Security & Privacy

Priv implements a privacy-preserving payment protocol on Solana that protects recipient identity while maintaining transparency where needed. Our security model balances strong cryptographic guarantees with practical usability and regulatory compliance.

Core Security Principles

Defense in Depth

Priv's security architecture layers multiple protective mechanisms:

• Cryptographic isolation: Each payment uses fresh ephemeral keys
• Domain separation: Different hash contexts prevent cross-protocol attacks
• Constant-time operations: Secret comparisons use XOR-reduce to prevent timing attacks
• Minimal trust assumptions: No trusted setup or central authorities required

Standard Cryptographic Primitives

We exclusively use well-established, audited cryptographic primitives:

• Ed25519 for digital signatures and public key operations
• X25519 ECDH for shared secret derivation
• SHA-256/SHA-512 for hashing with domain separation
• AES-256-GCM for authenticated encryption

All implementations come from the audited @noble/curves and @noble/hashes libraries, which are pure JavaScript with no native dependencies.

Stealth Address Privacy

Priv's stealth address system ensures that:

• Recipients can receive payments without revealing their identity
• Only the recipient (with their view key) can detect incoming payments
• Payment metadata is encrypted and unreadable to observers
• Each payment creates a unique, unlinkable on-chain address

What Priv Protects

Recipient Privacy: Stealth addresses are mathematically unlinkable to meta-addresses without the recipient's view key. An observer cannot determine who received a payment.

Payment Discovery: Only holders of the view key can scan the blockchain to identify their incoming payments. This enables selective disclosure for compliance.

Metadata Confidentiality: Payment descriptions and other metadata are encrypted with AES-256-GCM using keys derived from the shared secret.

Gasless Claims: Recipients can claim payments without holding SOL, preventing funding trail analysis.

What Priv Does NOT Protect

Sender Identity: The wallet creating the escrow transaction is visible on-chain. Priv protects recipients, not senders.

Payment Amounts: Token amounts are stored in plaintext in escrow accounts for transparency and auditability.

Payment Existence: The creation of an escrow is visible on-chain, though the intended recipient is hidden.

Timing Analysis: Transaction timing patterns can potentially be analyzed by sophisticated adversaries.

Compliance-Ready Privacy

Priv's architecture supports "compliant privacy" through its dual-key system:

• View keys can be shared with auditors or regulators for transaction discovery
• Spend keys remain private and are required for fund access
• Organizations can prove payment receipts without exposing spending capabilities

This design enables privacy for individuals while supporting institutional compliance requirements.

Security Documentation

Development Status

Priv is currently in active development on Solana devnet. The protocol has undergone internal security review and is preparing for formal external audit before mainnet deployment.

Current Status: Devnet testing and security review Next Steps: External security audit and mainnet preparation Contact: For security-related inquiries, contact security@priv.so

Security Best Practices

When using Priv, follow these security guidelines:

• Backup your keys: Store spend and view keys securely and separately
• Protect spend keys: Never share your spend private key with anyone
• View key sharing: Only share view keys with trusted parties for legitimate compliance needs
• Verify addresses: Always verify recipient meta-addresses before sending payments
• Use official interfaces: Only interact with Priv through official, verified interfaces

The security of your funds depends on proper key management. Priv's cryptographic guarantees are only as strong as your operational security practices.