null.
Concepts

What's public vs private

Exactly what an observer can and cannot see. The privacy model, stated plainly.

A shielded pool is only as good as its privacy model is honest. Here is exactly what is visible on-chain and what is not — the same boundary the explorer is built to respect.

Public (anyone can see)

  • Commitments — opaque Poseidon hashes inserted into the tree, and their leaf indices. A commitment reveals nothing about the note's amount or owner.
  • Nullifiers — opaque hashes published when a note is spent. A nullifier reveals nothing about which commitment it nullified.
  • Merkle roots and the tree size.
  • Shield amounts — a deposit into the pool is a public transfer, so its amount and the depositing address are visible.
  • Unshield amounts and the public recipient address — a withdrawal crosses back to the public world, so the amount and destination are visible by definition. (A relayer removes the link to the user's own wallet, not the recipient.)
  • Relayer activity and the fee — public, since the relayer is a public party.
  • Pool TVL, block/slot height, transaction counts.

Private (not visible, and not derivable)

  • The sender of a private transfer, and the amount transferred.
  • The link between a shield and a later unshield — you cannot tell that a particular deposit funded a particular withdrawal.
  • Which commitment a given nullifier spent — the mapping requires the spender's secret key and is never published.
  • Note contents — amount, owner, and blinding stay client-side, encrypted.

The unlinkability is structural, not cosmetic:

  • A nullifier is Poseidon(commitment, leafIndex, privKey). Given a nullifier you cannot recover the commitment without privKey, and Poseidon is not invertible — so "which note did this spend?" has no public answer.
  • Commitments (outputs) and nullifiers (inputs) appear in the same transaction, but nothing ties a nullifier in one op to a commitment created in an earlier op. That cross-op correlation is what would deanonymize a user, and it requires a secret the chain never sees.

The explorer proves this visually

The explorer shows only the public column above. Its search returns a single opaque record — a commitment, a nullifier, a root — and links nothing. There is deliberately no query for "which commitment did this nullifier spend" or "which unshield matches this shield." The data to answer them is not stored, so it cannot be shown. Restraint is the feature.

Honest limits of the privacy set

Privacy in a pool comes from the anonymity set — the crowd of notes you hide among. On a young pool with few notes, that set is small, and timing/amount correlation by an outside observer is easier. This is inherent to all shielded pools and improves as the pool grows. null does not claim more privacy than the anonymity set provides.

On this page