Contents

CLOAK LABS DOCUMENTATION

Cloak Protocol

Cloak is a part of Solana's privacy layer and is meant to be used by people who don't want the entire world seeing what they do with their finances. Nobody wants to be watched with every action they make on chain neing public for all to see, Cloak enables you to keep your life private, Anonymous the way it should be, and Cryptocurrency the way it was meant to be.

Cloak enables confidential transfers using zero-knowledge proofs (zk-SNARKs) and Merkle-tree commitments.

Users can shield and unshield SOL — moving between public and private states without leaving any traceable link.

You can even send privately to another user anywhere on solana, with the recipient receiving funds from "the void" — never knowing who sent it to them to ensure complete privacy.

What Is the Void Pool?

The Void Pool is the beating heart of Cloak — a shared vault of anonymized funds. Your SOL enters the pool, mixes with everyone else's, and comes out untraceable.

Think of it as a cryptographic masquerade:

  • You walk in wearing your public identity
  • You get a mask (commitment)
  • Inside, everyone looks identical — whether it's someone's mom shielding 1 SOL or a whale hiding a fortune, the deposits are indistinguishable.
  • You exit in new, unlinkable clothes, leaving no trace of who you were or what you carried.

CommitmentAccount:

  • Created for every deposit
  • Contains encrypted output only you can decrypt
  • Publicly visible, but meaningless without your key
  • This also prevents duplicate-deposits

NullifierAccount:

  • Marks deposits as used
  • Prevents double-withdrawals
  • Immutable and verifiable

TreeTokenAccount — The Vault:

  • Holds all user SOL collectively
  • No one (including admins) can extract funds without valid proofs that only your wallet can create.

GlobalConfig — The Rulebook:

  • deposit_fee_rate: 0%
  • withdrawal_fee_rate: 0.25%
  • max_deposit: 1000 SOL
  • Controlled by multisig governance

Introduction

What is Cloak?

Cloak is part of Solana's privacy layer — built for people who don't want to be tracked. No one likes a stalker. Cloak makes sure you don't have one.

We give you a way to send and receive SOL without leaving a public trace that ties everything back to your wallet. It's fast, decentralized, and invisible — the way privacy should feel.

Why use Cloak?

If you don't want your financial activity mapped by data brokers, state agencies, or scammers, Cloak acts as a private intermediary between your wallet and the chain.

With almost no setup and just a few extra seconds of delay, you can protect yourself from:

  • Revenue agencies and forensic trackers
  • Targeted marketing firms
  • Wallet scrapers and stalkers
  • Opportunistic scammers

Cloak lets you blend into the flow instead of standing out.

What makes Cloak different?

Cloak is designed to stay true to what crypto was meant to be — controlled by the people.

  • Run your own relayer: Anyone can host a relayer. You don't have to trust the default one.
  • The Void Vault: Everyone deposits uniform amounts into a shared pool — making all transfers look the same.
  • Volume bots: Constant background flow hides individual deposits in the noise.
  • Private withdrawals: Withdrawals are executed by relayers, unlinkable to deposit addresses.

"Wait, more privacy = more money?" — You

When you deposit into the Cloak pool, your SOL is automatically staked via liquid staking, earning APY while it sits anonymized.

That means you'll often withdraw more than you deposited, even while staying completely private.

*minus gas fees

*Cloak does not provide security guarantees for modified relayers.

