Shielded Transactions on the Blockchain
CoCo now has a built-in shielded coin pallet that gives you real privacy. Stealth addresses use ECDH key agreement to hide who receives funds — only the intended recipient can detect and claim incoming transfers. Optional audit trail for regulatory compliance.
The CoCo shielded-coin pallet originally included a Merkle-tree based mixer pool for deposit/withdraw unlinkability. In May 2026, the mixer component was removed to comply with evolving US and international regulatory guidance on anonymity-enhancing technologies in financial infrastructure.
The stealth address system — which provides recipient privacy via ECDH key agreement without a mixing pool — is fully retained. This means:
This change enables CoCo to serve regulated industries — including unions, businesses, and financial institutions — while maintaining meaningful privacy for legitimate use cases.
Any user can register a stealth meta-address consisting of a scan key and a spend key (two public keys generated off-chain). The scan key lets the recipient detect incoming transfers; the spend key authorizes claims. No on-chain link between your public identity and your stealth address.
The sender looks up the recipient's stealth meta-address and constructs an ephemeral output using ECDH key agreement. A view tag allows the recipient to efficiently scan for their outputs without revealing anything to third parties. The funds are held by the pallet until claimed.
The recipient scans on-chain outputs using their scan key. When they find a match, they claim the output by proving the view tag matches. The funds are released to any address they choose. No one else can determine who sent the transfer or who received it.
The shielded anonymizer is necessary to anonymize potential political votes or other sensitive actions. The existing privacy layer can be utilized for all other everyday purposes — payments, payroll, supplier confidentiality, and more.
Deposit into a shared pool, withdraw to a fresh address. No on-chain link connects the two. Each withdrawal uses a unique nullifier that prevents double-spending without revealing which deposit it came from.
ECDH key agreement generates one-time destination addresses per payment. Only the recipient can recognize incoming funds. No public mapping of addresses to recipients.
Each secret produces a unique nullifier on withdrawal. The nullifier is checked against used nullifiers — double-spending is mathematically impossible without revealing the secret.
Accepted denominations (1, 10, 100, 1,000 COCO) prevent amount-based linkability. All deposits of the same denomination are indistinguishable in the pool.
A configurable delay (default 10 blocks) prevents front-running attacks. Deposits and withdrawals cannot happen in the same block, ensuring the Merkle root is stable.
When converting shielded COCO back to transparent, users can optionally provide an audit decryption that proves the source of funds to a regulator. KYC’d businesses can comply without breaking privacy for everyone else.
Root-only emergency function to force-nullify a leaf in the Merkle tree. Used for regulatory compliance or to freeze compromised notes. Transparent governance layer on top of privacy.
The last 100 Merkle roots are stored in a ring buffer, protecting against short-chain re-org attacks. Proofs referencing a recent root remain valid even after a reorganization.
Pay for goods and services without revealing your full transaction history. Shielded COCO breaks the chain of custody that analysts use to track spending.
B2B payments that hide pricing and volume from competitors. Suppliers receive payments via stealth addresses — only the intended recipient knows.
Pay salaries in shielded COCO. Employees withdraw to their personal addresses. Salary amounts and frequency stay private between employer and employee.
Optional audit trail for back-conversion lets regulated businesses prove fund sources to auditors without making all transactions public.
Receive funds without exposing identity. Stealth addresses use on-chain ephemeral keys that only the intended recipient can detect and claim.
Large confidential transfers that would normally be visible on a transparent ledger. Shielded COCO keeps business-sensitive transactions off the public graph.
| Pallet | 18th pallet in the CoCo Substrate runtime (pallet-shielded-coin) |
| Extrinsics | 7 total: deposit, withdraw, register_stealth_address, transfer_stealth, claim_stealth_output, set_denominations, force_nullify |
| Hash Function | Blake2-256 for commitments, nullifiers, and Merkle tree nodes |
| Merkle Tree | Incremental fronti er tree, depth 20 (≈1M deposits), frontier-based O(log n) storage |
| Denominations | Fixed: 1, 10, 100, 1,000 COCO (configurable, max 10) |
| Deposit Fee | 0.1 COCO per deposit (configurable) |
| Withdrawal Delay | 10 blocks default (configurable) |
| Test Coverage | 33 unit tests covering deposit, withdraw, nullifier, stealth, Merkle tree, admin |
| Stealth Scheme | ECDH key agreement on sr25519, view tag fast filtering (1 byte) |
| Balance Tracking | Internal PalletBalance storage (not exposed via pallet_assets) |
| Runtime | Substrate FRAME pallet, compiled to WASM |
# Deposit 10 COCO into the shielded pool
curl -X POST http://localhost:9933 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"shieldedCoin_deposit","params":[10000000000000,"0x...commitment..."]}'
# Register a stealth address
curl -X POST http://localhost:9933 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"shieldedCoin_registerStealthAddress","params":["0x...scan_key...","0x...spend_key..."]}'
# Claim a stealth output
curl -X POST http://localhost:9933 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"shieldedCoin_claimStealthOutput","params":["0x...output_id...","0x...scan_key..."]}'Tip: Use the CoCo CLI or API client to generate commitments off-chain and submit shielded transactions. Full technical specification available in the docs.