Protocol Deep Dive
On-chain smart contract architecture and reference
Protocol Deep Dive
The Priv protocol consists of four interconnected Solana programs built on the Anchor framework, designed to enable private payments and escrow functionality. All programs are deployed on devnet and work together to provide a comprehensive stealth payment system.
Program Overview
Core Programs
| Program | Program ID | Purpose |
|---|---|---|
| Ghost Registry | GYkaCmNsSBYpsfrBwxsPbR5dPhcpqVguiWSNg23NdD2H | Manages stealth meta-addresses and payment announcements |
| Payment Escrow | DkpPVJVzT6fpc7NqCdUbhAA1NPVp996Z8W8ikUqXhKo8 | Simple escrow with claim hash verification |
| Multisig Escrow | 8QUdvFopS9nukXFZ8gCVheQ9DEHsqEhiXWvMKSzdEbm3 | Multi-signature approval escrow system |
| Conditional Escrow | 2FqiStCQC47NiQZTsvJf2KvhtLfdjPCXrD9sQLwjS2aU | Milestone-based escrow with partial releases |
Architecture Overview
Stealth Payment Flow
- Meta-Address Registration: Users register their stealth meta-addresses (spend + view keys) via Ghost Registry
- Payment Creation: Senders create escrow payments using one of the three escrow programs
- Stealth Announcement: Ghost Registry creates on-chain announcements for stealth payments
- Claim Process: Recipients use claim secrets to unlock escrowed funds
Domain-Separated Claim Hashing
All escrow programs use the same claim hash verification system:
let domain = b"priv_claim";
let computed_hash = hashv(&[domain, &claim_secret]);
require!(computed_hash.to_bytes() == escrow.claim_hash);This ensures claim secrets are domain-separated and cannot be reused across different contexts.
Program Interactions
Ghost Registry ↔ Escrow Programs
- Ghost Registry handles meta-address management and stealth payment announcements
- Escrow Programs handle the actual token custody and claim verification
- Both systems work independently but are designed to complement each other
Token Interface Compatibility
All programs use SPL Token-2022 compatible interfaces via Anchor's token_interface, ensuring compatibility with:
- SPL Token (legacy)
- SPL Token-2022
- Token Extensions
Fee Structure
- Payment Escrow: Configurable fee (basis points) set by protocol admin
- Multisig Escrow: Uses same configurable fee system as Payment Escrow
- Conditional Escrow: Fixed 2.5% fee (250 basis points) hardcoded per milestone
Security Features
PDA-Based Authority
All programs use Program Derived Addresses (PDAs) for secure account management:
- Deterministic account addresses
- Program-controlled signing authority
- Prevents unauthorized access
Expiry Protection
All escrow types include expiry timestamps:
- Prevents indefinite token lockup
- Allows refunds after expiration
- Protects both creators and recipients
Access Controls
- Owner-only operations: Meta-address updates, escrow refunds
- Approver verification: Multisig escrow approval tracking
- Creator authorization: Milestone release permissions
Account Structure
All accounts use Anchor's 8-byte discriminator prefix for type safety and include bump seeds for PDA verification. See the Account Structures page for detailed byte layouts.
Error Handling
Each program defines comprehensive error codes for all failure scenarios. See the Error Codes page for the complete reference.
Next Steps
Explore the individual program documentation:
- Ghost Registry - Meta-address and announcement management
- Payment Escrow - Simple hash-locked payments
- Multisig Escrow - Multi-signature approval system
- Conditional Escrow - Milestone-based payments