Private orderflow

Syntarie's transaction submission is private-first with explicit public opt-in.

What this means in practice

  • Default: a submitted transaction is encrypted and routed to the validator set via commit-reveal. Mempool peers see commitments, not contents.
  • Public opt-in: users can mark a tx as "public submit" — it goes through the standard non-encrypted mempool path. Useful for transparency-first transfers (e.g. governance votes).
  • Selective disclosure: a transaction's metadata (signer, recipient, amount, memo) can be selectively disclosed to chosen counterparties via finalized account-summary disclosures.

The threat model

Private orderflow is not a privacy mechanism for the user-counterparty relationship. The validator set sees plaintext transactions during ordering. What it protects against:

  • MEV via mempool surveillance — a watcher cannot see your tx until it's in a block.
  • Front-running by un-permissioned mempool participants — there is no such role; only the validator set sees txs.
  • Sandwich attacks — eliminated by ordering happening inside the validator set, not on a public mempool.

It does NOT protect:

  • The validator set itself — they see your tx contents before ordering.
  • Post-finalization on-chain history — once finalized, tx fields (signer, recipient, amount) are visible to anyone querying chain state.

Selective disclosure layer

Beyond the commit-reveal layer, Syntarie supports finalized account-summary disclosures: a Merkle-proven view of an account's history at a specific block height, scoped to chosen fields. Use cases:

  • Compliance reporting (auditor needs to see account holdings at a specific date)
  • Selective sharing with KYC providers
  • Proof-of-solvency without full chain history

The disclosure protocol itself is verifiable offline — you can hand someone a disclosure file + the chain's checkpoint signature and they can verify it without trusting Syntarie.

What's verified

  • Goal 7 (Privacy / disclosure) at ~91% per LORE-3.
  • Commit-reveal protocol verified in interface/src/core/commit_reveal.rs + tests.
  • Account-summary disclosure verified in account_summary_disclosure.rs + the wallet's disclosure verification CLI.
  • Selective-disclosure replay protection verified by tests_privacy_e2e::* (some tests previously red until Phase 1 of MAKE-IT-GREEN — now green).

What's still open

  • "MEV / private orderflow" goal at 91% — work continues on adversarial replay scenarios.
  • The R94 phishing watchlist + scam-trigger productization layer is a separate concern (Goal 3).

Source pointers

  • interface/src/core/commit_reveal.rs — commit-reveal protocol
  • interface/src/core/account_summary_disclosure.rs — disclosure proofs
  • interface/src/core/selective_disclosure.rs — field-level disclosure scoping
  • docs/decisions/private-orderflow-policy.md (in source repo) — policy decisions