Veil Logo
Docs
/getting started
/Overview

Overview

What is Veil?

Overview

Veil provides production-ready privacy primitives for Solana applications. Built with a Python-first API powered by high-performance Rust cryptography, Veil makes zero-knowledge proofs and private transactions accessible to Python developers without sacrificing performance.

Enable private transactions on Solana using Groth16 zkSNARKs. Shield your assets, transfer privately, and unshield without revealing amounts, senders, or recipients on-chain.

Current Status: Phase 3G complete (SDK hardening). Requires trusted setup ceremony (Phase 4) before mainnet deployment.

Features

Python-First Design

  • Intuitive API for Python developers
  • Comprehensive type hints and documentation
  • Async/await support for Solana integration
  • Zero Rust knowledge required
  • Works seamlessly with existing Python tooling

Rust Performance

  • Cryptographic operations run at native speed
  • Groth16 zkSNARK proofs: 5-10 seconds generation
  • ~7,000 R1CS constraints on BN254 curve
  • Poseidon hash optimized for zkSNARKs (~200 constraints/hash)
  • PyO3 bindings for seamless Rust-Python integration

Production-Ready Cryptography

  • Circuit-safe nullifier derivation (two-step Poseidon)
  • Incremental Merkle tree (depth 20, ~1M leaves)
  • ECDH + ChaCha20-Poly1305 note encryption
  • 80 passing tests with comprehensive coverage
  • Phase 3G complete (SDK hardening)

Complete Privacy

  • Shielded amounts, senders, and recipients
  • ECDH note encryption for recipient discovery
  • Unlinkable nullifiers prevent transaction graph analysis
  • 30-root history prevents front-running attacks
  • Mathematically enforced privacy (information-theoretic for amounts)

Relayer Support

  • Submit transactions without revealing IP address
  • Configurable fee markets (default: 0.3%, max: 5%)
  • Multiple relayer selection strategies
  • Gas abstraction for end users
  • Implemented and ready for self-hosting (public network in v0.2.0)

Use Cases

AI Agents with Private State

  • Autonomous agents that need to hold and transfer assets privately
  • Trading bots that don't reveal strategies through transaction patterns
  • Multi-agent systems with confidential coordination

Institutional DeFi

  • Large transfers without revealing positions
  • Private OTC settlements
  • Confidential treasury management
  • Compliance-compatible privacy (selective disclosure)

Trading Bots (MEV Protection)

  • Hide trade amounts and patterns from front-runners
  • Private limit orders
  • Confidential arbitrage execution
  • Prevent sandwich attacks

Privacy-Preserving Payments

  • Peer-to-peer transfers without public transaction graphs
  • Payroll with hidden salary amounts
  • Donations and grants with recipient privacy
  • Cross-border transfers without surveillance

How It Works

Veil combines several cryptographic primitives to achieve complete transaction privacy:

  1. Pedersen Commitments hide amounts while allowing verification

    • Formula: C = amount * G + blinding * H (on BN254 G1)
    • Perfectly hiding (information-theoretic)
    • Computationally binding (under discrete log assumption)

  2. Circuit-Safe Nullifiers prevent double-spending

    • Two-step derivation: spending_key = Poseidon(secret), nullifier = Poseidon(spending_key, index)
    • Unlinkable to commitments without secret
    • PDA-based tracking on Solana

  3. Groth16 zkSNARKs prove transaction validity

    • ~7,000 R1CS constraints
    • Proves commitment membership, nullifier correctness, amount conservation
    • 256-byte proofs verified on-chain in ~200k CU

  4. ECDH Note Encryption enables recipient discovery

    • Encrypt note data with recipient's public key
    • Forward secrecy via ephemeral keys
    • Trial decryption for note scanning

  5. Relayer Network hides IP addresses

    • Submit via third-party relayers
    • Breaks IP-to-transaction link
    • Configurable fees (~0.3%)

Current Status

Phase 3G: SDK Hardening ✅ Complete

  • Groth16 proof system implemented
  • ~7,000 constraint circuit finalized
  • Relayer infrastructure functional
  • ECDH note encryption working
  • 80 tests passing

Phase 4: Trusted Setup 🔄 In Progress

  • Multi-party computation ceremony planned
  • 100+ participants for security
  • Required before mainnet deployment

What's Ready:

  • ✅ Full Python SDK
  • ✅ Rust cryptographic core
  • ✅ Solana on-chain program
  • ✅ Groth16 proof generation and verification
  • ✅ Relayer protocol (self-host ready)
  • ✅ Note encryption and scanning

What's Coming:

  • 🔄 Trusted setup MPC ceremony (Phase 4)
  • 🔄 Public relayer network (v0.2.0)
  • 🔄 Multi-asset support (Phase 5)
  • 🔄 Advanced features (shielded pools, compliance)

Performance

OperationTimeCost
Shield<1s~50k CU (~0.00005 SOL)
Private Transfer5-10s client + 3s on-chain~200k CU (~0.0002 SOL) + relayer fee (optional 0.3%)
Unshield5-10s client + 3s on-chain~150k CU (~0.00015 SOL)
Note Scan~5s per 1,000 notesRead-only (free)

Hardware Requirements (Client-Side):

  • Proof generation: 2-4 GB RAM, modern CPU
  • Other operations: Minimal resources

Security

Cryptographic Assumptions:

  • BN254 discrete logarithm is hard (~128-bit security)
  • Trusted setup has at least one honest participant
  • Poseidon hash is collision-resistant
  • ChaCha20-Poly1305 is secure AEAD

Privacy Guarantees:

  • Amount privacy: Information-theoretic (perfect hiding)
  • Sender privacy: Computational (unlinkable nullifiers)
  • Recipient privacy: Computational (unlinkable commitments)
  • Transaction graph: Completely broken (no links between inputs/outputs)

Known Limitations:

  • Timing analysis (deposits/withdrawals are public events)
  • IP exposure without relayers
  • Requires trusted setup (MPC ceremony mitigates)

See Privacy Model for detailed security analysis.

Next Steps

Community & Support

  • Documentation: veil-sdk.com
  • GitHub: Report issues and contribute
  • Discord: Join the community (coming soon)

License

MIT License - See LICENSE file for details

Installation