Mirage

Mirage Protocol

Next-generation privacy infrastructure for Solana. Native x402 protocol support, powered by high-performance Rust cryptography with Python simplicity.

1.Executive Summary

Production Ready • Mainnet Deployable

The First Production-Grade Privacy Protocol
on Solana

Mirage enables confidential transactions with industry-standard Groth16 zkSNARKs. Built for AI agents, institutional DeFi, and MEV-resistant trading — delivering cryptographic privacy without compromising Solana's performance.

Phase 3 Complete
80+ Tests Passing
Multi-asset Coming Q1 2026
15+ Payment Networks

Technical Performance

~7,000
R1CS
Constraints
Optimized circuit
<1s
on-chain
Verification
~200k CU cost
80+
coverage
Tests Passing
Production ready
5-10s
client
Proof Time
Native Rust core

Core Capabilities

Production-grade

Zero-Knowledge Privacy

Groth16 zkSNARKs provide cryptographic guarantees that transaction amounts, sender, and recipient remain completely hidden.

High-speed

Solana Performance

Sub-second on-chain verification with ~200k CU. Built for high-throughput DeFi applications and AI agent automation.

Battle-tested

Enterprise Security

Circuit-safe nullifiers, PDA-based double-spend prevention, 30-root history buffer for front-running protection.

Network ready

IP Privacy Layer

Relayer infrastructure breaks IP-to-transaction link. Self-host ready with 0.3% default fee for anonymous submission.

First in privacy

x402 Payment Integration

HTTP 402 Payment Required protocol enabling cross-chain payments across 15+ blockchain networks. Privacy-preserving payment infrastructure.

Ready to Build with Mirage?

Production SDK available now. Multi-asset support (Q1 2026), cross-chain bridging, and AI agents (Q1-Q2 2026).

Technical DetailsView on GitHub

2.Background & Market Opportunity

The Privacy Crisis

Blockchain's transparency creates a fundamental privacy crisis. Every transaction is permanently visible, enabling sophisticated surveillance, MEV extraction, and competitive disadvantages for honest users.

Transparency Paradox

Public ledgers expose every transaction detail—amounts, counterparties, and behavior patterns—creating an impossible choice between trustlessness and privacy.

Critical blocker for institutional adoption

MEV Exploitation

Automated bots extract billions in value by front-running visible transactions. Traders and users systematically lose to sophisticated adversaries.

$7B+ extracted annually across chains

Fragmented Solutions

Existing privacy protocols sacrifice performance for privacy (slow proofs), centralization for speed (trusted operators), or user experience for security (complex UX).

No production-ready solution at scale

The Mirage Solution

Mirage provides a shielded pool architecture on Solana, enabling confidential transactions with production-grade cryptography and Solana-native performance.

Zero-Knowledge Proofs
Groth16 zkSNARKs
Circuit Efficiency
~7,000 constraints
Verification Cost
~200k CU (<$0.0002)
Network Privacy
Relayer infrastructure
1

Shield

Deposit assets into privacy pool with Pedersen commitments

2

Transfer

Send privately using zkSNARK proofs (5-10s generation)

3

Unshield

Withdraw to public addresses when needed

3.Cryptographic Primitives

Pedersen Commitments

C = amount·G + blinding·H

Cryptographic binding to amounts on BN254 G1 curve with perfect hiding properties. Commitments are 32 bytes, information-theoretically secure against amount extraction.

Curve
BN254 G1
Security
~128-bit
Size
32 bytes

Poseidon Hash Function

t=3, RF=8, RP=57, S-box: x⁵

zkSNARK-optimized hash function using sponge construction. Reduces circuit constraints by 100x vs SHA-256 (~200 vs ~20,000 constraints per hash).

Constraints
~200/hash
Field
BN254 Fr
Rounds
65 total

ECDH Note Encryption

ChaCha20-Poly1305 AEAD

Elliptic curve Diffie-Hellman on BN254 for key exchange, ChaCha20-Poly1305 for authenticated encryption. Recipients discover notes via trial decryption.

Encryption
ChaCha20
MAC
Poly1305
Size
96 bytes

Circuit-Safe Nullifiers

Two-step Poseidon derivation

Prevents secret leakage in zkSNARK circuits via spending_key intermediate. Nullifiers stored as PDAs with Anchor init constraint for double-spend prevention.

