Privacy-preserving receiving for Solana Name Service (.sol) domains. Accept SOL and tokens through your SNS domain while keeping your primary wallet private.
Hydentity creates a privacy layer between your public .sol domain and your private wallet by:
- Vault Creation - Creates a vault PDA that receives funds on behalf of your SNS name
- Domain Transfer - Optionally transfer domain ownership to the vault for enhanced privacy
- Private Withdrawals - Route withdrawals through Arcium MPC for encrypted destination handling
- Privacy Cash Integration - Use Privacy Cash ZK mixer pool to break on-chain transaction links
- Split & Delay - Randomize amounts and timing to prevent transaction graph analysis
- Encrypted Destinations - Withdrawal destinations are encrypted with MPC, never visible on-chain
- Privacy Cash Routing - ZK mixer pool breaks the link between vault deposits and final destinations
- Randomized Timing - Configurable delays between splits prevent timing analysis
- Split Withdrawals - Funds are split into random amounts across multiple transactions
- Domain Protection - Transfer SNS domain ownership to vault with reclaim capability
+-----------------------------------------------------------------------------+
| USER (Off-chain) |
| - Generate encrypted config with x25519 key exchange |
| - Submit encrypted destinations to Hydentity program |
+-------------------------------------+---------------------------------------+
|
+-------------------------------------v---------------------------------------+
| HYDENTITY PROGRAM (On-chain) |
| +---------------+ +---------------+ +---------------+ +---------------+ |
| | NameVault | | VaultAuthority| | PrivacyPolicy | | EncryptedCfg | |
| | (metadata) | | (holds SOL) | | (split/delay) | | (MPC-only) | |
| +---------------+ +---------------+ +---------------+ +---------------+ |
+-------------------------------------+---------------------------------------+
|
+---------------------------+---------------------------+
| |
+---------v---------+ +---------v---------+
| ARCIUM MPC | | PRIVACY CASH |
| CLUSTER | | ZK MIXER |
| - Decrypts config | | - Breaks tx links |
| - Generates plans | | - Anonymity set |
| - MPC signatures | | - Relayer service |
+-------------------+ +-------------------+
| |
+---------------------------+---------------------------+
|
+-------------------------------------v---------------------------------------+
| DESTINATION WALLETS |
| - Funds arrive at destinations with no on-chain link to source vault |
+-----------------------------------------------------------------------------+
hydentity/
├── programs/hydentity/ # Anchor program (Rust)
│ └── src/
│ ├── lib.rs # Program entrypoint
│ ├── state/ # Account structures
│ │ ├── name_vault.rs # Main vault account
│ │ ├── vault_authority.rs # SOL holder & token authority
│ │ ├── privacy_policy.rs # User privacy settings
│ │ └── encrypted_config.rs # MPC-encrypted config
│ ├── instructions/ # Instruction handlers
│ │ ├── initialize_vault.rs
│ │ ├── withdraw_direct.rs
│ │ ├── store_private_config.rs
│ │ ├── mark_domain_transferred.rs
│ │ └── reclaim_domain.rs
│ ├── errors.rs
│ └── constants.rs
│
├── encrypted-ixs/ # Arcium MPC instructions
│ └── src/lib.rs # MPC circuit definitions
│
├── apps/hydentity-app/ # Next.js frontend
│ └── src/
│ ├── app/ # Pages (dashboard, vault, settings, setup)
│ │ └── api/privacy-cash/ # Privacy Cash API routes
│ ├── components/
│ │ ├── Header.tsx
│ │ ├── VaultCard.tsx
│ │ └── NetworkSwitcher.tsx
│ ├── hooks/
│ │ ├── useHydentity.ts # Core vault hook
│ │ ├── usePrivateConfig.ts # Arcium MPC config
│ │ ├── usePrivacyCash.ts # Privacy Cash integration
│ │ └── useSnsDomains.ts # SNS domain discovery
│ └── contexts/
│ └── NetworkContext.tsx # Network switching
│
├── scripts/ # Deployment scripts
│ └── init-arcium-devnet.ts
│
└── tests/ # Integration tests
- Rust 1.82+ with Solana toolchain
- Node.js 18+
- pnpm 8+
- Solana CLI
- Anchor CLI 0.32+
# Clone the repository
git clone https://github.com/your-org/hydentity.git
cd hydentity
# Install dependencies
pnpm install
