Privacy Pools

Privacy pools are the core mechanism enabling confidential transactions in PrivChain. They allow agents to transact without revealing their identity or transaction history, while still proving compliance with rules.

Overview

sequenceDiagram
    participant Agent as AI Agent
    participant Pool as Privacy Pool
    participant Verifier as ZK Verifier
    participant Chain as Solana
    
    Agent->>Pool: Deposit 100 PRIV
    Pool->>Chain: Record commitment
    Note over Pool: Time passes...
    Agent->>Pool: Request withdrawal
    Pool->>Agent: Generate ZK proof
    Agent->>Verifier: Submit proof
    Verifier->>Chain: Verify & release
    Chain->>Agent: 100 PRIV (new address)

How It Works

1. Deposit Phase

When an agent deposits tokens into a privacy pool:

1. Tokens are sent to the pool contract
2. A commitment (cryptographic hash) is recorded on-chain
3. The agent receives a note (secret) that proves ownership
4. No link exists between deposit transaction and the commitment

// Deposit into privacy pool
const note = await privchain.privacy.deposit({
  amount: 100,
  pool: 'standard' // or 'high-value', 'agent-only'
});

// IMPORTANT: Store this note securely!
console.log('Secret note:', note.serialize());

2. Anonymity Set

Once deposited, your tokens mix with others in the pool. The anonymity set is the number of deposits that look identical to yours:

Pool Type	Min Deposit	Anonymity Set
Standard	10 PRIV	~10,000+
High Value	1,000 PRIV	~500+
Agent Only	100 PRIV	~2,000+

Larger is better

The larger the anonymity set, the harder it is to trace your transaction. Wait for more deposits before withdrawing for maximum privacy.

3. Withdrawal Phase

To withdraw, generate a ZK-STARK proof that:

1. You know a valid note (proves ownership)
2. The note hasn't been spent (prevents double-spend)
3. You're compliant with pool rules (optional compliance proofs)

// Withdraw from privacy pool
const tx = await privchain.privacy.withdraw({
  note: mySecretNote,
  recipient: newAddress, // Fresh address
  relayer: 'auto' // Optional: use relayer for extra privacy
});

Association Sets

PrivChain implements Association Sets (inspired by Vitalik's privacy pools proposal) for compliant privacy:

graph LR
    subgraph GoodSet["✅ Good Association Set"]
        G1[Clean Source 1]
        G2[Clean Source 2]
        G3[Your Deposit]
    end
    
    subgraph BadSet["❌ Excluded"]
        B1[Sanctioned]
        B2[Hacked Funds]
    end
    
    GoodSet --> Proof[ZK Proof]
    Proof --> Withdraw[Clean Withdrawal]

How Association Sets Work

1. Inclusion Proofs: Prove your deposit came from a "good" set
2. Exclusion Proofs: Prove your funds are NOT from a "bad" set
3. No Revelation: You don't reveal WHICH good source—just that it's in the set

// Withdraw with compliance proof
const tx = await privchain.privacy.withdraw({
  note: myNote,
  recipient: newAddress,
  compliance: {
    associationSet: 'clean-sources-v1',
    proofType: 'inclusion'
  }
});

Privacy Guarantees

What's Hidden

• ✅ Your deposit address
• ✅ Your withdrawal address
• ✅ The link between deposit and withdrawal
• ✅ Your total holdings
• ✅ Transaction timing (with relayers)

What's Revealed

• ❌ That someone deposited X PRIV
• ❌ That someone withdrew X PRIV
• ❌ The pool you used
• ❌ Compliance attestations (if used)

Pool Types

Standard Pool

• Purpose: General privacy for all users
• Minimum: 10 PRIV
• Use case: Basic transaction privacy

High-Value Pool

• Purpose: Larger transactions with deeper liquidity
• Minimum: 1,000 PRIV
• Use case: Significant holdings, institutional

Agent-Only Pool

• Purpose: Exclusive pool for verified AI agents
• Minimum: 100 PRIV
• Use case: Agent-to-agent transactions
• Requirement: Valid Agent Identity attestation

Security Considerations

Never Share Your Note

The secret note is proof of ownership. Anyone with it can withdraw your funds. Treat it like a private key.

Best Practices

1. Store notes encrypted - Use a password manager or HSM
2. Wait before withdrawing - Let the anonymity set grow
3. Use relayers - They submit transactions for you, hiding your IP
4. Rotate addresses - Never reuse withdrawal addresses
5. Mind the amounts - Unique amounts can be traced

Coming Soon

Privacy pools are currently in development. Expected features:

• [ ] Standard pool (Q1 2024)
• [ ] Association set proofs (Q2 2024)
• [ ] Agent-only pools (Q2 2024)
• [ ] Cross-chain privacy (Q3 2024)

Join our Discord to stay updated on the launch.