What is Arcane?

Privacy protocol on Solana using zero-knowledge proofs

Arcane is a non-custodial privacy protocol on Solana. You deposit tokens into a shared pool and withdraw them to a different address. The on-chain link between the two addresses is broken using zk-SNARKs.

Core Principles

Immutable

Contracts are deployed on Solana with no admin keys, no upgrade mechanism, and no backdoors. Once deployed, the code cannot be changed.

Non-Custodial

Arcane never holds your funds. Each deposit generates a private note that only you control. The smart contract releases funds only when presented with a valid proof.

Zero-Knowledge

Uses zk-SNARKs so you can prove you own a deposit without revealing which deposit is yours. The verifier learns nothing except that the proof is valid.

Decentralized UI

The frontend is hosted on IPFS by community members. No single party can take it down or censor access.

zk-SNARKs on Solana

Previous privacy protocols (like Tornado Cash) implemented zk-SNARKs on Ethereum. Arcane rebuilds the same cryptographic architecture in Rust, adapted for Solana's runtime and account model.

The cryptographic guarantees are the same — the implementation is rewritten from scratch to work natively with Solana programs.

How Does Arcane Work?

Deposit, mix, withdraw — the basic flow

Overview

Arcane runs a set of smart contracts on Solana that act as mixing pools. You deposit tokens from one address and withdraw them from a different one. Because every deposit goes into the same pool, an outside observer can't tell which deposit belongs to which withdrawal.

Deposit from Address A

You send tokens into an Arcane pool. The protocol generates a private note — this is the only thing that can authorize a withdrawal of those funds later.

Funds sit in the pool

Your deposit is mixed with everyone else's. The more deposits in the pool, the harder it is to trace any single one.

Withdraw to Address B

You present your private note to withdraw from a completely different address. The on-chain link between A and B is broken.

After withdrawal, there is no on-chain connection between the deposit address and the withdrawal address. They look like two unrelated transactions.

Custody

The smart contract holds the tokens. You hold the private note. Only a valid zero-knowledge proof (derived from your note) can release the funds. Arcane has no admin access, no override, and no way to freeze or move deposited tokens.

If you lose your private note, your funds are gone. There is no recovery. Back it up.

Tips for Better Privacy

Use a Relayer

Relayers submit the withdrawal transaction for you, so your withdrawal address never pays gas directly.

Wait

More time between deposit and withdrawal means more transactions in between. That's a larger anonymity set.

Fresh address

Withdraw to a brand new address. Reusing addresses creates patterns that chain analysis can pick up on.

Fees

What you pay to use Arcane

Arcane has no protocol-level deposit fee. On withdrawal, a total of 1% is deducted: 0.5% to the relayer and 0.5% to the DAO Treasury. Your withdrawal address receives the rest.

Action	Fee	Who pays
Deposit	None	—
Withdrawal	1% of withdrawn amount (0.5% relayer + 0.5% DAO Treasury)	Deducted from the withdrawal; your withdrawal address receives the rest

Relayer fee

Half of the withdrawal fee (0.5%) goes to the relayer that submits your transaction. Relayers may set different fees; the UI uses weighted selection that favors lower fees. You never pay gas from your withdrawal address — the relayer covers it and takes their fee from the amount you withdraw.

DAO Treasury

The protocol takes 0.5% of each withdrawal for the DAO Treasury. This funds protocol development, governance, and ecosystem initiatives.

Deposit transactions still cost Solana network fees (gas). You pay those from the wallet you use to deposit. Withdrawals are submitted by the relayer, so your withdrawal address does not need SOL.

Supported Wallets

Wallets you can use with Arcane

Connect with any Solana wallet that works in the browser. The app supports the following:

Wallet	Platform	Notes
Phantom	Browser extension, mobile	Full support
Solana Seeker	Android (Chrome)	Mobile Wallet Adapter; connect to Seed Vault, Phantom, Solflare on device
Solflare	Browser extension, mobile	Full support
Other Solana wallets	Browser	Any wallet that injects a standard Solana provider (Wallet Standard) should work

Solana Seeker (mobile)

On Android in Chrome, you can connect via Solana Seeker. This uses the Mobile Wallet Adapter so the app can talk to wallet apps on your phone (e.g. Seed Vault, Phantom, Solflare). Solana Seeker is not available on iOS or in non-Chrome Android browsers.

