Confidential transfer

How it works

Connect your wallet and paste a Token-2022 mint with the confidential-transfer extension. SolKnife reads the mint and your associated token account, classifies the state, and unlocks the operation buttons that apply. The proof worker runs in your browser: it holds the secret keys for the session, builds the ZK proofs (equality, range, validity, zero-ciphertext), and posts only the proof bytes + ciphertexts to the server. The server assembles unsigned transactions, the client re-verifies their structure against a strict allowlist before your wallet signs, and the server self-submits.

Amount privacy

Only the amount of a transfer is encrypted. The sender, receiver, and the fact a transfer happened are public on Solana, exactly as for any other token transfer.

Not a mixer

Confidential transfer is a Token-2022 protocol feature, audited by the Solana ecosystem. It does not obscure addresses, does not pool funds across users, and does not break compliance.

Auditor key

An optional ElGamal pubkey set on the mint. Whoever holds the matching secret can decrypt every transfer amount on the mint. A mint with no auditor is private to the parties of each transfer.

Pending vs available

Incoming credits land in a pending balance and must be folded into the available balance with ApplyPendingBalance before they can be spent or seen as part of the regular balance.

Withdraw

Moves funds from the confidential available balance back to the public token balance. The amount becomes public at this step (that is what makes it a withdraw), but the prior confidential balance is not revealed. Requires two ZK proofs (equality + 64-bit range) and runs as a 5-transaction saga signed in one wallet approval.

Orphan proof accounts

If a Withdraw saga is interrupted (tab crash, expired blockhash), the two ephemeral context-state accounts the saga created keep holding rent until closed. The tool scans the chain for any context-state accounts your wallet authorizes and reclaims the rent in one approval.