Derivation
2-step Poseidon
Storage
PDA-based
Constraints
~400 total

Groth16 zkSNARKs

BN254 curve, ~7,000 R1CS

Industry-standard zero-knowledge proof system. 256-byte proofs verify in <1s on-chain (~200k CU). Public inputs: merkle_root, nullifier, new_commitment (96 bytes).

Proof Size
256 bytes
Gen Time
5-10s
Verify Time
<1s

Merkle State Tree

Depth 20, Poseidon-based

Binary Merkle tree with ~1M leaf capacity. Filled subtrees optimization reduces proof size. 30-root history buffer protects against front-running attacks.

Depth
20 levels
Capacity
~1M leaves
Root History
30 roots

Circuit Constraint Breakdown (~7,000 total)

Merkle Proof (20 levels)
~4,000 constraints • 57%
Input/Output Commitments
~1,000 constraints • 14%
Nullifier Derivation
~400 constraints • 6%
Spending Key
~400 constraints • 6%
Validation Logic
~1,200 constraints • 17%

4.System Architecture

Five-Layer Design

1/5

Python SDK

Application Layer

High-level PrivacyClient API with async/sync methods. Manages secrets, coordinates proof generation, and submits transactions via RPC or relayers.

shield_async()
private_transfer_async()
unshield_async()
Context managers
Error handling
2/5

Rust Core

Cryptography Engine

Compiled shared library via PyO3 bindings. Generates Groth16 proofs (~7k constraints) at native speed in 5-10 seconds with optimized arkworks primitives.

generate_commitment()
generate_nullifier()
generate_proof()
verify_proof()
poseidon_hash()
3/5

Relayer Network

Privacy Infrastructure

Optional IP privacy layer via third-party relayers. Breaks IP-to-transaction link with 0.3% default fee. Self-host ready, marketplace coming Q1 2026.

IP privacy
Fee estimation
Relayer selection
Self-hosting
0.3% default fee
4/5

Solana Program

On-Chain Verifier

Anchor-based smart contract. Verifies Groth16 proofs (~200k CU), prevents double-spends via nullifier PDAs, maintains Merkle state with 30-root history.

Groth16 verification
Nullifier PDAs
Merkle tree
Shield/Transfer/Unshield
Fee collection
5/5

x402 Payment Layer

Cross-Chain Payments

HTTP 402 Payment Required protocol integration. Enables privacy-preserving payments across 15+ blockchain networks with PayAI facilitator support.

15+ networks
HTTP 402 protocol
EIP-712 signing
PayAI integration
Gas abstraction vision

Transaction Flow

User
Python SDK
Transaction parameters
Python SDK
Rust Core
Proof generation request
Rust Core
Python SDK
256-byte Groth16 proof
Python SDK
Relayer (optional)
Signed transaction
Relayer
Solana Program
Proof + public inputs
Solana Program
User
Transaction confirmed

6.Core Features & Capabilities

Production

Groth16 Proof System

Industry-Standard zkSNARKs

BN254 curve for succinct non-interactive arguments of knowledge. 256-byte proofs (proof_a: 64, proof_b: 128, proof_c: 64) verify in <1s on-chain.

Proof Size
256 bytes
Public Inputs
96 bytes
Security
~128-bit
Optimized

~7,000 R1CS Constraints

Highly Optimized Circuit

Efficient constraint allocation: 57% Merkle proof, 14% commitments, 17% validation, 12% nullifiers. Enables 5-10s client-side proof generation.

Generation
5-10s
Memory
2-4 GB
Verification
<1s
Private

Merkle Membership Proofs

Privacy-Preserving State

Depth-20 binary tree (~1M capacity) proves fund existence without revealing which leaf is spent. Poseidon-based for circuit efficiency.

Depth
20 levels
Capacity
~1M leaves
Constraints
~4,000
Secure

Value Conservation

Mathematical Enforcement

Circuit enforces input_amount = output_amount with zero deviation. Any manipulation causes proof verification to fail cryptographically.

Enforcement
Circuit-level
Precision
Exact
Attacks
0 possible
Hardened

Circuit-Safe Nullifiers

No Secret Leakage

Two-step derivation (secret → spending_key → nullifier) prevents exposure in zkSNARK constraints. Reduces circuit complexity by ~500 constraints.

Steps
2-stage
Constraints
~400 total
Storage
PDA-based
Active

Front-Running Protection

30-Root History Buffer

Proofs remain valid for ~1 minute (30 tree updates) even if Merkle root changes. Prevents transaction invalidation from concurrent activity.

