Confidex Technical Documentation

Confidex is a confidential decentralized exchange implementing a two-layer privacy architecture using Arcium MPC for encrypted order matching and ShadowWire for private settlement. All order data (price, quantity, side, trader identity) is encrypted on-chain and only decrypted within the MPC cluster for matching.

32 bytes

Ciphertext Size

< 2s

Order Submit

30-60s

MPC Callback

5 per order

Encrypted Fields

Hackathon Prize Alignment

Arcium

MPC order matching with Cerberus protocol

Aztec/Noir

Real ZK compliance verification

ShadowWire

Bulletproof settlement integration

Open Track

Two-layer privacy model (MPC + private settlement)

Two-Layer Privacy Architecture

Confidex uses Arcium MPC as the primary privacy layer - all order data (price, quantity, side, trader identity) is encrypted on-chain. ShadowWire provides private settlement with hidden transfer amounts. ZK eligibility proofs are available as an optional compliance layer for regulated use cases.

Compliance Layer (Noir ZK Proofs)

Prove eligibility without revealing identity

Proof System

Groth16 via Sunspot

Hash Function

Poseidon2

Merkle Depth

20 levels (~1M addresses)

Uses Sparse Merkle Tree non-membership proofs - proves you're NOT on the blacklist without revealing who IS blacklisted.

Execution Layer (Arcium MPC)

Encrypted order matching preventing MEV

Protocol

Cerberus (Dishonest Majority)

Encryption

RescueCipher + X25519

Security

1-of-N honest guarantee

Order prices are encrypted before submission. MPC nodes compare encrypted prices without ever decrypting them - only the boolean match result is revealed.

Settlement Layer (ShadowWire / C-SPL)

Private token transfers and encrypted balances

Primary

ShadowWire (Bulletproofs)

Future

C-SPL (ElGamal)

Fallback

Standard SPL

ShadowWire enables private transfers where amounts are hidden via Bulletproof range proofs. C-SPL will provide fully encrypted on-chain balances.

Light Protocol (Infrastructure)

Cost Optimization

Light Protocol provides ZK Compression for rent-free token accounts, reducing storage costs by ~400x compared to regular SPL accounts. This is an infrastructure optimization, not a privacy layer - amounts remain visible on-chain.

Privacy Level

Partial (amounts visible)

Cost Savings

~400x cheaper storage

ZK Compliance Layer

The eligibility circuit proves blacklist non-membership without revealing the user's address. This enables regulatory compliance (KYC/AML screening) while preserving user privacy.

// circuits/eligibility/src/main.nr
fn main(
    // Public input - stored on-chain
    blacklist_root: pub Field,

    // Private inputs - never revealed
    merkle_path: [Field; 20],
    path_indices: [Field; 20]
) {
    // Verify SMT non-membership by checking path leads to empty leaf
    // The address is derived from path_indices, never passed directly
    let valid = verify_smt_non_membership(
        blacklist_root,
        merkle_path,
        path_indices
    );

    assert(valid, "Address is blacklisted or proof invalid");
    // Proof passes = address NOT on blacklist
}

ZK Infrastructure Status

The complete ZK proving infrastructure is built, tested, and operational. The backend service generates real Groth16 proofs using the following components:

Noir Circuit

v1.0.0-beta.13

Eligibility verification circuit with Poseidon2 hash and SMT depth 20

Sunspot Prover

gnark v0.14.0 (Groth16)

Generates Solana-compatible Groth16 proofs in 3-5 seconds

On-Chain Verifier

9op573D8GuuMAL2...tSNi

Deployed verifier program validates proofs during order placement

Circuit Artifacts

pk: 1.9MB, vk: 716B

Proving/verification keys and compiled constraint system ready

ZK proofs are enabled and fully operational. The backend prover generates real Groth16 proofs using nargo + sunspot. Proofs are verified on-chain by the eligibility verifier program during order placement.

MPC Execution Layer

Arcium's Multi-Party Computation enables encrypted order matching. Prices and amounts are encrypted before submission - the MPC cluster compares them without ever decrypting, preventing front-running and MEV extraction.

MXE Deployment Status (Live)

Spot Trading MXE

Program ID

CJRUcrAFi764GHcPRg1e12Ymw7Nb2ZmrnFoW1k87XJMM

X25519 Public Key

fe955746fa98e3597086eaca87eb248c33de439ad23549c7cdb87b16d3baed72

Circuits

v0.1.0-circuits (6 circuits)

Perpetuals MXE

Program ID

CSTs9KjTmnwu3Wg76kE49Mgud2GyAQeQjZ66zicTQKq9

X25519 Public Key

9163f8e9c1ac55ead26717a6985f09366c46e629d7f1024319ad5f428b4682bf

Circuits

v0.2.0-circuits (13 active circuits)

Cluster

456 (Arcium v0.6.3 devnet)

