PrivacyArchitecture
System Architecture
Technical overview of Universal Private Pools
Tech Preview
Architecture may change before mainnet.
Design Principles
- Privacy with compliance - Hide details from observers, maintain auditability
- No relayers - Users pay gas directly
- Multi-token - Single pool for all ERC-20 tokens
Why Universal Pool?
Privacy needs a large anonymity set - the group your transaction could belong to.
Per-token pools fragment this. A universal pool combines all users:
Per-token: UPD (1000) + USDC (500) + DAI (200) = fragmented
Universal: All tokens in one pool = 1700 usersSystem Diagram
Key Components
State Merkle Tree
Stores note commitments using LeanIMT (Lean Incremental Merkle Tree):
- Depth: 32 levels (~4B notes)
- Hash: Poseidon
- Root history: 64 recent roots for timing flexibility
Nullifier Set
Prevents double-spending. When a note is spent, its nullifier is recorded. Same note can't be spent twice.
ASP Registry
Manages compliance providers. Each ASP maintains a Merkle tree of approved origins.
Operations
| Operation | Input | Output | Gas |
|---|---|---|---|
| Shield | Public tokens | 1 note | ~150k |
| Transfer | 1 note | 2 notes | ~350k |
| Merge | 2 notes | 1 note | ~400k |
| Withdraw | 1 note | Public tokens | ~350k |
Token Support
Any ERC-20 works. Token address is included in commitment:
commitment = Poseidon(amount, blinding, origin, token)No "transmutation" - what you deposit is what you withdraw.
Cryptographic Stack
| Component | Primitive | Security |
|---|---|---|
| Commitments | Poseidon hash | ~128 bits |
| Keys | BabyJubJub curve | ~128 bits |
| Proofs | Groth16 | ~128 bits |
| Encryption | AES-GCM | ~128 bits |