-chain verification: PASSED
- β Off-chain verification: PASSED
- β Proof hash verification: PASSED
See: docs/HYBRID_VERIFICATION_IMPLEMENTATION_REVIEW.md for complete details.
- β
Commitment Parameter Bug - Fixed wrong parameters in
verify_transfer_proof - β Direct Lamport Manipulation - Added checked arithmetic for overflow protection
- β Enhanced Proof Verification - Improved structural validation on-chain
- β Deprecated ElGamal Code - Secured with comprehensive warnings
- β Overflow Protection - All arithmetic uses checked operations
- β Reentrancy Protection - Comprehensive documentation and implementation
- β Inconsistent Error Handling - Standardized across codebase
- β Missing Input Validation - Comprehensive validation for all functions
See: docs/SECURITY_FIXES_SUMMARY.md for complete details.
- Getting Started Guide - Run your first private transfer in 10 minutes
- One-Pager - Quick 2-minute overview
- Project Overview - Complete project summary
- Testing Guide - How to test the deployed program
- Privacy Explained - Simple, non-technical explanation
- Comparison - Compare with Elusiv, Arcium, and regular Solana
- Dependency Risk Analysis - Why we built from scratch
- System Architecture - Technical architecture and data flow
- On-Chain Program - Solana program documentation
- Hybrid Verification - Complete verification system
- Design Document - System design and components
- Documentation Index - Navigate all documentation
- Node.js 18+
- Rust and Cargo (for program deployment)
- Solana CLI (for deployment)
- Anchor CLI 0.32.1 (for program deployment)
# 1. Clone the repository
git clone <repository-url>
cd solana-private-transfer
# 2. Install dependencies
npm install
# 3. Build the project
npm run build
# 4. (Optional) Build the Solana program
anchor build# Run the real devnet test (includes hybrid verification)
npx ts-node scripts/test/test-real-sol-transfer-devnet.ts
# This will:
# β
Create test accounts on devnet
# β
Initialize encrypted accounts
# β
Deposit SOL to escrow
# β
Send SOL privately (amount HIDDEN!)
# β
Verify on-chain + off-chain
# β
Show Solana Explorer link to verify privacyReal Devnet Transaction: CGuZqRu4UxXFhgzU3YojPykh48eTgh3NvxUSFE63yzRteEYzYbbZ6LCsEuVv1nQ44Rry7Z1cviUmPW5anN8ZVfm
Explorer Link: https://explorer.solana.com/tx/CGuZqRu4UxXFhgzU3YojPykh48eTgh3NvxUSFE63yzRteEYzYbbZ6LCsEuVv1nQ44Rry7Z1cviUmPW5anN8ZVfm?cluster=devnet
What You'll See:
- β Addresses (visible)
- β Amount (encrypted:
[ENCRYPTED DATA]) - β Transaction confirmed
- β Proof verified
Core Development:
npm run build # Build TypeScript
npm run dev # Development build with watch
npm test # Run all tests
npm run lint # Lint codeOn-Chain Program:
anchor build # Build Solana program
anchor deploy # Deploy to devnet
anchor test # Run Anchor testsTesting:
# Test real devnet transactions
npx ts-node scripts/test/test-real-sol-transfer-devnet.ts
# Test security fixes
npx ts-node scripts/test/test-security-fixes.ts
# Verify deployment
npx ts-node scripts/test/verify-deployment.tsExisting Privacy Solutions on Solana:
| Solution | Status | Issue |
|---|---|---|
| Elusiv | β Shut down (2024) | Protocol sunset - all dependent projects broke |
| Arcium | Strong dependency risk - if they sunset, your project breaks | |
| Solana Native ZK | β³ Disabled | Security audit pending - not available yet |
| Regular Solana | β Active | Zero privacy - all amounts 100% public |
Built from scratch with zero external dependencies:
β
You own the code - Lives in your repository
β
No sunset risk - Even if we disappear, your code works
β
Proven cryptography - Bulletproofs (used by Monero since 2018)
β
Works NOW - Deployed on devnet, ready for testing
β
Regulatory compliant - Addresses visible, amounts hidden
β
Hybrid verification - On-chain + off-chain security
β
Security hardened - All critical issues fixed
π‘ The Elusiv Lesson: Elusiv shut down in 2024, breaking all projects that depended on it. We learned: don't build on someone else's protocol. Own your code. Control your destiny.