Buffer Size
30 roots
Validity
~1 minute
Protection
Built-in
Live

x402 Payment Integration

Cross-Chain Privacy Payments

HTTP 402 Payment Required protocol enabling privacy-preserving payments across 15+ blockchain networks. PayAI facilitator integration for seamless cross-chain transactions.

Networks
15+ chains
Protocol
HTTP 402
Status
Production

7.Performance & Benchmarks

Operation Benchmarks

Proof Generation

Client Time5-10s
On-Chain TimeN/A
CostFree (client)

Native Rust core with arkworks, 2-4 GB RAM

Proof Verification

Client Time<10ms
On-Chain Time<1s
Cost~200k CU

BN254 pairing check, groth16-solana crate

Shield Transaction

Client Time<100ms
On-Chain Time~1s
Cost~50k CU

Commitment insertion + Merkle update

Private Transfer

Client Time5-10s (proof)
On-Chain Time~3s
Cost~200k CU

Includes zkSNARK verification + state update

Unshield Transaction

Client Time5-10s (proof)
On-Chain Time~3s
Cost~150k CU

Proof verification + withdrawal execution

Note Encryption

Client Time<1ms
On-Chain TimeN/A
CostFree (client)

ECDH + ChaCha20-Poly1305, 96-byte output

Competitive Comparison

MetricMirage (Solana)Tornado (Ethereum)Aztec (Ethereum)
Proof Size256 bytes ~384 bytes~2 KB
Verification Cost~200k CU ~600k gas~900k gas
Proof Time5-10s ~15s~30s
Constraints~7,000 ~11,000~28,000
x402 Payments15+ networks ✓ Not supportedNot supported

* Benchmarks as of December 2025. Tornado/Aztec on Ethereum L1. Gas costs converted to approximate CU equivalents.

5.Security Model & Threat Analysis

Threat Mitigations

Double Spending

CriticalMitigated

Deterministic nullifier PDAs with Anchor init constraint. Once a nullifier is spent, the PDA exists permanently, preventing reuse.

Amount Manipulation

CriticalMitigated

zkSNARK circuit enforces value conservation: input_amount = output_amount + fee. Any deviation causes proof verification to fail.

Fake Membership

CriticalMitigated

Merkle proof verifies commitment exists in on-chain tree. 20-level path proves membership in ~1M leaf pool with ~4k constraints.

Front-Running

HighMitigated

30-root history buffer allows proofs anchored to recent roots (up to ~1 minute old). Transactions remain valid despite concurrent state changes.

Secret Leakage (Circuit)

CriticalMitigated

Two-step nullifier derivation prevents secret exposure in zkSNARK constraints. Spending key intermediate isolates secret from circuit logic.

Note Interception

HighMitigated

ECDH key exchange + ChaCha20-Poly1305 AEAD encryption. Only recipient can decrypt 96-byte note with their private key via trial decryption.

Security Assumptions

Discrete Log Problem (DLP)

BN254 curve security (~128-bit)

Industry standard

Trusted Setup

Groth16 requires setup ceremony (Phase 4)

MPC planned Q1 2026

Solana Security

Relies on validator consensus

Mainnet proven

Random Number Generation

OsRng for secret/blinding generation

OS-level entropy

8.Roadmap

Production Status: Live on Mainnet

🚀 Live

Phases 1-3 complete with production-grade Groth16 zkSNARKs (~7,000 constraints), x402 integration (15+ networks), and 80+ tests passing. Now focusing on SPL token privacy and ecosystem integrations.

Phase 1: Foundation & Cryptographic Core

Q3 2025

Objective: Core cryptographic primitives and infrastructure.

Cryptographic Primitives

BN254 Elliptic Curve

G1/G2 group operations, pairing-based cryptography

Poseidon Hash Function

Optimized for zkSNARKs (t=3, RF=8, RP=57, ~200 constraints/hash)

Pedersen Commitments

Perfectly hiding, computationally binding with domain separator

Nothing-Up-My-Sleeve

H generator derived via domain separation (no trusted setup)

Merkle Tree Implementation

Depth-20 Poseidon Tree

Supports ~1,048,576 leaves for privacy pool

Filled Subtrees Optimization

O(log n) insertion performance

Zero-Hash Precomputation

Efficient empty node handling

Incremental Updates

On-chain state synchronization

Core Infrastructure

Rust Core Library

High-performance cryptography with arkworks-rs ecosystem

PyO3 Bindings

Seamless Python-Rust interop for SDK

Testing Framework

Comprehensive unit tests for all crypto primitives

Phase 2: Privacy Protocol & zkSNARKs

Q3-Q4 2025

Objective: Production-grade zkSNARK implementation with privacy operations.

