Whitepaper

SolNinja: Practical, Verifiable Privacy for Solana

A concise, rigorous overview of our construction, security goals, and performance traits—engineered for production, proven with mathematics.

Abstract

SolNinja introduces a shielded-state construction on Solana that enables confidential deposits, transfers, and withdrawals while preserving verifiability, liveness, and predictable fees. We combine succinct zero-knowledge proofs with structured commitments and constrained disclosure to provide unlinkability across ordinary user flows, with opt-in verifiability for compliance.

Goals

Unlinkability under standard adversaries
Non-custodial, deterministic fees
Verifiable opt-in disclosures
Composable with Solana programs

Construction Overview

At a high level, SolNinja maintains a private state of commitments representing shielded balances. Clients produce succinct proofs that attest to correct state transitions (e.g., balance conservation, membership, and nullifier freshness) without revealing underlying identities or amounts. Public events capture minimal metadata necessary for system integrity and optional disclosures.

Our design avoids publishing precise algorithmic parameters that would invite replication; instead, we specify property constraints and proof relations. The exact CRS setup, circuit partitioning, and batching policy are elided while their existence is justified by the mathematics below.

Security Model

We target strong unlinkability under passive network observations and honest-but-curious validators, and transaction privacy against active adversaries constrained by Solana’s runtime. We assume proof system soundness and collision-resistance of the hash family. The state transition circuits enforce conservation, membership, and spentness via nullifiers.

Assumptions

Soundness of the underlying zk system
Collision resistance of the hash/commitment scheme
Availability/liveness of Solana scheduler
Secure client key management

Mathematical Sketch

Let C be a commitment scheme with binding and hiding, H a collision-resistant hash, and Π a succinct zk proof system. A transaction τ proves: (1) membership of inputs in the commitment tree (via Merkle paths), (2) conservation of value across inputs/outputs, and (3) freshness of nullifiers to prevent double-spend. Formally, the relation R(τ) is satisfied iff these predicates hold and no auxiliary leakage is present.

Under the standard assumptions, Π attests to R(τ) without revealing witnesses. Unlinkability follows because for any two valid sequences yielding identical public summaries, an adversary constrained to public data cannot distinguish the preimages except with negligible advantage. The hiding of C and the CR of H preserve indistinguishability of leaves and paths even under adaptive queries.

Relation: R(τ) := Mem(inputs) ∧ Cons(inputs, outputs) ∧ Fresh(nullifiers)

Proof: Π ⊢ R(τ) with witness w; VK verifies in O(log n)

Unlinkability: ∀ τ₁, τ₂ consistent with summaries S, Adv distinguishes with ≤ negl(λ)

Performance Notes

Verification complexity scales logarithmically with the tree size (Merkle path length), and linear in the number of constraints chosen per circuit segment. Batching strategies and curve choices are intentionally omitted; we only assert that the chosen parameters meet target TPS and latency within Solana’s compute budget based on standard bounds.

Verification: O(log n) for membership
Nullifier checks: O(1) expected with hashed set
Proof size: succinct; bounded by constants per segment
Client time: parallelizable proving tasks

We demonstrate that a non-custodial, verifiable privacy layer can exist on Solana without revealing sensitive parameters. Full circuit specifications and CRS details will be published following independent security reviews.