If your wallet does not appear, make sure it is installed and that you are using a supported browser. For mobile, use Chrome on Android for Solana Seeker.

How Is Privacy Achieved?

Commitments, proofs, and the on-chain link break

The On-Chain Link Problem

On a public blockchain, every transaction is visible. If you send tokens from address A to address B, anyone can see that connection. Arcane breaks this link by putting a pool in between — you deposit from A, someone else (or you, later) withdraws from B, and a zk-SNARK proof is the only thing connecting the two. That proof reveals nothing about which deposit is being withdrawn.

   ┌─────────────┐                                  ┌─────────────────┐
   │  Address A   │                                  │   Address B     │
   │  (sender)    │                                  │   (recipient)   │
   └──────┬───────┘                                  └────────▲────────┘
          │ Deposit                                           │ Withdrawal
          ▼                                                   │
   ┌─────────────┐       ┌───────────────┐       ┌───────────┴──────┐
   │   Relayer    │──────▶│  Arcane Pool  │◀──────│     Relayer      │
   │  (deposit)   │       │               │       │   (withdrawal)   │
   └──────────────┘       │  zk-SNARK     │       └──────────────────┘
                          │  (no link     │
                          │   revealed)   │
                          └───────────────┘

Deposit

You deposit tokens and the protocol computes a commitment — a hash of two secret values only you know. This commitment is stored on-chain in a Merkle tree.

Prove

To withdraw, you generate a zero-knowledge proof that says "I know the secret behind one of the commitments in this tree" — without saying which one.

Withdraw

The contract verifies the proof, checks the nullifier hasn't been used (no double-spend), and releases the funds to your withdrawal address. No link to the original deposit is ever exposed.

Maximizing Privacy

Strategy	Why
Use a relayer	Your withdrawal address never appears as the transaction sender
Wait before withdrawing	More deposits happen in between, growing the set of indistinguishable transactions
Use a fresh address	Reused addresses create patterns that chain analysis tools can correlate
Vary your behavior	Don't deposit and withdraw at the same time of day, same amounts, or from the same IP

zk-SNARKs & Hashing

The cryptography behind deposits and withdrawals

zk-SNARKs let you prove you know something without revealing what it is. In Arcane, you prove you own a deposit without revealing which one.

Deposit

Generate secrets

The protocol generates random bytes and splits them into two values:

Value	Role
Secret	Used to build the commitment hash
Nullifier	Used at withdrawal to prevent double-spending

Hash the commitment

The two values are hashed together using Poseidon:

commitment = Poseidon(nullifier, secret)

Why Poseidon? It's built for zk-SNARK circuits — works over finite fields, avoids expensive bitwise ops, and produces small proof circuits.

Add to the Merkle tree

The commitment goes on-chain as a leaf in a Poseidon-based Merkle tree. The contract stores the root; the full tree is reconstructable from on-chain data.

          [Merkle Root]
         /             \
      [H1]             [H2]
     /    \           /    \
  [H3]   [H4]     [H5]   [H6]
  /  \   /  \     /  \   /  \
 C1  C2 C3  C4   C5  C6 C7  ← your commitment

Withdrawal

To withdraw, you reconstruct the secret and nullifier from your stored note. The nullifier gets hashed:

nullifierHash = Poseidon(nullifier)

What the contract checks

Nullifier is unused

The nullifier hash hasn't been submitted before. This prevents double-spending — each deposit can only be withdrawn once.

Proof is valid

The zk-SNARK proof checks out. The contract verifies it without seeing any of the private inputs (secret, nullifier, Merkle path).

Commitment exists

The proof confirms the commitment is in the Merkle tree — meaning a real deposit was made — without revealing which leaf it is.

What stays private

Secret

Never leaves your device. Not sent to the contract, the verifier, or the network.