What's Hidden (π)
- β Transfer amounts - Stored as Pedersen commitments
- β Account balances - Encrypted, only you can decrypt
- β Transaction history amounts - Past transfers hidden
β οΈ Sender addresses - Visible for regulatory complianceβ οΈ Recipient addresses - Visible for regulatory complianceβ οΈ Transaction timestamps - When transfers occurred
Why not 100%?
- Addresses visible for AML/KYC compliance
- Balances privacy vs regulatory compliance
- More practical than full anonymity
Transaction: CGuZqRu4UxXFhgzU3YojPykh48eTgh3NvxUSFE63yzRteEYzYbbZ6LCsEuVv1nQ44Rry7Z1cviUmPW5anN8ZVfm
What YOU see (with private key):
β
Sent: 0.02 SOL
β
To: Recipient
β
Balance: 0.03 SOL remaining
What PUBLIC sees (Solana Explorer):
β
From: BpastXPwBmT5HKXssSZjGKkMf9g73MipAPsGxcoTxGHy
β
To: GqpevzZ4Aw4XTCXckNm6mwLQF14qCaCcFptaaH9GCmrG
β Amount: [ENCRYPTED]
Commitment: [ENCRYPTED DATA]
Try it yourself: https://explorer.solana.com/tx/CGuZqRu4UxXFhgzU3YojPykh48eTgh3NvxUSFE63yzRteEYzYbbZ6LCsEuVv1nQ44Rry7Z1cviUmPW5anN8ZVfm?cluster=devnet
What are they?
- Zero-knowledge range proofs with logarithmic proof size
- Prove amount is valid without revealing it
- Used by Monero since 2018 (battle-tested)
Performance:
- Proof generation: ~3 seconds
- Full proof size: ~2694 bytes
- Compact proof size: ~690 bytes (for on-chain submission)
- Verification: <100ms (off-chain), <10ms (on-chain structural)
Properties:
- Hiding: Cannot see the amount
- Binding: Cannot change the amount later
- Homomorphic: Can add/subtract without decrypting
Example:
Commitment(5) + Commitment(3) = Commitment(8)
(All encrypted, math still works!)
On-Chain (Rust):
- Structural validation (fast, efficient)
- Proof format validation
- Commitment matching
- Non-zero checks
Off-Chain (TypeScript):
- Full cryptographic verification
- T commitment equation
- Inner product argument
- Multi-scalar multiplication
- All mathematical properties
Proof Hash:
- Links compact β full proofs
- Integrity verification
- SHA-256 hash (truncated to 16 bytes)
Program ID (Devnet): HHvRt9CScrgHkfhDGUiwbskYpCSA9PetdT4uVwQ5C7f5
Instructions:
initialize_account()- Create encrypted accountinitialize_sol_escrow()- Create SOL escrowdeposit()- Convert plaintext to encryptedconfidential_transfer()- Transfer with hidden amountconfidential_sol_transfer()- Native SOL privacywithdraw()- Convert encrypted to plaintextdeposit_sol()- Deposit native SOL to escrowwithdraw_sol()- Withdraw native SOL from escrow
Account Structures:
#[account]
pub struct EncryptedAccount {
pub owner: Pubkey, // 32 bytes
pub encrypted_balance: [u8; 64], // 64 bytes - Pedersen commitment
pub version: u64, // 8 bytes
pub bump: u8, // 1 byte
}
#[account]
pub struct SolEscrow {
pub balance: u64, // 8 bytes
pub bump: u8, // 1 byte
}- Range Proof (n=16): ~145ms average
- Range Proof (n=32): <600ms maximum
- Range Proof (n=64): ~3 seconds
- Equality Proof: 6ms generation
- Validity Proof: 206ms (simple), 801ms (complex)
- Batch (3 transfers): 1.2s parallel generation
- Range Proof (off-chain): <100ms typical
- Range Proof (on-chain): <10ms (structural only)
- Equality Proof: 2.4ms
- Validity Proof: ~400ms complete verification
- Hybrid Verification: ~1.8s (on-chain + off-chain)
- Regular Solana transfer: ~$0.000025
- Privacy transfer: ~$0.000030
- Difference: +20% (~$0.000005)
- Batch Processing: 5 concurrent transfers
- Batch Throughput: 20 transfers in 43ms
- Key Encryption: AES-256-GCM (fast and secure)
- Storage: 64 bytes per commitment
Total: 110+ tests passing
By Component:
- Cryptographic Primitives: 26 tests
- Bulletproof Range Proofs: 20 tests
- Equality & Validity Proofs: 11 tests
- Privacy Layer: 12 tests
- Wallet Integration: 9 tests
- Encrypted Balance Tracker: 21 tests
- Batch Processing: 11 tests
# Run all tests
npm test
# Test real devnet transactions
npx ts-node scripts/test/test-real-sol-transfer-devnet.ts
# Test security fixes
npx ts-node scripts/test/test-security-fixes.ts
# Verify deployment
npx ts-node scripts/test/verify-deployment.tsSecurity Fixes: β
13/13 tests passed (100%)
Deployment Verification: β
All tests passed
Real Devnet Transactions: β
All tests passed
Hybrid Verification: β
All tests passed
IMPORTANT: NOT AUDITED
This project has NOT undergone a professional security audit.