Deployed

January 30, 2026

Supported MPC Operations

Operation	Inputs	Output	Use Case
ComparePrices	2x encrypted u64	bool	Determine if orders match
CalculateFill	4x encrypted amounts	encrypted + 2 bools	Calculate fill amount
VerifyPositionParams	encrypted collateral/size	bool	Perps position opening
BatchLiquidationCheck	up to 10 encrypted thresholds + mark	bool[10]	V2: Batch liquidation check
CalculatePnL	encrypted size/entry + price	u64 + is_loss bool	Close position / liquidation

V2 Privacy Enhancements

Encrypted Liquidation Thresholds

Prevents entry price reverse-engineering. Previously public thresholds revealed entry via entry ≈ threshold / 0.95

Hash-Based IDs

Order/position IDs are now [u8; 16] hashes instead of sequential u64, preventing activity correlation

Coarse Timestamps

Hour precision (timestamp / 3600 * 3600) reduces temporal correlation attacks

Minimal Order Status

Only Active/Inactive states exposed (was 5 states). Internal is_matching flag for MPC tracking

Settlement Layer

Settlement executes the final token transfers after MPC matching completes. We support multiple settlement providers with automatic fallback for maximum reliability.

ShadowWire

Primary - Live

Bulletproof ZK proofs hide transfer amounts. 1% relayer fee. Supports 17+ tokens.

C-SPL

Future - Q1 2026

Twisted ElGamal encryption for fully encrypted on-chain balances with optional auditor access.

Standard SPL

Active Fallback

Currently used for perpetual collateral transfers. Amounts visible on-chain until C-SPL SDK available.

V2 uses pure ciphertext with no plaintext prefix. All values are fully encrypted and only MPC can access them:

// 64-byte V2 pure ciphertext format
[nonce (16 bytes) | ciphertext (32 bytes) | ephemeral_pk (16 bytes)]

Bytes 0-15:  Nonce             → MPC decryption seed
Bytes 16-47: Ciphertext        → Fully encrypted value
Bytes 48-63: Ephemeral pubkey  → MPC key routing

// No plaintext prefix - complete privacy

MPC handles all comparisons and calculations. Order amounts, prices, and liquidation thresholds are never visible on-chain.

Complete Data Flow

From order placement to settlement, here's how data flows through the three privacy layers:

LIVE DATA FLOW

STEP 1/13

USER FRONTEND

Client-Side Privacy

ZK Proof

Generate eligibility proof

Encrypt

RescueCipher on values

Submit

Place order transaction

Listen

Subscribe to events

ON-CHAIN DEX

Solana Program

Verify ZK

Sunspot CPI (~200K CU)

Store

Create order account

Match

Queue MPC comparison

Callback

Receive MPC results

ARCIUM MPC

Encrypted Computation

Compare

Encrypted price check

Calculate

Encrypted fill amount

Return

Only bool/fill revealed

SETTLEMENT

Private Transfer

ShadowWire

Private token transfer

Complete

Emit TradeExecuted

Standard Operation

Private Settlement

Data Flow

Security Model & Privacy Guarantees

Privacy Guarantees Matrix (V2)

Data	Visibility	Mechanism	Status
User Identity	Private	ZK eligibility proof	Full Privacy
Order Amounts/Prices	Private	V2 pure ciphertext (64 bytes)	Full Privacy
Price Comparison	Private	MPC Cerberus protocol	Full Privacy
Liquidation Thresholds	Private	MPC batch verification	Full Privacy
Position/Order IDs	Private	Hash-based (no sequential leak)	Full Privacy
Timestamps	Coarse	Hour precision only	Full Privacy
Order Status	Minimal	Active/Inactive only (2 states)	Full Privacy
Position Side/Leverage	Public	Required for funding/risk	Necessary
Collateral Amount	Public*	SPL token transfer (C-SPL pending)	Temporary
Settlement	Private	ShadowWire Bulletproofs	Full Privacy

V2 pure ciphertext format: [nonce (16) | ciphertext (32) | ephemeral_pk (16)] — no plaintext prefix
*Collateral uses standard SPL transfer as temporary fallback until C-SPL SDK is available

Threat Mitigations

Front-running Prevention

Order prices encrypted via MPC - validators cannot see prices in mempool

MEV Extraction Prevention

Match results unpredictable until MPC computation completes

Wallet Tracking Prevention

User address never revealed - only ZK proof of eligibility

MPC Collusion Prevention

Cerberus 1-of-N honest model - privacy guaranteed if any single node is honest

Production Readiness

Confidex is production-ready for hackathon demo with real token movements, persistent settlement tracking, and live order book data from the chain.

