Skip to main content

Confidential SPL Token Program

The Confidential SPL Token Program is a confidential token implementation on Solana that enables privacy-preserving token operations. Unlike traditional SPL tokens where balances and transfer amounts are publicly visible on-chain, this program uses Inco Lightning encryption to keep these values hidden while still allowing mathematical operations on them.

Overview

Setup

Configure your development environment

Program Functions

Learn the on-chain program API

Deploy & Test

Deploy and test your program

Key Features

  • Encrypted Balances: Token balances are stored as encrypted values, invisible to external observers
  • Private Transfers: Transfer amounts remain confidential while still being validated
  • Standard SPL Interface: Familiar API patterns for Solana developers
  • Encrypted Operations: Perform arithmetic on encrypted values without decryption
  • Access Control via Allowance: Grant decryption permissions to specific addresses using remaining_accounts

How It Works

Quick Example

import * as anchor from "@coral-xyz/anchor";
import { encryptValue } from '@inco/solana-sdk/encryption';
import { hexToBuffer } from '@inco/solana-sdk/utils';

// 1. Encrypt the transfer amount client-side
const amount = BigInt(1_000_000_000); // 1 token with 9 decimals
const encrypted = await encryptValue(amount);

// 2. Call the confidential transfer with allowance accounts
// remaining_accounts grants decryption access to the new balance handles
await program.methods
  .transfer(hexToBuffer(encrypted), 0)
  .accounts({
    source: sourceAccount,
    destination: destinationAccount,
    authority: wallet.publicKey,
    incoLightningProgram: INCO_LIGHTNING_PROGRAM_ID,
    systemProgram: SystemProgram.programId,
  })
  .remainingAccounts([
    // Grant decryption access to source owner for their new balance
    { pubkey: sourceAllowancePda, isSigner: false, isWritable: true },
    { pubkey: sourceOwner, isSigner: false, isWritable: false },
    // Grant decryption access to destination owner for their new balance
    { pubkey: destAllowancePda, isSigner: false, isWritable: true },
    { pubkey: destOwner, isSigner: false, isWritable: false },
  ])
  .rpc();
The remaining_accounts pattern allows granting decryption access in the same transaction that produces new encrypted handles. This requires simulating the transaction first to derive the allowance PDAs. See Access Control for the simulation pattern.

Source Code

The complete source code is available on GitHub: 
git clone https://github.com/Inco-fhevm/lightning-rod-solana.git