Skip to main content
Privacy Cash Hero Light

Overview

Privacy Cash is a privacy protocol on Solana that enables confidential transactions using zero-knowledge proofs. The protocol allows users to shield and withdraw SOL (with SPL token support coming soon) without revealing transaction linkages. The program is fully audited by Accretion, HashCloak, Zigtur and Kriko, and verified onchain with hash: 
c6f1e5336f2068dc1c1e1c64e92e3d8495b8df79f78011e2620af60aa43090c5

Quick start

Get started with Privacy Cash in minutes

Installation

Install dependencies and set up your environment

Privacy Cash SDK

Integrate Privacy Cash into your project

GitHub Repository

View the source code and contribute

How it works

Privacy Cash implements a privacy protocol with two core operations:
1

Shield SOL

Deposit SOL into a privacy pool, generating a commitment that is added to a Merkle tree. The commitment contains your amount and a secret keypair, but reveals nothing about the owner.
2

Withdraw SOL

Withdraw SOL from the privacy pool to any recipient address using zero-knowledge proofs. The proof demonstrates you own a valid commitment in the tree without revealing which one.
The implementation uses zero-knowledge proofs to ensure that withdrawals cannot be linked to deposits, providing privacy for Solana transactions.

Key features

Zero-knowledge privacy

Privacy Cash uses Groth16 zero-knowledge proofs on the BN254 elliptic curve to verify transactions without revealing sensitive information. Each transaction proves:
  • The spender owns valid commitments in the Merkle tree
  • The input and output amounts balance correctly
  • Nullifiers have not been used before (preventing double spends)
All without revealing which commitments are being spent or linking deposits to withdrawals.

Merkle tree commitment scheme

Commitments are stored in a sparse Merkle tree with:
  • Height: 26 levels
  • Root history: 100 previous roots maintained for proof flexibility
  • Poseidon hash: Gas-efficient hash function optimized for zero-knowledge circuits
Each commitment is computed as: 
commitment = PoseidonHash(amount, publicKey, blinding, mintAddress)

UTXO model

Privacy Cash implements a UTXO (Unspent Transaction Output) model similar to Bitcoin and Tornado Cash Nova: 
export class Utxo {
  amount: BN;
  blinding: BN;           // Random value for hiding commitment
  keypair: Keypair;       // Private key signs, public key = PoseidonHash(privateKey)
  index: number;          // Position in Merkle tree
  mintAddress: string;    // SOL or SPL token mint

  async getCommitment(): Promise<string> {
    const mintAddressField = getMintAddressField(new PublicKey(this.mintAddress));
    return this.lightWasm.poseidonHashString([
      this.amount.toString(), 
      this.keypair.pubkey.toString(), 
      this.blinding.toString(), 
      mintAddressField
    ]);
  }

  async getNullifier(): Promise<string> {
    const commitment = await this.getCommitment();
    const signature = this.keypair.sign(commitment, this.index.toString());
    return this.lightWasm.poseidonHashString([
      commitment, 
      this.index.toString(), 
      signature
    ]);
  }
}

Fee structure

Deposit fee

0% - Deposits are completely free

Withdrawal fee

0.25% - Small fee on withdrawals (25 basis points)
Fees are configurable by the protocol authority and include a 5% error margin for tolerance.

Supported tokens

Mainnet: USDC, USDT, ORE, ZEC, stORE, jlUSDC, jlWSOL
Devnet: USDC, USDT, ORE, ZEC, stORE, jlUSDC, jlWSOL (testnet versions)
Additional SPL tokens can be enabled by the protocol authority through the initialize_tree_account_for_spl_token instruction.

Program addresses

9fhQBbumKEFuXtMBDw8AaQyAjCorLGJQiS3skWZdQyQD

Security

Privacy Cash has been audited by multiple security firms:
  • Accretion - Smart contract security audit
  • HashCloak - Zero-knowledge proof audit
  • Zigtur - Cryptography review
  • Kriko - Full protocol audit
The program is verifiable onchain, allowing anyone to verify the deployed bytecode matches the audited source code.
While the protocol has been audited, use at your own risk. Never deposit more than you can afford to lose.

Architecture

The Privacy Cash repository is structured as follows: 
privacy-cash/
├── anchor/              # Solana program (smart contract)
│   ├── programs/
│   │   └── zkcash/
│   │       └── src/     # Rust source code
│   └── tests/           # TypeScript integration tests
├── circuits/            # Zero-knowledge circuit definitions
├── artifacts/           # Compiled circuit artifacts
│   └── circuits/
│       ├── transaction2_js/
│       └── verifyingkey2.json
└── scripts/             # Deployment and utility scripts

Next steps

Quick start guide

Start using Privacy Cash with our quick start tutorial

Install dependencies

Set up your development environment

Build docs developers (and LLMs) love

Get started for freeTalk to us