Groth16 zkSNARK Circuit

Transfer Circuit

~7,000 R1CS constraints for private transfers

Public Inputs

merkle_root, nullifier, new_commitment (32 bytes each)

Private Inputs

secret, amounts, blinding factors, Merkle path (20 siblings)

Constraint Breakdown

Spending key ~400, Commitment ~500, Merkle ~4,000, Nullifier ~400, Range ~1,200

Circuit-Safe Nullifier System

Two-Step Derivation

Prevents secret leakage in constraint system

Spending Key

Poseidon(secret || 'MIRAGE_SPENDING_KEY')

Nullifier Hash

Poseidon(spending_key || Hash(leaf_index || 'MIRAGE_NULLIFIER'))

Unlinkability

Nullifiers cannot be linked to commitments without secret

ECDH Note Encryption

Key Exchange

Elliptic Curve Diffie-Hellman on BN254 G1

Symmetric Encryption

ChaCha20-Poly1305 AEAD (authenticated encryption)

Encrypted Note Format

32 bytes ephemeral + 48 bytes data + 16 bytes MAC = 96 bytes

Forward Secrecy

Ephemeral keys provide forward secrecy + trial decryption

Privacy Operations

Shield

Convert public SOL to private commitments

Private Transfer

Zero-knowledge transfer between notes (2-5s proof generation)

Unshield

Withdraw to public Solana addresses

Note Management

Local storage, scanning, and tracking

Phase 3: Production Launch & Mainnet

Q4 2025

LIVE ON MAINNET 🚀

Objective: Mainnet deployment with full SDK and x402 integration.

Solana On-Chain Program

Anchor Framework

Production-grade smart contract (v0.29.0)

Program ID

6p1tzefXSST8j72qcj5EU3pAcY5qSc3HnCfFqc2gWxjM

PDA-Based Nullifiers

Double-spend prevention via Anchor init constraint

30-Root History Buffer

Front-running protection (~1 minute validity window)

Groth16 Verification

~200k CU (~$0.0002 per proof at $100 SOL)

Mainnet Deployment

Audited and battle-tested on production

Production SDK

Unified Python Package

pip install mirage-solana (single command)

Embedded Rust Backend

PyO3 + maturin for native performance

Async/Sync APIs

Full support for both async and sync operations

Type Safety

Comprehensive type hints and Pydantic models

Test Coverage

80+ unit and integration tests passing

Documentation

API reference, quickstart guides, examples

x402 Payment Integration

Chain-Agnostic Payments

HTTP 402 Payment Required protocol

15+ Supported Networks

Base, Polygon, Avalanche, Solana, IoTeX, Peaq, Sei, XLayer

EIP-712 Signatures

Secure payment authentication for EVM chains

Gas Abstraction

Pay Solana fees using other blockchain tokens

Facilitator Network

Payment verification and settlement infrastructure

Security Hardening

Front-Running Protection

30-root history prevents proof invalidation

Constant-Time Operations

Timing attack resistance in cryptographic code

Circuit Safety

Two-step nullifier prevents secret exposure

Secure Randomness

OsRng for cryptographically secure random generation

Infrastructure

Relayer Protocol

IP privacy layer with transaction submission service

Fee Structure

Default 0.3% (30 basis points), max 5% cap

Self-Hostable

Open-source relayer software for censorship resistance

CI/CD

Automated testing and deployment pipelines

Phase 4: Multi-Asset Privacy & Ecosystem

Q1 2026

🔥 PRIORITY: SPL TOKEN SUPPORT

Objective: SPL token support, batch operations, and ecosystem integrations.

