Transfers

What is a Shielded Transfer?

A shielded transfer moves funds from your note to a new note owned by the recipient's public key — all without leaving the privacy pool. Your input note is consumed (nullified), and two new commitments are created: one for the recipient's amount and one for your change.

On-chain, only nullifiers and new commitments are visible. No amounts, no sender identity, no recipient identity. The entire operation is proven valid by an FFLONK zero-knowledge proof.

Transfer vs Withdraw

Step by Step

1. 01

   Enter amount and recipient

   Type the ETH amount and the recipient's stealth username (e.g. dust.bob) or their V2 owner public key directly.

2. 02

   Resolve recipient public key

   The browser looks up the recipient's ownerPubKey from the ERC-6538 stealth meta-address registry on-chain. This is the Poseidon hash of their spending key.

3. 03

   Generate FFLONK proof

   A 2-in-2-out circuit proof is generated locally in the browser, consuming your input note and producing two output commitments: one for the recipient and one for your change.

4. 04

   Create recipient output note

   The output note is encrypted with the recipient's public key. Only the recipient can derive the blinding factor and detect the note when scanning the pool.

5. 05

   Relayer submits and recipient scans

   The relayer submits the proof on-chain. The recipient's scanner detects the new commitment and adds the note to their local encrypted store.

Recipient Resolution

Stealth usernames (like dust.bob) resolve to public keys through the on-chain ERC-6538 registry. When a user completes onboarding, their stealth meta-address is registered — mapping their chosen username to the cryptographic keys needed to receive shielded transfers.

You can also paste a raw V2 owner public key (hex) directly into the recipient field, bypassing username resolution entirely.