StellarHub · Confidential Send

A real confidential transfer, on-chain

Send real testnet funds whose amount never appears on-chain — the exact flow the production wallet's green eye runs, on the same live pool contract. The page then decodes your transaction from Horizon to show the chain saw no value, and recovers the hidden amount recipient-side from the sealed note.

variant A · confidential pool Groth16 · BLS12-381 · Soroban the wallet's live contract testnet · dev trusted setup

This IS a money transfer. A fresh sender deposits into the pool (the boundary deposit is visible by design), then confidential_transfer moves value to the recipient with only commitments + a Groth16 proof on-chain — no amount argument, no amount in the event, no balance effects.

Honest scope: the amount is hidden; sender & recipient identities are visible. Amount-privacy, not anonymity.

Same code as the wallet: the crypto on this page is client-lib/ bundled as-is (demo/web/build-lib.mjs) — sealed X25519 notes to a plain G-address, Poseidon commitments, the C0 fold-in. CLI twin: npx tsx e2e/confidential-transfer-e2e.ts · fallback building block: proof-verify demo.

Confidential transfer

XLM

Leave the recipient as generated and the page also proves the RECEIVE side (it holds that key locally, so it can run the recipient's note-scan). Paste your own G-address instead and the credit lands for YOUR wallet to scan — the recipient needs no registration (C0 fold-in creates their slot on first credit).

Result

🌐 Public — what the chain saw
sender → recipient
4 commitments (state transition)
sealed note (opaque bytes)
No amount anywhere. Identities visible — amount-privacy, not anonymity.
🔒 Private — never left this page
transfer amount
blindings
recipient-side recovery
The witness of the proof + the note only the recipient's key opens.
Horizon decode of YOUR confidential_transfer (live fetch)