X25519 Public Key Registration

Registering your X25519 public key to enable encrypted token account visibility and receive confidential transfers

Before you can receive confidential transfers or view your Encrypted Token Account (ETA) balances, you must register your X25519 public key on-chain. This registration enables other users and the MPC network to encrypt data specifically for you.

Why Registration is Required

The X25519 Keypair is used for Diffie-Hellman key exchange-deriving shared secrets with other parties. For someone to encrypt data for you (whether it's a transfer amount or MPC computation result), they need your public key.

Without registration:

No one can look up your X25519 public key
Senders cannot encrypt transfer amounts for you
The MPC cannot encrypt computation results for you
You cannot receive ETA transfers

What Gets Registered

Field	Description
X25519 Public Key	Your 32-byte Curve25519 public key
Associated L1 Address	The Solana address this key is registered under

The registration creates an on-chain mapping from your L1 address to your X25519 public key, allowing anyone to look up the correct encryption key for sending you confidential transfers.

Registration Process

Step 1: Generate Your X25519 Keypair

If you haven't already, generate your X25519 keypair. This can be done:

Method	Description
Deterministically	Derive from your master seed or L1 private key
Randomly	Generate independently for information-theoretic security

For details on key generation approaches, see X25519 Keypair.

Step 2: Submit Registration Transaction

Call the RegisterX25519Pubkey instruction with your public key:

Step 3: Verification

After registration, your X25519 public key is stored on-chain and can be queried by:

Other users wanting to send you confidential transfers
The Arcium MPC network for encrypting computation results
Any application integrating with Umbra

Capabilities Unlocked

Once your X25519 public key is registered, you gain the following capabilities:

Capability	Description
Receive ETA Transfers	Others can send you confidential transfers with encrypted amounts
View ETA Balances	Derive the shared secret with MXE to decrypt your balances
MPC Communication	Receive encrypted results from MPC computations
Peer-to-Peer Encryption	Establish shared secrets with other registered users

What You Still Cannot Do

Registration of X25519 alone does not enable:

Capability	Required Registration
Receive mixer UTXOs	User Commitment Registration
Interact with mixer pool	User Commitment Registration
Spend mixer UTXOs	User Commitment Registration

If you only need confidential transfers (ETA ↔ ETA) and don't need the anonymity provided by the mixer pool, X25519 registration alone is sufficient.

Security Considerations

Key Custody

Consideration	Recommendation
Private Key Storage	Never expose your X25519 private key
Backup	Ensure private key is backed up (or derivable from master seed)
Compromise Impact	If compromised, attacker can see your ETA balances but cannot steal funds

Registration Immutability

Once registered, your X25519 public key is associated with your L1 address. Key rotation is not currently a supported protocol operation. If your X25519 private key is compromised:

Your ETA balance visibility is compromised
You can still control funds via your L1 key
Consider migrating to a new L1 address with fresh keys

Relationship to Other Registrations

X25519 registration is independent from User Commitment registration:

Registration	Purpose	Can Be Done Alone?
X25519 Only	ETA-only usage, confidential transfers	Yes
Commitment Only	Mixer-only usage (unusual)	Yes
Both	Full Umbra functionality	Yes (recommended)

Summary

Aspect	Details
Purpose	Enable ETA visibility and receiving confidential transfers
What's Registered	X25519 public key (32 bytes)
Enables	ETA transfers, balance visibility, MPC communication
Does Not Enable	Mixer interactions (requires User Commitment)
Security	Compromise affects visibility only, not fund control

On this page