Skip to main content

How privacy works

Solana transactions are fully public. Anyone can trace the flow of SOL from one address to another. Whisper Bot breaks this link using a zero-knowledge privacy pool — a smart contract that accepts deposits and issues withdrawals without revealing the connection between them. What’s visible on-chain:
  • Your wallet sent SOL to a temporary address
  • That temporary address deposited into the privacy pool
  • The recipient’s wallet received SOL from the privacy pool
What’s NOT visible on-chain:
  • Any link between your deposit and the recipient’s withdrawal
  • Which deposit funded which withdrawal
  • That you and the recipient are connected in any way

Zero-knowledge proofs

The privacy pool uses zero-knowledge proofs — a cryptographic technique that lets someone prove a statement is true without revealing any underlying data. When Whisper Bot withdraws funds from the pool, it generates a ZK proof that says:
“I know a valid deposit in this pool that has not been withdrawn yet, and I’m authorized to withdraw it.”
The Solana program verifies this proof on-chain. It confirms the withdrawal is legitimate without learning which deposit it corresponds to. The proof reveals nothing about the sender, the deposit transaction, or the timing.

The anonymity set

Privacy in a pool-based system depends on the anonymity set — the number of deposits that a withdrawal could plausibly be linked to.
  • Every deposit into the privacy pool grows the anonymity set
  • When you withdraw, an observer knows the funds came from one of the deposits in the pool, but not which one
  • The more deposits in the pool, the stronger the privacy guarantee
Whisper Bot uses the same PrivacyCash privacy pool as the public PrivacyCash protocol. Your transfers share an anonymity set with all other users of the pool — not just Whisper Bot users.

Ephemeral keypairs

Every transfer uses a fresh, one-time keypair for the temporary deposit address. This keypair:
  • Is generated randomly for each transfer
  • Is encrypted with AES-256-GCM and stored only until the transfer completes
  • Is never reused across transfers
  • Cannot be linked to your Telegram account or wallet
After the transfer completes (or is cancelled), the keypair is no longer needed. The temporary address becomes an empty, abandoned Solana account with no connection to you.

Threat model

No privacy system is perfect. Here’s an honest assessment of what Whisper Bot protects against and what it doesn’t.

What Whisper Bot protects against

A blockchain observer cannot link your deposit to the recipient’s withdrawal. The ZK proof reveals no information about which deposit was used.
When you send to a Telegram user, the recipient never sees your wallet address or the temporary deposit address. They only see a claim notification.
When a peer claims funds, they provide their wallet address directly to the bot. The sender never sees it.

Known limitations

If you deposit and the recipient withdraws seconds later with no other pool activity in between, a sophisticated observer could guess they’re related. The larger the pool’s activity, the less useful timing analysis becomes.
If you deposit exactly 1.23456789 SOL and a withdrawal of ~1.22 SOL appears shortly after, the unusual amount could narrow the match. Standard amounts provide better privacy.
Whisper Bot knows both the sender’s and recipient’s Telegram IDs. This is necessary to deliver notifications. Whisper Bot does not log or store the association between transfers and wallet addresses after completion.
The PrivacyCash relayer processes ZK proofs and submits transactions. It sees the withdrawal address and proof, but cannot determine which deposit funded the withdrawal.

What Whisper Bot stores

Whisper Bot maintains a secure local database to track transfer states. Here’s what’s stored and what isn’t:
DataStored?Purpose
Telegram user IDYesIdentify users, send notifications
Transfer statusYesTrack deposit/withdrawal progress
Deposit amountYesCalculate fees and delivery amounts
Temporary address (encrypted)Yes, until completeExecute the transfer
Recipient’s wallet addressOnly during transferNeeded for ZK withdrawal, not retained after
Sender’s wallet addressNoNever collected
Link between sender and recipientNoNot recorded
Transaction signaturesYesVerify completion on-chain
Whisper Bot is a privacy tool, not an anonymity tool. It breaks the on-chain link between sender and recipient, but the bot operator knows both Telegram accounts are involved in a transfer. If you need anonymity from the bot operator, this is not the right tool.

Privacy tips

Use round amounts

Deposits of 1, 2, or 5 SOL blend in better than 1.73829 SOL.

Wait before claiming

If you’re the recipient, waiting a few minutes before claiming reduces timing correlation.

Don't reuse wallets

For maximum privacy, use a fresh wallet address when claiming funds.

Avoid tiny transfers

Very small transfers (under 0.05 SOL) have fewer pool participants at similar amounts, reducing the anonymity set.