Production Features (January 2026)

SQLite Settlement Persistence

Crank service survives restarts, no double-settlement possible

Real Order Book from Chain

Fetches V5 orders, aggregates by price level, shows "Live" indicator

Real-Time Trade Feed

Subscribes to settlement logs for live trade updates

MPC Event Callbacks

Frontend receives MPC results via log subscription

Frontend Hooks

Hook	Purpose	Status
useOrderBook()	Real-time order book from chain (V5 orders)	Live
useRecentTrades()	Live trade feed from settlement events	Live
useMpcEvents()	MPC computation tracking and callbacks	Live
useEncryption()	Client-side RescueCipher encryption	Live
useSolPrice()	Pyth oracle price feed	Live

The automated crank service provides production-grade order matching with SQLite persistence:

# Enable crank service
CRANK_ENABLED=true

# Production MPC (default is TRUE as of Jan 2026)
CRANK_USE_REAL_MPC=true

# Configuration
CRANK_POLLING_INTERVAL_MS=5000    # Check for matches every 5s
CRANK_USE_ASYNC_MPC=true          # Production async MPC flow
CRANK_MAX_CONCURRENT_MATCHES=5    # Parallel match attempts
CRANK_DB_PATH=./data/crank.db        # SQLite persistence

# Check crank status
curl http://localhost:3001/admin/crank/status

Program IDs & Accounts

Devnet Program IDs

Confidex DEXCore DEX logic, order management

63bxUBrBd1W5drU5UMYWwAfkMX7Qr17AZiTrm3aqfArB

Spot Trading MXEMPC for spot order matching

CJRUcrAFi764GHcPRg1e12Ymw7Nb2ZmrnFoW1k87XJMM

Perpetuals MXEMPC for perps positions

CSTs9KjTmnwu3Wg76kE49Mgud2GyAQeQjZ66zicTQKq9

Eligibility VerifierGroth16 proof verification

9op573D8GuuMAL2btvsnGVo2am2nMJZ4Cjt2srAkiG9W

Arcium CoreOfficial Arcium program

Arcj82pX7HxYKLR92qvgZUAd7vGS1k4hQvAFcPATFdEQ

Latest Deployment (January 2026)

Deployment Transaction

5R4vHzBE...WaBXC547p

V2 Features Live

• Encrypted liquidation thresholds
• Hash-based position IDs
• Coarse timestamps (hour precision)
• SPL collateral transfer (C-SPL pending)

Pending C-SPL

• Collateral amounts currently visible
• Will use confidential_transfer when available
• Encrypted collateral blob stored for future use

Frequently Asked Questions

Common questions about wallet warnings, privacy features, and trading on Confidex.

This warning is expected for Confidex transactions and does not mean your transaction will fail.

Confidex uses Arcium MPC (Multi-Party Computation) for encrypted order matching. MPC operations require actual network execution and cannot be simulated locally by your wallet.

Your transaction will succeed when submitted to the network.

⚠

Note: Wallet warnings about "simulation failed" are expected for privacy-preserving transactions. Your transactions will succeed when submitted.

Future Implementations

Confidex is continuously improving privacy coverage. These are planned enhancements that will further strengthen the privacy guarantees of the protocol.

Confidential Collateral for Perpetuals

High Priority

Currently, perpetuals collateral transfers use standard SPL tokens, meaning collateral amounts are visible on-chain. This is a temporary fallback while the C-SPL (Confidential SPL) SDK for Rust programs is being finalized.

Current Flow (Temporary)

Wallet Balance (Native USDC)

→SPL Transfer (visible amount)

→Market Collateral Vault

Future Flow (With C-SPL)

Trading Balance (Encrypted C-SPL)

→Confidential Transfer (hidden amount)

→Market Collateral Vault (encrypted)

What's Currently Exposed

• Collateral deposit amount (USDC)
• Collateral withdrawal amount (USDC)
• Margin add/remove amounts

What Remains Private

• Position size (encrypted)
• Entry price (encrypted)
• Liquidation thresholds (encrypted)
• PnL calculations (MPC)

Technical Detail: The C-SPL SDK currently only has JavaScript bindings. Rust programs cannot yet call confidential_transfer. Once the Rust SDK is available, perpetuals will use the same encrypted trading balance as spot trading.

Multi-Asset Perpetuals

Planned

Support for additional perpetual markets beyond SOL-PERP, including BTC-PERP, ETH-PERP, and other major assets with encrypted position management.

Cross-Margin with MPC

Planned

Cross-margin mode where multiple positions share collateral. MPC will handle encrypted aggregate margin calculations without revealing individual position details.

Batch Liquidation Optimization

In Progress

The batch_liquidation_check circuit is currently disabled due to high ACU cost (~4.2B per position). Working on optimizing the circuit to enable efficient batch checking of up to 10 positions per MPC call.

Private Trade History

Planned

Encrypted trade history stored off-chain with client-side decryption. Users will be able to view their complete trading history privately without exposing it on-chain.

Optional Auditor Access

Planned

Selective disclosure feature allowing users to grant read access to auditors or regulators for specific positions. Uses re-encryption to share data without revealing master keys.

Development Priority: C-SPL integration for perpetuals collateral is the highest priority improvement. Timeline depends on the official Rust SDK release from Solana Labs. Other features are planned for post-hackathon development cycles.