# Build the Anchor program
anchor build
# Start the dApp
cd apps/hydentity-app
pnpm devProgram ID (Devnet & Mainnet): 7uBSpWjqTfoSNc45JRFTAiJ6agfNDZPPM48Scy987LDx
# Deploy to devnet
anchor deploy --provider.cluster devnet
# Deploy to mainnet
anchor deploy --provider.cluster mainnet
# Upgrade existing deployment
anchor upgrade target/deploy/hydentity.so --program-id 7uBSpWjqTfoSNc45JRFTAiJ6agfNDZPPM48Scy987LDx# Run Anchor tests
anchor test
# Run app in dev mode
cd apps/hydentity-app && pnpm dev- Connect your wallet containing an SNS domain
- Navigate to Setup and select your domain
- Configure destination wallets (use fresh wallets for privacy)
- Set privacy level (Low/Medium/High)
- Confirm and sign the transaction
- Initialize Privacy Cash - Sign a message to derive your encryption keypair
- Withdraw to Pool - Funds move from vault to Privacy Cash mixer pool
- Private Withdrawal - Withdraw from pool to any destination with no on-chain link
// Example: Withdraw privately via Privacy Cash
const { withdraw } = usePrivacyCash();
// Withdraw from private balance to fresh wallet
await withdraw(amountLamports, 'FreshWalletAddress...');For emergency access, funds can be withdrawn directly:
const { withdrawDirect } = useHydentity();
await withdrawDirect('mydomain', destinationPubkey, amount);Note: Direct withdrawals create a public on-chain link between vault and destination.
| Preset | Splits | Delay Range | Use Case |
|---|---|---|---|
| Low | 1-3 | 1-10 minutes | Quick access, minimal obfuscation |
| Medium | 2-5 | 5-30 minutes | Balanced privacy and convenience |
| High | 3-5 | 2-8 hours | Maximum privacy, longer wait |
| Account | Seeds | Purpose |
|---|---|---|
| NameVault | ["vault", sns_name_account] |
Vault metadata and stats |
| VaultAuthority | ["vault_auth", sns_name_account] |
Holds SOL, token authority |
| PrivacyPolicy | ["policy", sns_name_account] |
Public privacy settings |
| EncryptedConfig | ["encrypted_config", vault] |
MPC-encrypted destinations |
- Vault address and balance
- Domain association (unless transferred)
- Direct withdrawal destinations (if used)
- Destinations configured via Arcium MPC
- Privacy Cash withdrawal destinations
- Individual split amounts and timing
- Link between vault deposits and final destinations (via Privacy Cash)
- Arcium MPC: Distributed trust - no single node can decrypt configurations
- Privacy Cash: ZK proofs ensure withdrawal validity without revealing source
Transfer SNS domain ownership to your vault for enhanced privacy:
// Transfer domain to vault authority (hides original owner)
await transferDomainToVault('mydomain');
// Reclaim domain when needed
await reclaimDomain('mydomain', newOwnerPubkey);Before Transfer: mydomain.sol -> Owned by: YourWallet (visible)
After Transfer: mydomain.sol -> Owned by: VaultAuthority PDA
- Fresh Wallets - Use destination wallets not linked to your identity
- Privacy Cash - Always use Privacy Cash routing for maximum privacy
- Timing Variation - Higher delays make transaction correlation harder
- Domain History - Previous owners may still be visible in historical data
- Direct Withdrawals - Avoid unless necessary; they expose vault-to-destination links
# apps/hydentity-app/.env.local
# RPC endpoints (server-side only, not exposed to browser)
DEVNET_RPC=https://api.devnet.solana.com
MAINNET_RPC=https://your-rpc-endpoint.com
# WebSocket endpoints (can be public, no API keys)
NEXT_PUBLIC_DEVNET_WS=wss://api.devnet.solana.com
NEXT_PUBLIC_MAINNET_WS=wss://api.mainnet-beta.solana.com- Vault creation and management
- Privacy policy configuration
- Domain transfer and reclaim
- Privacy Cash ZK mixer integration
- Mainnet deployment
- Full React frontend with withdrawal UI
- Arcium MPC integration (encrypted config storage)
- SPL token support
- Auto-withdrawal triggers
- Multi-domain vault management
- Mobile UI improvements
MIT License - see LICENSE for details.
- Bonfida SNS SDK - Solana Name Service SDK
- Arcium Network - MPC infrastructure for confidential computing
- Privacy Cash - ZK mixer for Solana