Private Payments. Zero Trace.

SilentPay lets you deposit and withdraw SOL or USDC without anyone linking the two. Powered by Groth16 zk-SNARKs and Merkle tree anonymity pools — fully on-chain, non-custodial.

Join Waitlist How It Works
How It Works

Three steps to complete privacy

No mixer operator, no custodian, no KYC. The math does the work.

STEP 01

Deposit into a Pool

Choose a fixed denomination (e.g. 0.1 SOL or 1 SOL). Your wallet sends the exact amount into the on-chain anonymity pool. A cryptographic commitment is inserted into the Merkle tree — your identity is never stored.

STEP 02

Keep Your Secret Note

Before the transaction, a secret note is generated entirely in your browser — never sent to any server. This note contains the nullifier and secret needed to prove ownership and withdraw. Back it up securely offline.

STEP 03

Withdraw to a Fresh Wallet

At any time, paste your secret note and a destination address. A zk-SNARK proof is generated in your browser, proving you own a valid deposit — without revealing which one. Funds arrive in your clean wallet, on-chain link broken.

Architecture

Zero-knowledge
privacy primitives

Every transaction is backed by a Groth16 proof circuit compiled with Circom. The proof is verified on-chain in the Solana program in a single instruction.

Circom 2.0 snarkjs Groth16 Anchor Keccak-256 MiMC Hash

Merkle Tree Commitments

Deposits are hashed into a 20-level on-chain Merkle tree. The tree root is used to verify membership without revealing which leaf.

Nullifier Double-Spend Protection

Every withdrawal emits a nullifier hash. The program rejects any proof whose nullifier was already used — preventing double spends at the contract level.

Relayer-Assisted Withdrawals

An optional relayer submits the withdrawal transaction so your destination address never needs to interact with the contract directly — breaking the fee-payer link too.

User Wallet
Sends fixed denomination
↓ deposit tx
Merkle Tree (on-chain)
Commitment inserted → root updated
↓ secret note saved locally
ZK Proof Generated
In-browser · Groth16 · Circom
↓ proof + nullifier submitted
Solana Program Verifies
Nullifier stored · funds released
↓ withdrawal tx
Clean Destination Wallet
No on-chain link to depositor
User Journey

From source wallet to clean funds

Six moments. No custodian. No trust required.

Your action Protocol response
01
Connect Wallet
YOU Open the app. Connect Phantom or any Solana wallet.
PROTOCOL No account. No KYC. Wallet address is your only identity.
02
Choose Pool
YOU Pick a fixed denomination — 0.1 SOL or 1 SOL.
PROTOCOL Equal amounts make every deposit indistinguishable. Anonymity set at its max.
03
Deposit
YOU Approve the transaction. Your secret note is generated in-browser.
⚠ Save note — no recovery possible
PROTOCOL Commitment inserted into on-chain Merkle tree. Root updated.
04
Wait
YOU Store your note offline. Come back hours, days, or weeks later.
PROTOCOL More deposits join. Anonymity set grows. Time gap defeats timing correlation.
05
Withdraw
YOU Paste your note + a fresh destination address. No fees needed.
PROTOCOL Groth16 ZK proof built in-browser. Relayer submits. Program verifies on-chain.
06
Receive ✓
YOU Funds arrive in your clean wallet. Zero link to the original address.
PROTOCOL Nullifier stored on-chain. Double-spend blocked forever. Link broken.
FAQ

Common questions

Everything you need to know before making your first private transaction.

What exactly is SilentPay and how does it differ from a mixer?
SilentPay is a non-custodial, trustless privacy protocol built on Solana. Unlike centralised mixers, there is no operator who holds your funds. Your deposit goes directly into a smart-contract-controlled vault, and withdrawal requires a valid zero-knowledge proof — no one can steal, censor, or trace your transaction. The math enforces privacy, not a trusted third party.
What is a "secret note" and why is it so important?
When you deposit, a secret note is generated entirely inside your browser — it never touches any server. The note contains a secret scalar and a nullifier that cryptographically prove you own a deposit in the pool. If you lose the note, your funds are permanently inaccessible — the program has no recovery mechanism by design. Save it to a file, print it, or store it in a password manager. Never share it.
Can my deposit be traced on-chain?
The design goal is that the on-chain link between deposit and withdrawal is computationally infeasible to find, because the zk-SNARK proof reveals only that the withdrawer owns some valid leaf in the Merkle tree — not which leaf. The larger the anonymity set (number of deposits in the pool), the stronger the privacy guarantee. Note: metadata privacy (IP address, browser fingerprint, timing correlation) is outside the scope of the protocol — use Tor or a VPN for full operational security.
Is KYC required? Does SilentPay collect any data?
No KYC. No accounts. No email. The protocol is entirely wallet-based — you connect a Solana wallet and interact directly with the on-chain program. The only data stored is what you save locally (your deposit history and secret notes). The relayer sees the proof and destination address but has no way to link them to your deposit wallet.
Why are deposits fixed denominations only?
Fixed denominations are fundamental to the privacy model. If deposits could be arbitrary amounts, an observer could correlate a deposit of an unusual amount (e.g. 3.7182818 SOL) with a matching withdrawal. Standardised amounts mean every deposit in a pool is indistinguishable from the others — maximising the anonymity set.
What is the relayer and do I have to trust it?
The relayer is an optional service that submits withdrawal transactions on your behalf so your destination wallet never needs SOL to pay fees. The relayer cannot steal funds — it only submits your pre-signed proof, and the program verifies the proof independently. At worst, a malicious relayer can refuse to relay (censor), but you can always fall back to submitting the proof yourself directly.
Is the code audited? Is it safe to use on mainnet?
A comprehensive internal audit was completed in February 2026. Several critical and high-severity issues were identified and are currently being remediated. SilentPay is not yet deployed on mainnet — you are using devnet only. Do not send real funds until the mainnet launch is officially announced. The audit report is available for review.
What is the zk-SNARK proof scheme used and how fast is it?
SilentPay uses Groth16, compiled with Circom 2.0 and proved with snarkjs. Proof generation runs entirely in the browser using WASM and typically takes 1–8 seconds depending on your device. Proof verification on-chain is constant time (~200k compute units on Solana) regardless of tree depth. The trusted setup was generated with pot12_final.ptau and withdraw_final.zkey.