Privacy & Security Technologies

Ephemeral Accounts

Each order is issued via a temporary ephemeral Solana account created exclusively for a single session.

This mechanism ensures non-linkability between user wallets and specific order histories, even if the on-chain transaction logs are fully public.

Encrypted Balances (eTokens)

Balances are represented as eTokens, a cryptographic abstraction layer that maps encrypted balance states to deterministic commitment hashes.

Only the holder’s private key can decrypt the balance, while on-chain contracts verify arithmetic correctness using modular arithmetic proofs.

Trusted Execution Environments (TEE)

TEE enclaves (AWS Nitro) execute the matching logic under hardware-backed integrity guarantees.

Memory and execution context are isolated from the host OS, preventing data exfiltration.

The enclave’s root of trust is established via attestation certificates anchored in the TPM hardware of the host node.

Zero-Knowledge Proofs

Oneliquid employs ZK-SNARKs to validate off-chain computations.

Each batch proof certifies:

• Order-matching correctness (no phantom or duplicate orders)

• Conservation of balances

• Non-manipulable price discovery logic

The proof is published to Solana as an attested transaction payload, verifiable by any external observer.

Batch Execution & Atomic Settlement

Orders are aggregated into batches to ensure execution uniformity and front-running resistance.

All transactions in a batch are either confirmed together or discarded collectively, ensuring deterministic settlement and preventing MEV extraction.