Data Structures and Accounts

MerkleTreeAccount — The Void's Memory

  • Tracks every deposit in a Merkle tree
  • Keeps recent roots for proof validation
  • Records up to 67M deposits
  • Prevents tampering and allows historical verification

CommitmentAccount — Your Secret Receipt

  • Created for every deposit
  • Contains encrypted output only you can decrypt
  • Publicly visible, but meaningless without your key

NullifierAccount — "Already Spent" Marker

  • Marks deposits as used
  • Prevents double-withdrawals
  • Immutable and verifiable

TreeTokenAccount — The Vault

  • Holds all user SOL collectively
  • No one (including admins) can extract funds without valid proofs

GlobalConfig — The Rulebook

  • deposit_fee_rate: 0%
  • withdrawal_fee_rate: 0.25%
  • max_deposit: 1000 SOL
  • Controlled by multisig governance

Operations

Entering the Void (Shielding)

Generate a commitment

  • Combines your secret key + deposit amount + random salt
  • Produces a unique hash = your masked identity

Deposit SOL

  • Funds move from your wallet to the Void Pool
  • CommitmentAccount is created
  • Merkle tree updates with a new root

Update the Pool

  • The new state of the Void is recorded
  • You get an encrypted receipt (only you can decode it)

From the outside: "Someone deposited 10 SOL."

Not visible: who, when, or which deposit is theirs.

Exiting the Void (Unshielding)

Discover your deposit

  • Wallet locally scans all notes
  • Only your key can decrypt your own commitments

Verify unspent

  • Checks if your nullifier already exists
  • Ensures your deposit is still valid

Apply the 2-in, 2-out rule

  • Every withdrawal uses 2 inputs and 2 outputs
  • Keeps all transactions uniform

Create new commitments

  • One output for your change
  • One dummy output (maintains structure)

Generate Proof

  • Prove ownership, correctness, and non-double-spending
  • Without revealing which deposit is yours

Execute

  • Proof verified on-chain
  • Withdrawal completed via relayer

On-chain view: "Someone withdrew 7 SOL from the Void Pool."

Invisible: that it was you, when, or how much you still hold.

Privacy Architecture

The Five Pillars of Cloak

1 Commitment Hiding

Deposits are hashed — irreversible and unlinkable.

2 Uniform Transaction Structure

Every transaction looks identical: 2 inputs, 2 outputs.

3 Zero-Knowledge Proofs

Prove validity without revealing identity or history.

4 Encrypted UTXOs

Each deposit is locked to your key only.

5 Nullifier System

Prevents reuse — every spent note is permanently marked.

Use Cases

Scenario Problem Cloak Solution
Business Payments Competitors track supplier payments Concealed treasury operations
Personal Privacy Publicly visible wallet balances Private storage and transfers
Anonymous Donations Public links to sensitive causes Undetectable giving
DeFi Strategies Copy-trading frontrunners Hidden portfolio reallocations
Payroll Reveals employee salaries Private bulk distribution

Security

  • Double-Spend Prevention: Nullifiers mark spent deposits permanently.
  • Front-Running Protection: ExtData hashes bind recipients.
  • Historical Root Verification: Pool stores 100 prior roots.
  • Deposit Limits: Max 1000 SOL per deposit.
  • Multisig Admin Controls: No single point of failure.

Under the Hood

Component Purpose Analogy
Groth16 Proofs Fast zk-SNARK verification Milliseconds to check, centuries to fake
Poseidon Hash ZK-optimized hash function Sports car vs truck for racing
BN254 Curve Cryptographic base curve The "language" of ZK math
Merkle Tree (26 levels) Manages 67M deposits Library index for proofs

Protocol Economics

Operation Fee Description
Deposit 0% Free entry
Withdraw 0.25% Supports relayers and protocol
Gas < $0.01 Standard Solana cost

FAQ & Glossary

Can Cloak be tracked?

No. Deposits and withdrawals are unlinkable by design.

Can Cloak steal my funds?

No. The contracts are immutable and audited.

What if I lose my keys?

Funds are unrecoverable. Always back up securely.

Is Cloak legal?

Yes — privacy is a right. Follow your local laws.

How does Cloak make money?

Through staking yield and minimal withdrawal fees.

Cloak Labs - Privacy for everyone on Solana. Built with zero-knowledge proofs and open-source principles.

SOLLoading...
© 2025 Cloak Labs. All rights reserved.