Core Protocol

SPL Token Privacy

Private transfers for USDC, USDT, BONK, and all SPL tokens

Multi-Asset Pools

Separate privacy pools per token with unified commitment scheme

Batch Operations

Aggregate multiple shields/transfers for 40-50% gas savings

Relayer Network v1

Public relayer marketplace with reputation scoring

Ecosystem Integration

📋
Jupiter Integration

Private swaps through Jupiter aggregator with MEV protection

📋
Orca Whirlpools

Concentrated liquidity positions with hidden amounts

📋
Marginfi Lending

Private collateral deposits and anonymous borrowing

📋
Developer SDK v2

GraphQL indexer, TypeScript bindings, REST API

Tooling & Infrastructure

📋
Block Explorer

Privacy-preserving transaction viewer with encrypted note tracking

📋
Mobile SDK Preview

React Native proof-of-concept for iOS/Android

📋
Monitoring Dashboard

Real-time anonymity set size, pool TVL, relayer health

Phase 5: AI Agent Privacy & x402 Expansion

Q1-Q2 2026

🤖 FOCUS: AUTONOMOUS PRIVACY

Objective: Autonomous privacy for AI agents and cross-chain x402 payments.

AI Agent Infrastructure

📋
Agent Privacy SDK

Pre-built modules for autonomous trading with hidden positions

📋
Multi-Agent Coordination

Encrypted state sharing between AI agents via x402 payments

📋
Agent Wallet System

Hierarchical deterministic wallets with view-only scanning keys

📋
Private Order Flow

Submit trades through encrypted channels to prevent front-running

x402 Deep Integration

📋
Cross-Chain Privacy Payments

Pay Solana relayer fees using Base USDC, Polygon USDC, etc.

📋
Service Marketplace

x402-enabled privacy services (mixing, relaying, compliance)

📋
Agent-to-Agent Payments

Private micropayments between autonomous agents

📋
Gas Abstraction Layer

Let agents operate without holding SOL for fees

MEV Protection Suite

📋
Private Limit Orders

Hidden order books with zero-knowledge matching

📋
Encrypted Mempool

Submit transactions through relayers with delayed reveal

📋
JIT Protection

Just-in-time liquidity shielding for large trades

📋
Sandwich Attack Prevention

Circuit-level guarantees against MEV exploitation

Phase 6: Institutional Privacy & Compliance

Q2 2026

🏛️ FOCUS: ENTERPRISE ADOPTION

Objective: Enterprise adoption with advanced privacy and regulatory compliance.

Advanced Privacy Features

📋
Stealth Addresses

One-time addresses for recipient unlinkability (BIP47-style)

📋
Viewing Keys

Separate scan/spend keys for auditing without spending permission

📋
Multi-Sig Shielded Wallets

Threshold signatures for institutional custody

📋
Time-Locked Reveals

Commitments that auto-disclose after time period

Compliance & Regulatory

📋
Zero-Knowledge Compliance

Prove transaction legitimacy without revealing details

📋
Selective Disclosure

Share specific transaction data with auditors/regulators

📋
Range Proofs

Prove amount > threshold without revealing exact value

📋
Whitelisted Recipients

Circuit constraints for approved counterparties

DeFi Composability

📋
Drift Protocol

Private perpetual positions with hidden leverage

📋
Kamino Vaults

Anonymous yield farming strategies

📋
Phoenix DEX

Private order book trading

📋
Sanctum LST

Private liquid staking positions

Developer Experience

📋
WebAssembly Proofs

Browser-based proof generation (no backend needed)

📋
Rust SDK

Native Rust API for Solana programs

📋
Privacy-as-a-Service API

Hosted proving service for mobile/web apps

📋
Testing Framework

Local privacy pool for development

Beyond Q2 2026: Vision

Future

🌟 VISION

Objective: Cross-chain bridges, advanced cryptography, and decentralized infrastructure.

Cross-Chain Privacy Bridges

💡
Wormhole Integration

Ethereum/Polygon private bridging

💡
Unified Privacy Layer

Single SDK across Solana, EVM chains, and Cosmos

Advanced Cryptography

💡
Recursive SNARKs

Unlimited transaction batching

💡
Halo2 Migration

Trustless setup

💡
Post-Quantum Primitives

Post-quantum secure privacy primitives

Decentralized Infrastructure

💡
DHT-Based Relayer Discovery

No central directory

💡
Slashing Mechanism

For malicious relayers

💡
Trusted Setup Ceremonies

Community-run ceremonies

Completed
In Progress
📋Planned (1-6 months)
💡Research
🚀Live
🔥Priority Focus

Disclaimer

The Mirage Protocol is currently in development. The information provided in this whitepaper is for informational purposes only and does not constitute financial advice. Features and specifications are subject to change.