Current Status:
- β Devnet: Safe for testing with test SOL
- β Mainnet: NOT RECOMMENDED - No audit completed
β οΈ Production Use: Use at your own risk
Before mainnet deployment, requires:
- Professional cryptography audit
- Smart contract security audit
- Penetration testing
- Code review by security experts
Implemented:
- β Comprehensive input validation
- β Overflow protection (checked arithmetic)
- β Enhanced proof verification
- β Reentrancy protection (documented)
- β Secure key management (AES-256-GCM)
- β Hybrid verification system
- β Proof hash verification
Key Management:
- Keys encrypted with AES-256-GCM
- Password-based key derivation (PBKDF2, 100k iterations)
- Secure random number generation
- ElGamal keypairs for balance encryption (deprecated, migrating to Pedersen)
- Wallet infrastructure with encrypted key storage
- Batch processing with parallel execution
- Transaction history with local encryption
- CLI interface (9 commands)
- Custom ZK proof implementation (Bulletproofs)
- Confidential transfer support with encrypted commitments
- Hidden amounts on-chain (verified on devnet)
- On-chain program deployment
- Security fixes (all critical issues resolved)
- Hybrid verification system (on-chain + off-chain)
- Compact proof format (optimized for transaction limits)
- Real devnet testing (verified with actual transactions)
- Security audit (REQUIRED before mainnet)
- Mainnet deployment (only after audit completion)
- Multi-signature support
- Hardware wallet integration (Ledger/Trezor)
- Web interface / browser extension
- Mobile app (iOS/Android)
- Multi-token support
- Performance optimizations (WASM, GPU acceleration)
- On-chain ZK proof verification (if Solana supports)
- Stealth addresses (if protocol supports)
If you find this project useful and want to support its development:
Solana Donation Address:
2o8L5Er4tDqkhLEEjK3YnDv8ZDuxuHBKwYkvtUXpWQ6S
Your donations help:
- π Fund security audits
- π Improve documentation
- π§ͺ Add more features
- π Build web/mobile interfaces
- π» Maintain the project
Every contribution is appreciated! β€οΈ
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
Areas we need help:
- π Security review (cryptography experts)
- π± Mobile wallet integration
- π Web interface
- π Documentation improvements
- π§ͺ More test cases
MIT License - see LICENSE file for details
- Solana Foundation for the blockchain platform
- Bulletproofs paper authors (BΓΌnz et al.)
- Monero project for Bulletproof implementation reference
- Community feedback and testing
- All contributors and supporters
- Issues: GitHub Issues
- Documentation: See
/docsfolder - Community: https://t.me/elohcrypto
- Donations:
2o8L5Er4tDqkhLEEjK3YnDv8ZDuxuHBKwYkvtUXpWQ6S
What we built: A privacy protocol for Solana that hides transaction amounts using custom Bulletproof zero-knowledge proofs with hybrid verification (on-chain + off-chain).
Why we built it: Elusiv shut down, Arcium creates dependencies, and regular Solana has zero privacy.
What makes it special:
- β Amounts are hidden (verified on devnet)
- β Built from scratch with proven cryptography
- β Simple to use (standard wallet interface)
- β Regulatory compliant (addresses visible)
- β Working NOW (not waiting for native ZK support)
- β Zero dependencies (you own the code)
- β Hybrid verification (on-chain + off-chain security)
- β Security hardened (all critical issues fixed)
Try it:
npx ts-node scripts/test/test-real-sol-transfer-devnet.tsThen check the Solana Explorer link - you'll see the amount is encrypted! π
Built with β€οΈ for the Solana ecosystem
Privacy that works today, built on proven cryptography.
Project Status: β LIVE ON DEVNET - All core features working and verified
Program ID: HHvRt9CScrgHkfhDGUiwbskYpCSA9PetdT4uVwQ5C7f5
Support: 2o8L5Er4tDqkhLEEjK3YnDv8ZDuxuHBKwYkvtUXpWQ6S π