Umbra PrivacyCreating UTXOs from Public Balance
Deposit funds from a public Associated Token Account (ATA) into Umbra's Unified Mixer Pool to begin using anonymous UTXO-based transfers on Solana.
Depositing from a public Associated Token Account (ATA) into the Unified Mixer Pool is the entry point for users seeking transaction anonymity. This operation converts visible, traceable funds into anonymous UTXOs within the shielded pool.
Overview
When you deposit from an ATA, your funds enter the mixer pool as a UTXO (Unspent Transaction Output). The deposit amount is visible on-chain (it's coming from a public account), but once inside the pool, the UTXO becomes indistinguishable from all other UTXOs.
Privacy Characteristics
| Aspect | Visibility |
|---|---|
| Deposit Amount | Visible (coming from public ATA) |
| Depositor Address | Visible (your L1 address) |
| UTXO After Deposit | Anonymous (indistinguishable in pool) |
| Withdrawal | Unlinkable to this deposit (after mixing delay) |
UTXO Structure
When creating a UTXO, you must specify several fields:
| Field | Description |
|---|---|
| Amount | The value being deposited |
| Random Secret | Entropy making each UTXO commitment unique |
| Unlocking Address | User Commitment of who can spend |
| Destination Address | L1 address where funds go when burned |
| Nullifier Data | Information for deriving the nullifier on spend |
The Unlocking Address and Destination Address are particularly important-they determine who can spend the UTXO and where the funds ultimately go.
Setting the Unlocking Address
The unlocking address determines who can spend the UTXO. You have two strategies depending on whether the recipient is registered with Umbra.
Strategy 1: Registered Recipient (Maximum Anonymity)
If the recipient has registered their User Commitment:
| Aspect | Details |
|---|---|
| Unlocking Address | Recipient's registered User Commitment |
| Destination Address | Recipient's L1 address |
| Who Burns | Recipient (when they choose) |
| Anonymity | Maximum-recipient is part of the full anonymity set |
This is the preferred approach for maximum privacy. The recipient becomes part of the entire mixer's anonymity set.
Strategy 2: Non-Registered Recipient (Ephemeral Keys)
If the recipient hasn't registered with Umbra, you can still send them funds using ephemeral keys:
| Aspect | Details |
|---|---|
| Unlocking Address | Ephemeral User Commitment (generated by sender) |
| Destination Address | Recipient's L1 address |
| Who Burns | Sender (on recipient's behalf) |
| Anonymity | Reduced-sender knows the link |
For a detailed comparison of these strategies, see Unlocking Address Strategies.
Deposit Flow
Step 1: Prepare UTXO Data
Gather all required fields for the UTXO:
Step 2: Compute UTXO Commitment
Hash all UTXO fields using Poseidon to create the commitment that will be stored in the Merkle tree. The commitment includes the amount, random secret, unlocking address, destination address, and other fields.
Step 3: Submit Deposit Transaction
Step 4: Wait for Mixing Delay
After deposit, a mixing delay must pass before the UTXO can be burned. This delay is critical for anonymity-it allows many deposits to accumulate, creating a larger anonymity set.
The Mixing Delay
Why It's Required
Without a delay, timing analysis could link deposits to withdrawals:
| Without Delay | With Delay |
|---|---|
| Alice deposits 100 | Alice deposits 100 |
| Alice withdraws 100 immediately | Bob deposits 100 |
| Observer links Alice's deposit to withdrawal | Carol deposits 100 |
| (Time passes) | |
| Someone withdraws 100 | |
| Observer cannot link to specific depositor |
How Long to Wait
| Strategy | Anonymity Level |
|---|---|
| Minimum delay | Protocol-enforced minimum |
| Longer wait | Larger anonymity set (more deposits accumulated) |
| Variable timing | Adds unpredictability |
The longer you wait beyond the minimum, the more UTXOs enter the pool, increasing your anonymity set.
Technical Details
Instruction: DepositFromATA
| Parameter | Description |
|---|---|
| depositor | Sender's L1 address (signer) |
| amount | Amount to deposit (visible) |
| utxo_data | Serialized UTXO fields |
| merkle_tree | Target Merkle tree account |
On-Chain Effects
| Change | Description |
|---|---|
| ATA Balance | Decremented by deposit amount |
| Merkle Tree | New leaf appended (UTXO commitment) |
| Merkle Root | Updated to reflect new leaf |
| Timestamp | Recorded for mixing delay enforcement |
Storage
| Data | Location |
|---|---|
| UTXO Commitment | Merkle tree leaf (on-chain root, off-chain leaves) |
| Full UTXO Data | Off-chain (indexed) |
| Deposit Event | On-chain event log |
Privacy Considerations
What's Revealed at Deposit
| Information | Visibility | Mitigation |
|---|---|---|
| Depositor Address | Public | Use intermediate wallet |
| Deposit Amount | Public | Use common amounts |
| Deposit Time | Public | Deposit at random times |
| Token Mint | Public | Inherent to token type |
Improving Deposit Privacy
| Technique | Description |
|---|---|
| Common Amounts | Deposit round numbers (10, 100, 1000) that many others use |
| Intermediate Wallet | Fund a fresh wallet, then deposit to break the chain |
| Random Timing | Don't deposit immediately after receiving funds |
| Multiple Deposits | Split into smaller deposits over time |
After Mixing Delay
Once the mixing delay passes and you burn the UTXO, no observer can determine:
- Which depositor you were
- When you originally deposited
- The original source of your funds
The burn is completely unlinkable to any specific deposit.
Self-Deposit vs. Sending
Self-Deposit
Depositing for yourself:
| Field | Value |
|---|---|
| Unlocking Address | Your User Commitment |
| Destination Address | Your L1 Address |
| Who Burns | You |
Sending to Another User
Depositing for someone else:
| Field | Value |
|---|---|
| Unlocking Address | Recipient's Commitment (or ephemeral) |
| Destination Address | Recipient's L1 Address |
| Who Burns | Recipient (or you, if using ephemeral) |
Error Conditions
| Error | Cause | Resolution |
|---|---|---|
| Insufficient Balance | ATA balance < deposit amount | Ensure sufficient funds |
| Invalid Commitment | Malformed unlocking address | Verify commitment computation |
| Tree Full | Current Merkle tree at capacity | Use next available tree |
| Invalid Amount | Amount out of valid range | Use valid amount |
Summary
| Aspect | Details |
|---|---|
| Source | Associated Token Account (ATA) |
| Destination | Unified Mixer Pool (UTXO) |
| Deposit Visibility | Amount and depositor visible on-chain |
| UTXO Privacy | Anonymous after mixing delay |
| Unlocking Address | Recipient's commitment or ephemeral |
| Destination Address | Recipient's L1 address |
| Mixing Delay | Required before burn |
| Best For | Breaking transaction links from public funds |
Confidential-Only Transfers
Execute direct encrypted transfers between Encrypted Token Accounts (ETAs) or to public ATAs without using the mixer pool for fast confidential payments.
Creating UTXOs from Encrypted Balance
Deposit funds from an Encrypted Token Account (ETA) into Umbra's Unified Mixer Pool to gain transaction anonymity while keeping amounts confidential.