Jat
CONCEPTS

Privacy and threat model

A straight account of what Jat hides, what it does not, and what an observer can still infer. Privacy tools are only useful if you know their edges, so here are ours.

The two properties

  • Graph privacy from stealth addresses: a payment lands on a fresh one-time account, so the chain shows no link between payer and recipient.
  • Deposit-payout unlinking from the fixed-denomination pool: a withdrawal proves ownership of a deposit without revealing which one, so the payout has no on-chain link to your specific deposit. The denomination tier stays public.

They compose. Used together, the parties are not linkable on-chain and the payout is not linkable to your specific deposit, though the denomination tier remains public.

What an observer still learns

  • That an address interacted with Jat at all. Membership in the system is public.
  • Deposit and withdrawal events, timing, and the fixed denomination used. Amounts are bucketed, not hidden continuously.
  • Anything you leak yourself off-chain: reusing one destination for many withdrawals, posting an address publicly, or consolidating several stealth balances into a single wallet can re-link activity that was unlinked on-chain.
Warning
Stealth addressing alone is weakest at consolidation. If you sweep many stealth balances into one wallet, that wallet links them. Route value through the pool and withdraw to fresh, single-use destinations to avoid re-linking.

The anonymity set

A pool withdrawal hides among the other deposits of the same denomination. The privacy you get is therefore proportional to how many comparable deposits exist: more deposits of a size means a larger crowd to hide in. Early on, or for a rarely used denomination, the set is smaller and the hiding is weaker. This is a property of every pool-based design, Jat included.

Trust assumptions

  • No custodian. Funds are never held by an operator. The pool pays out by program, and the relayer only covers fees.
  • No spend key leaves your browser. Indexers and relayers cannot move your funds.
  • Recipient binding. A withdrawal binds its destination inside the proof, so a relayer cannot redirect it.
  • Cryptographic setup. The pool uses a Groth16 circuit, which relies on a trusted setup. Treat the current parameters as devnet-grade.

Status

Jat runs on Solana devnet today and the full round-trip works end to end. Read the design and judge it on what the code does, which is what these docs describe.