Burning UTXOs to Public Balance

Learn how to withdraw funds from Umbra's Unified Mixer Pool to a public Associated Token Account (ATA) after the mixing delay period completes.

Burning a UTXO to a public balance withdraws anonymous funds from the Unified Mixer Pool into a standard Associated Token Account (ATA). The withdrawal amount becomes visible on-chain, but the source of the funds remains anonymous.

Overview

When you burn a UTXO to an ATA, you're exiting the anonymous mixer pool into the public domain. The critical privacy property is that no observer can link this withdrawal to any specific deposit.

Privacy Characteristics

Aspect	Visibility
Withdrawal Amount	Visible (public ATA)
Recipient Address	Visible (destination address)
Source of Funds	Anonymous (could be any UTXO in pool)
Link to Deposit	Impossible to determine

Prerequisites

Before you can burn a UTXO, several conditions must be met:

Requirement	Description
Unlocking Authority	You must know the preimages of the UTXO's unlocking address
Mixing Delay Passed	Sufficient time since deposit
UTXO Not Spent	Nullifier not already in the nullifier set
Destination Match	Burning to the destination address set at deposit time

Destination Address Constraint

Important: The destination address is fixed at deposit time and cannot be changed. When burning, funds go to the destination address that was specified when the UTXO was created.

The Burn Process

Step 1: Construct the Zero-Knowledge Proof

To burn a UTXO, you must generate a ZK proof demonstrating:

Claim	What You Prove
Membership	The UTXO commitment exists in the Merkle tree
Ownership	You know all preimages of the unlocking address (User Commitment)
Nullifier Correctness	The nullifier is correctly derived from UTXO and Spending Key
Destination Match	The burn outputs to the correct destination address

Step 2: Submit Burn Transaction

Step 3: On-Chain Verification

The Umbra program verifies:

Proof validity - The ZK proof is mathematically correct
Merkle root - The claimed root matches a valid on-chain root
Nullifier uniqueness - The nullifier hasn't been used before
Destination correctness - The destination matches what's in the UTXO

Step 4: Fund Release

Upon successful verification:

Nullifier is added to the nullifier set (preventing double-spend)
Tokens are transferred from the pool to the destination ATA
The UTXO is effectively "spent" (though the commitment remains in the tree)

What the Proof Reveals vs. Hides

Revealed (Public)

Information	Why Revealed
Withdrawal Amount	Required to credit the ATA
Destination Address	Required to route funds
Nullifier	Required for double-spend prevention
Merkle Root	Required to verify membership

Hidden (Private)

Information	Why Hidden
Which UTXO	Core anonymity guarantee
When Deposited	Breaks timing correlation
Who Deposited	Breaks sender-receiver link
Your Keys	Security requirement

Anonymity Analysis

The Anonymity Set

When you burn a UTXO, the anonymity set is all UTXOs in the pool. An observer sees:

Funds arrived at destination ATA
The amount
The transaction time

But they cannot determine which of potentially millions of UTXOs was burned.

Factors Affecting Anonymity

Factor	Impact on Privacy
Pool Size	Larger pool = more anonymity
Time in Pool	Longer wait = more deposits accumulated
Amount Uniqueness	Common amounts = harder to correlate
Timing	Random withdrawal times = harder to correlate

Burning on Behalf of Others

If you used ephemeral keys when creating a UTXO for a non-registered user, you (the sender) will burn the UTXO on their behalf:

Aspect	Details
Who Burns	You (the sender)
Who Receives	Recipient (at destination address)
Recipient's Action	None required-funds appear in their ATA
Privacy for Recipient	They receive anonymous funds

Technical Details

Instruction: `BurnToATA`

Parameter	Description
proof	Zero-knowledge proof of UTXO ownership
nullifier	Derived nullifier for double-spend prevention
merkle_root	The Merkle root being proven against
amount	Withdrawal amount
destination	Destination ATA address

On-Chain Effects

Change	Description
Nullifier Set	Nullifier added (prevents re-spend)
Pool Balance	Decremented by withdrawal amount
Destination ATA	Credited with withdrawal amount

Nullifier Derivation

The nullifier is derived deterministically from UTXO data and your Shielded Spending Key:

The nullifier is computed using the Poseidon PRF with the Shielded Spending Key, UTXO commitment, and randomness as inputs.

This ensures:

Same UTXO always produces the same nullifier
Cannot compute nullifier without the Spending Key
Reveals nothing about the UTXO or keys

Error Conditions

Error	Cause	Resolution
Invalid Proof	Proof verification failed	Check proof generation inputs
Nullifier Already Used	UTXO was already spent	UTXO is gone-cannot spend again
Invalid Merkle Root	Root doesn't match on-chain state	Use current root
Mixing Delay Not Met	Burned too soon after deposit	Wait longer
Destination Mismatch	Trying to burn to wrong address	Must use original destination

Privacy Best Practices

Withdrawal Timing

Practice	Rationale
Wait beyond minimum	Larger anonymity set
Random delays	Avoid timing patterns
Avoid immediate withdraw after deposit	Even after delay, avoid predictability

Amount Considerations

Practice	Rationale
Use common amounts	Harder to correlate with specific deposits
Split large withdrawals	Multiple smaller withdrawals over time
Avoid exact deposit amounts	Don't withdraw exactly what you deposited

Destination Selection

Practice	Rationale
Fresh addresses	No prior transaction history to correlate
Intermediate wallets	Add another layer before final destination

Summary

Aspect	Details
Source	Unified Mixer Pool (UTXO)
Destination	Associated Token Account (ATA)
Amount Visibility	Visible on-chain
Source Anonymity	Hidden-cannot link to any deposit
Proof Required	ZK proof of UTXO ownership
Nullifier	Added to set, prevents double-spend
Destination Constraint	Fixed at deposit time
Best For	Withdrawing to public accounts with anonymity

On this page