Nullifier

Only its hash is published on-chain. The raw value is never exposed.

Merkle path

The proof uses the path internally, but the verifier doesn't learn which branch your commitment sits on.

Leaf position

Your deposit's index in the tree is hidden. It's indistinguishable from every other leaf.

Security & Audits

Smart contract security and third-party audits

Arcane's smart contracts are designed to be immutable and trustless. Security is a priority from the ground up: no admin keys, no upgrade backdoors, and no single point of failure.

Audits

Third-party audits provide independent verification of the protocol's correctness and security. We will publish audit reports here as they are completed.

CertikReport link coming soon

Full smart contract and protocol security audit. The audit report will be linked here when available.

Always verify contract addresses and audit reports through official channels. Links on this page will point to the canonical audit publications.

Security assumptions

Arcane's security relies on:

Cryptographic assumptions — Poseidon and the zk-SNARK proof system are used as designed; no known attacks apply to the parameter sets we use.
Solana runtime — We assume the Solana network and its program runtime behave as specified.
No admin keys — Contracts have no upgrade path and no privileged roles. Once deployed, logic cannot be changed.

Compliance and screening

This application may use optional compliance tooling (e.g., wallet screening for high-risk or sanctioned addresses) at the interface level only. Such checks are not enforced by the protocol. The protocol itself is permissionless; users may interact with it via other interfaces or direct contract interaction. Compliance tooling is published as optional and is not a condition of using the protocol.

Smart contracts carry risk. Use the protocol at your own risk. This documentation does not constitute legal or financial advice.

What Is a Relayer?

Third-party transaction submitters for private withdrawals

A relayer is someone who submits withdrawal transactions on your behalf. Instead of your withdrawal address paying gas and showing up as the sender, the relayer's address does. You pay them a small fee from the withdrawn amount.

Hides your address

Your withdrawal address never appears as the transaction sender on-chain.

Trustless

Relayers can't steal, redirect, or block your funds. The zk-SNARK proof locks in the recipient address — the relayer just submits it.

No gas needed

Your withdrawal address doesn't need SOL for gas fees. The relayer covers gas and takes their fee from the withdrawal.

Open network

Anyone can run a relayer. There's no approval process or centralized registry beyond the on-chain staking requirement.

Flow

Build proof locally

You generate a zk-SNARK withdrawal proof on your device using your private note.

Send to relayer

The proof and withdrawal details are sent to a relayer. The relayer can't extract any private information from this data.

Relayer submits tx

The relayer submits the transaction from their own wallet. On-chain, it looks like the relayer initiated it.

You receive funds

The contract sends tokens directly to your specified withdrawal address, minus the relayer fee.

Relayer gets paid

The relayer receives a 0.5% fee from the withdrawn amount.

The relayer never learns who you are, where the deposit came from, or what the funds are for. They just submit a valid proof and collect a fee.

Become a Relayer

Requirements, setup, and how selection works

To get listed in the Arcane UI, you need to stake at least 10M ARCANE tokens (1% of total supply). This threshold can be changed by governance vote.

Parameter	Value
Minimum stake	10,000,000 ARCANE (1% of supply)
Fee	0.5% of the withdrawal amount
Fee collection	Deducted automatically from the transfer
Governance	Stake threshold is adjustable via vote

Relayer Selection

The UI picks a relayer for each withdrawal using weighted random selection:

Read the registry

The list of registered relayers is read from the on-chain Relayer Registry contract.

Score each relayer

Each relayer gets a score based on how much they've staked and what fee they charge. More stake and lower fee = higher score.

Pick one

A relayer is chosen randomly, weighted by score. Higher-scoring relayers get picked more often.

Scoring formula

score = stake × [1 - 25 × (fee - 0.33)²]

The optimal fee is around 0.33%. Going much higher tanks your score. Staking more is the main way to get selected more often.

Setup

1. Run the software

Deploy the Arcane Relayer via Docker Compose on Solana Mainnet. Point it at your own RPC nodes.

2. Register an SNS domain

Set up an SNS subdomain and add a TXT record pointing to your relayer URL.

