Umbra PrivacyUnified Mixer Pool
The unified privacy infrastructure that enables anonymous transactions through an append-only Merkle tree of UTXOs.
The Unified Mixer Pool is Umbra's core anonymity infrastructure-a shared on-chain pool where all shielded transactions are recorded within an append-only Merkle tree structure. The mixer enables users to break the on-chain link between their public identity and their assets.
The unified nature of this pool means that every transaction contributes to the collective privacy of all users. When you deposit into the mixer, your funds become indistinguishable from all other funds in the pool. When you burn (spend) a UTXO, no observer can determine which specific deposit you're spending.
Architecture Overview
The mixer pool consists of three primary components:
- UTXO Commitments - Hashed representations of unspent transaction outputs stored as leaves in the Merkle tree
- Merkle Tree - An append-only tree structure that provides efficient membership proofs
- Nullifier Set - An on-chain record of all spent UTXOs to prevent double-spending
The Merkle Tree Structure
All UTXO commitments are appended to an Incremental Merkle Tree. This structure allows the protocol to efficiently verify that a UTXO exists without revealing which specific UTXO is being referenced.
| Property | Value |
|---|---|
| Tree Depth | 20 levels |
| Leaves per Tree | Up to (approximately 1 million) |
| Number of Trees | Up to trees |
| Structure | Append-only (leaves are never modified or removed) |
| Root Storage | On-chain |
| Leaf Storage | Off-chain (maintained by indexers) |
The Merkle root is stored on-chain, providing cryptographic proof of the tree's state. The complete state of all leaves and intermediate nodes is maintained off-chain by indexers. This hybrid approach balances on-chain security with off-chain scalability.
UTXO Concept
A UTXO (Unspent Transaction Output) represents a discrete unit of value locked in the mixer pool. Each UTXO contains:
- Amount - The value locked in the UTXO
- Random Secret - Entropy that makes each UTXO commitment unique
- Nullifier Data - Information used to derive the nullifier when spending
- Public Metadata - Additional data required by the protocol
The exact structure of a UTXO is detailed in a separate page. What's important to understand here is that each UTXO has two critical address fields:
Unlocking Address (User Commitment)
The Unlocking Address is a User Commitment-a cryptographic hash that binds together the owner's L1 Key, Shielded Spending Key, and Master Viewing Key.
Only someone who knows all the preimages of this User Commitment can burn the UTXO. This is proven inside a zero-knowledge proof without revealing any of the actual keys.
Destination Address
The Destination Address is an L1 public key (Ed25519) that specifies where the funds go when the UTXO is burned.
When a UTXO is burned, the funds are released to this destination address. The destination address is fixed at deposit time and cannot be changed afterward.
Relationship Between Addresses
| Scenario | Unlocking Address | Destination Address |
|---|---|---|
| Self-deposit | Your User Commitment | Your L1 Address |
| Send to another user | Recipient's User Commitment | Recipient's L1 Address |
| Mixed scenario | Your User Commitment | Different L1 Address |
The unlocking address and destination address are independent-they can be the same or different depending on the use case. However, the destination address is always determined at the time of deposit and cannot be modified.
Deposit Flow
When depositing funds into the mixer pool:
-
Sender creates a UTXO with:
- The recipient's User Commitment as the unlocking address
- The recipient's L1 address as the destination address
- The amount, random secret, and other required fields
-
UTXO commitment is computed - A hash of all UTXO fields
-
Commitment is appended to the Merkle tree
-
Merkle root is updated on-chain
The deposit can come from either:
- A public token account (ATA) - deposit amount is visible on-chain
- An Encrypted Token Account (ETA) - deposit amount is hidden
Burning (Spending) a UTXO
To spend a UTXO, the owner must generate a zero-knowledge proof demonstrating:
- Membership - The UTXO commitment exists in the Merkle tree (without revealing which one)
- Ownership - Knowledge of all preimages of the unlocking address (User Commitment)
- Nullifier correctness - The nullifier was correctly derived from the UTXO and Shielded Spending Key
Nullifier Prevention
When a UTXO is burned, its nullifier is published on-chain and added to the nullifier set. The nullifier is derived deterministically from the UTXO data and the owner's Shielded Spending Key using Poseidon PRF.
If someone attempts to burn the same UTXO twice:
- They must produce the same nullifier (it's deterministic)
- The protocol checks the nullifier set
- The duplicate nullifier is rejected
This prevents double-spending while preserving privacy-the nullifier reveals nothing about which UTXO was spent.
Privacy Guarantees
The mixer pool provides the following privacy guarantees:
| Property | Guarantee |
|---|---|
| Sender Anonymity | Cannot determine who deposited a specific UTXO |
| Recipient Anonymity | Cannot determine who can spend a UTXO |
| Amount Privacy | Hidden when depositing from ETA |
| Transaction Unlinkability | Cannot link deposits to burns |
| Forward Privacy | Past transactions remain private even if keys are later compromised |
The anonymity set is the entire pool-every UTXO in the Merkle tree is a potential candidate for any burn transaction. As more users participate, the anonymity set grows, strengthening privacy for everyone.
Comparison: Mixer Pool vs. Encrypted Token Accounts
Umbra provides two complementary privacy layers:
| Feature | Mixer Pool | ETAs |
|---|---|---|
| Privacy Type | Anonymity (hidden identity) | Confidentiality (hidden amounts) |
| Ownership | Hidden via User Commitment | Visible on-chain |
| Control Key | Shielded Spending Key + MVK | L1 Key |
| Visibility Key | X25519 (to find UTXOs) | X25519 (to decrypt balances) |
| Use Case | Breaking transaction links | Private balances |
Users can move funds between these layers depending on their privacy needs.
Summary
| Aspect | Details |
|---|---|
| Structure | Append-only Merkle tree of UTXO commitments |
| Tree Depth | 20 levels per tree |
| Max Trees | |
| Unlocking Address | User Commitment (determines who can burn) |
| Destination Address | L1 public key (determines where funds go) |
| Double-Spend Prevention | Nullifier set stored on-chain |
| Anonymity Set | All UTXOs in the pool |
| Root Storage | On-chain |
| Leaf Storage | Off-chain (indexers) |
Encrypted Token Accounts (ETA)
Discover Encrypted Token Accounts - Umbra's core privacy primitive that hides balances and transfer amounts while maintaining full Solana composability.
Hybrid UTXO + Account Model
How Umbra combines UTXO-based anonymity with account-based composability for the best of both worlds.