Encrypted Token Accounts (ETA)

Discover Encrypted Token Accounts - Umbra's core privacy primitive that hides balances and transfer amounts while maintaining full Solana composability.

In the standard Solana ecosystem, users interact with Associated Token Accounts (ATAs). These accounts are transparent by design: anyone with an explorer can see exactly how many tokens a specific wallet holds and trace every transfer back to its source.

Umbra replaces this transparency with Encrypted Token Accounts (ETAs). An ETA is a private-by-default version of an ATA. It allows for the storage and management of assets on-chain while keeping the underlying amounts shielded from public view. Note: ETAs do not hide ownership metadata (yet).

The Encryption Scheme: Rescue-Based Cipher

To ensure that balances remain private while remaining "MPC-friendly," Umbra utilizes a specialized encryption scheme based on a modified Rescue Cipher.

Rescue is a permutation-based framework designed specifically for algebraic efficiency in zero-knowledge and Multi-Party Computation (MPC) contexts. By using this cipher, the Arcium Network-our decentralized network of MPC nodes-can perform state transitions and balance updates within a confidential execution environment. This allows Umbra to process complex transactions without ever decrypting your data into plaintext on the public ledger.

The shared secret used to key the Rescue Cipher is derived via the X25519 Keypair through a Diffie-Hellman key exchange with the Umbra MXE public key.

Comparing ATAs vs. ETAs

The easiest way to understand an ETA is to compare it to the standard Solana Token Account you use every day.

Feature	Standard ATA	Umbra ETA
Balance Visibility	Public (Plaintext `u64`)	Encrypted (Ciphertext)
Max Amount	$2^{64}$	$2^{64}$ (Stored as encrypted limbs)
State Storage	On-chain	On-chain
Data Requirements	Mint, Owner, Amount	Nonce, Encrypted Balance
Accessibility	Anyone can read the balance	Anyone can fetch the data; only secret holders can decrypt it.

Standard ATA - Transparent

Umbra ETA - Private

How Balances are Stored

While a standard ATA stores a simple number (e.g., 100.00 USDC), an ETA stores your balance as a "black box" that only authorized parties can open. It consists of two critical fields:

The Nonce: A unique, one-time-use value included in the encryption process. This is a critical security feature: it ensures that even if you have two different ETAs containing the exact same amount for the same user, their ciphertexts will look completely different to an outside observer. This randomized output prevents "pattern matching" or frequency analysis attacks.
The Encrypted Balance: A ciphertext variant of your actual balance, encrypted using the Rescue Cipher keyed by a shared secret derived from your X25519 Keypair.

Crucially, these encrypted balances are stored completely on-chain. This means the protocol remains permissionless and censorship-resistant. Anyone can fetch anyone else's ETA data from the Solana ledger, but without the specific shared secret, the data is mathematically impossible to decipher.

Decoupling Ownership and Decryption

In Umbra, it is fundamental to distinguish between Ownership and the Decryption Keypair. These are two distinct cryptographic concepts that serve different purposes.

Ownership: The authority that controls the movement of funds and authorizes transactions. This is controlled by the L1 Interaction Key (Ed25519 keypair) and can be a regular user wallet or a Program Derived Address (PDA).
Decryption Keypair: The X25519 Keypair used to derive the shared secret that controls the visibility of the funds and decrypt the balance ciphertext.

The Importance of Decoupling

Separating these roles provides the architectural flexibility needed for Umbra to support advanced Solana primitives like PDAs. With the correct infrastructure, a program (PDA) can own an ETA and control spending logic, while a separate decryption mechanism ensures the program's internal state remains confidential.

For more details on how these keys work together, see the Key Architecture Overview.

Management Strategies

Depending on the entity type, these components are managed differently:

Entity Type	Ownership	Decryption
Regular Users	L1 Interaction Key	X25519 Keypair (can be derived from L1 key)
Multisigs/DAOs	PDA controlled by multisig	Distributed Key Generation (DKG) or Threshold Decryption
Programs	PDA	Custom decryption scheme

Regular Signers: For ease of use, standard Solana users can deterministically derive their X25519 keypair from their main Solana private key. Once derived, they register the corresponding X25519 Public Key on-chain, allowing the protocol to know which key to use when encrypting incoming funds.
Complex Systems (Multisigs/DAOs): For entities requiring multiple participants, this decoupling allows for powerful, custom setups. A Multisig can implement Distributed Key Generation (DKG) or Threshold Decryption schemes. This ensures that no single individual can decrypt the balance, requiring a quorum of participants to "reveal" the state as per the organization's needs.

Relationship to the Mixer Pool

ETAs provide confidential balances while the Unified Mixer Pool provides anonymity. These are complementary but distinct privacy features:

Feature	Encrypted Token Accounts	Unified Mixer Pool
Privacy Type	Confidential (hidden amounts)	Anonymous (hidden sender/recipient)
Ownership	Visible on-chain	Hidden via User Commitment
Key for Control	L1 Key	Shielded Spending Key + MVK
Key for Visibility	X25519 Keypair	X25519 Keypair (to find UTXOs)

Users can move funds between these layers:

ETA to Mixer: Deposit from your ETA into the mixer pool for anonymity
Mixer to ETA: Burn mixer UTXOs to receive funds in your ETA

Future: Completely Shielded Token Accounts

Umbra is currently working on completely shielded token accounts, which will represent the pinnacle of shielded activity on-chain. These accounts will hide not only the amount and mint information, but also user addresses, providing complete privacy for all transaction metadata.

On this page