3. Configure workers

Workers are the keypairs your relayer uses to submit proofs. Use multiple for redundancy.

4. Stake tokens

Lock at least 10M ARCANE to appear in the UI's relayer list.

Running a relayer means running infrastructure — servers, uptime monitoring, and a significant token stake. Make sure you understand the operational commitment.

Secret Notes

Deposit notes, encrypted backups, and account setup

Every deposit generates a secret note — a string that's the only way to withdraw those funds. Arcane stores encrypted backups of these notes on-chain so you don't have to manage them manually.

What is a secret note?

When you deposit, the protocol generates random bytes and splits them into a secret and a nullifier. These get combined into a single string — your secret note. The note is the private key to your deposit. Only its hashed commitment is stored on-chain.

Lose your note with no backup = lose your funds. There's no recovery. Back it up.

On-chain Note Account

Arcane can store encrypted copies of your notes on Solana, tied to your wallet. This is your Note Account.

Encrypted on-chain

Notes are encrypted with a key derived from your wallet before being written to Solana. Validators, indexers, and Arcane devs can't read them.

Decrypted in your browser

When you reconnect, the encrypted blobs are fetched from on-chain and decrypted locally. Your key never leaves your device.

Auto-synced

New deposits automatically add an encrypted backup to your Note Account. You can also add notes manually from other wallets or sessions.

First-time setup

If your wallet doesn't have a Note Account yet, the app walks you through creating one:

Connect wallet

The app checks on-chain for an existing Note Account linked to your address.

Key generated

No account found → a new encryption key is generated in your browser. It's shown once. Not stored anywhere else.

Save the key

Copy it to a password manager, write it down, or save it in an encrypted file. You have to confirm you've saved it before the account is created.

Done

Your Note Account is live on-chain. All future deposits are automatically backed up, encrypted with your key.

The key is shown once. If you lose it and didn't enable on-chain key backup, your encrypted notes can't be decrypted.

Returning users

If you already have a Note Account, reconnecting your wallet detects it automatically. Enter your key to decrypt your notes locally.

What you can do

Connect wallet

Detects your Note Account on-chain.

Decrypt notes

Enter your key → notes are decrypted in-browser. Nothing goes to a server.

View notes

See all your notes with pool, amount, tx hash, commitment, and spent/active status.

Add backup

Manually add a note from another session or wallet to your on-chain backup.

Actions per note

Action	What it does	When
Withdraw	Start a withdrawal via relayer using this note	Active notes
Compliance report	Generate a verifiable proof linking your deposit and withdrawal	Any note
Add backup	Encrypt and save to your on-chain Note Account	Anytime
Copy	Copy the raw note string to clipboard	Any note

Keep an offline backup too — write notes down or save them in an encrypted file on a device that isn't connected to the internet.

Compliance Tool

Selectively prove where your funds came from

Arcane breaks the on-chain link between deposit and withdrawal addresses. That's the point. But sometimes you need to prove where your funds came from — to an exchange, a regulator, or an auditor. The Compliance Tool lets you do that without affecting anyone else's privacy.

You paste your secret note, the tool looks up the deposit (and withdrawal, if spent) on-chain, and generates a verifiable report linking the two. Only you can do this — no one else has your note.

How it works

Paste your note

Enter the secret note from your deposit. It's the same string you'd use to withdraw — it identifies your specific commitment in the Merkle tree.

On-chain lookup

The tool derives the commitment from your note, checks it against the on-chain Merkle tree, and pulls the deposit transaction data.

Report generated

You get a report with the deposit details. If the note has already been spent, withdrawal details are included too.

Download

Export as PDF. Share it with whoever needs to see it.

What's in the report

Depends on whether the note has been spent:

Unspent note

Deposit data only:

Deposit tx hash

Sender address

Commitment hash

Pool and amount

Spent note

Deposit data plus withdrawal data:

Withdrawal tx hash

Recipient address

Nullifier hash

Fee paid and relayer used

What the report proves

The report re-links a deposit and withdrawal address using the commitment and nullifier hash. Only the note holder can generate it. It proves three things:

Where funds came from

Which address deposited, when, into which pool, and for how much.

