> For the complete documentation index, see [llms.txt](https://docs.useshadowpay.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.useshadowpay.com/privacy-and-confidential-transfers/confidential-transfers.md).

# Confidential Transfers Explained

ShadowPay's privacy model rests on one core distinction: confidentiality, not anonymity. Addresses stay visible on Solana. Amounts do not.

This page walks through the cryptography that makes that possible.

***

## The building block: Confidential Balances

ShadowPay is built on Solana's Confidential Balances token extension (part of Token-2022), which launched in April 2025. It uses two techniques together:

* **ElGamal encryption** to encrypt account balances and transfer amounts homomorphically, meaning the network can add and subtract encrypted values without ever decrypting them
* **Zero-knowledge range proofs** to prove that an encrypted transfer is valid (the sender has sufficient balance, the amount is non-negative) without revealing what the amount actually is

Put together, the network can verify a transfer is legitimate and update both parties' encrypted balances correctly, all without learning the amount involved.

***

## What a standard Solana transfer looks like

```
Sender Address [PUBLIC] → Amount [PUBLIC] → Receiver Address [PUBLIC]
```

Anyone with an RPC connection can read the exact amount of every transfer, forever.

***

## What a ShadowPay transfer looks like

```
Sender Address [PUBLIC] → Amount [ENCRYPTED] → Receiver Address [PUBLIC]

Proof: a zero-knowledge proof that the encrypted amount is valid,
       without revealing the amount itself
```

***

## Step by step

1. You initiate a transfer in the ShadowPay app.
2. Your device's Privacy Engine generates a ZK proof locally, using your account's decryption key. The plaintext amount never leaves your device.
3. The encrypted transfer and its proof are submitted to Solana as a Confidential Balances instruction.
4. Solana's runtime verifies the proof and updates both parties' encrypted balances on-chain. Addresses remain public. The amount is ciphertext.
5. Only the sender and receiver, using their private decryption keys, can decrypt the amount and see what moved.
6. For compliance, you can generate a selective disclosure proof that reveals a specific transaction's amount to a chosen third party, such as an auditor, without exposing any other transaction. See [Selective Disclosure & Audit Export](/privacy-and-confidential-transfers/selective-disclosure.md).

***

## Why this matters

Public blockchains solved verifiability by making everything visible. That trade-off works for auditors and analysts, but it means anyone can watch your salary, your rent, or your runway in real time. ShadowPay keeps the verifiability, meaning a transfer's validity is still checked by the network and permanently recorded, while removing the surveillance cost.

***

## Performance

ZK proof generation happens client-side, in the browser or the mobile app, using WASM. On modern devices this adds a small, sub-second delay before a transfer is submitted. Low-power devices fall back to a server-assisted proof generation path where the amount is still never transmitted in plaintext; only proof inputs derived client-side are used.

***

## Next

* [Selective Disclosure & Audit Export](/privacy-and-confidential-transfers/selective-disclosure.md)
* [Key Management & Custody](/privacy-and-confidential-transfers/key-management.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.useshadowpay.com/privacy-and-confidential-transfers/confidential-transfers.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