Where funds went

Which address received the withdrawal, the fee, and the relayer that submitted it.

Mathematical link

The commitment and nullifier hash cryptographically tie the deposit to the withdrawal. This is verifiable by anyone with the report.

Only the note holder can generate this report. Nobody can force it. Your privacy holds until you decide to share.

Generating a compliance report for your note doesn't affect anyone else. The anonymity set for all other deposits in that pool stays the same.

FAQ

Frequently asked questions

Is there a deposit fee?

No. Arcane has no protocol fee for deposits. You only pay the normal Solana network fee (gas) when you submit the deposit transaction from your wallet.

Where are my secret notes stored?

We never store your secret notes, and they are never sent to any server. Everything happens client-side in your browser. Notes are generated locally, and if you use the on-chain Note Account, you encrypt them yourself before they are written to the blockchain. Only you hold the key to decrypt them.

Why do I need a relayer to withdraw?

The relayer submits the withdrawal transaction so your withdrawal address never appears as the sender on-chain. That improves privacy. The relayer takes a small fee (0.5%) from the amount you withdraw and covers the gas.

What if I lose my secret note?

There is no recovery. Only the note can authorize a withdrawal. If you have an encrypted backup in your Note Account, you still need your decryption key to read it. Back up both the note (or your Note Account key) and the key in a safe place.

Can I withdraw without a relayer?

The protocol is designed for relayer-submitted withdrawals so your address stays off-chain as the sender. Check the docs or app for any direct-withdraw option; if none, you need a relayer.

How long should I wait before withdrawing?

There is no fixed rule. Longer waits mean more deposits in the pool and a larger anonymity set, which is better for privacy. You can withdraw as soon as the protocol allows if you accept weaker privacy.

Which tokens can I deposit?

Arcane supports specific pools (e.g. SOL, wBTC, wETH). Check the app for the list of pools and accepted denominations.

Is my Note Account key stored on-chain?

No. The key is generated in your browser and shown once. Encrypted notes are stored on-chain; only you can decrypt them with your key. If you enable an optional on-chain key backup, that is encrypted too.

What is the Compliance Tool for?

It lets you generate a verifiable report that links a specific deposit to a withdrawal. Only you can do this (with your secret note). Useful for proving source of funds to an exchange or auditor without revealing others' activity.

Glossary

Key terms used in Arcane

Anonymity set

The set of deposits that could correspond to a given withdrawal. The larger the pool and the more time between deposit and withdrawal, the larger the anonymity set and the stronger the privacy.

Commitment

A hash (from your secret and nullifier) stored on-chain when you deposit. It represents your deposit in the Merkle tree without revealing which address deposited or the underlying secrets.

Merkle tree

A tree of hashes whose root is stored on-chain. Your commitment is one leaf. To withdraw, you prove knowledge of a leaf that hashes up to the current root, without revealing which leaf.

Nullifier

A secret value that is hashed and published on-chain when you withdraw. Each nullifier can only be used once, preventing double-spends. The nullifier does not reveal which deposit was withdrawn.

Nullifier hash

The hash of the nullifier, stored on-chain when you withdraw. The contract checks it has not been used before. Only the note holder can compute it.

Note Account

An on-chain account that stores encrypted backups of your secret notes, tied to your wallet. You decrypt them locally with a key only you have.

Pool

A smart-contract vault for one token type (e.g. SOL, wBTC). All deposits of that token go into the same pool and are mixed together.

Poseidon

A hash function designed for zk-SNARK circuits. Arcane uses it to compute commitments and nullifier hashes so proofs stay small and fast.

Relayer

A third party that submits your withdrawal transaction on your behalf. Your withdrawal address never pays gas or appears as the sender; the relayer does and takes a fee.

Secret note

The private string generated when you deposit. It encodes the secret and nullifier needed to withdraw. Only you have it; losing it means losing access to those funds.

zk-SNARK

Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. A proof that you know something (e.g. a valid commitment in the tree) without revealing what it is. The contract verifies the proof without seeing your secrets.