Starknet Lightning Privacy Mixer

A decentralized privacy solution for STRK token transfers, combining zero-knowledge cryptography, Atomiq Protocol, Lightning Network, and Cashu ecash to break on-chain transaction linkability.

Comment

Starknet Lightning Privacy Mixer

Inspiration

The blockchain transparency problem has been a fundamental challenge in the crypto ecosystem. While public ledgers enable trustless verification, they also create permanent surveillance trails that expose users' financial activities, spending patterns, and asset holdings. This is also concerning on Starknet, where every transaction is permanently recorded and easily traceable.

We were inspired by several key observations:

  1. Financial Privacy is a Human Right: Privacy in financial transactions shouldn't be a luxury—it's essential for personal security, business confidentiality, and protection from targeted attacks or discrimination.

  2. Real-World Privacy Gaps: Traditional blockchain users face significant privacy challenges:

    • Salary recipients whose employers can track all their spending
    • Businesses whose competitors can analyze their supplier payments
    • Donors who want to support causes anonymously
    • Individuals in restrictive regimes who need financial sovereignty

  3. Multi-Layer Privacy Potential: We recognized that combining three powerful technologies—Zero-Knowledge proofs (Starknet), Lightning Network (Bitcoin), and Cashu ecash (bearer tokens)—could create unprecedented privacy guarantees that no single technology could achieve alone.

  4. User Sovereignty: The rise of bearer instruments like Cashu ecash opened new possibilities for true self-custody and offline value transfer, reminiscent of physical cash but in digital form.

What it does

SLPM (Starknet Lightning Privacy Mixer) is a decentralized privacy solution that breaks on-chain transaction linkability through a sophisticated three-layer architecture:

Core Functionality

1. Privacy Mixer Smart Contract (Layer 1 - Starknet)

  • Users deposit STRK tokens with cryptographic commitments
  • Zero-knowledge proofs enable unlinkable withdrawals to different addresses
  • Nullifier scheme prevents double-spending
  • Growing anonymity sets strengthen privacy with each participant

2. Cross-Chain Privacy Hop (Layer 2 - Lightning Network)

  • Funds route off-chain through Bitcoin Lightning Network
  • Instant, untraceable payments with no permanent blockchain record
  • Multi-hop routing obscures payment paths
  • Breaks the Starknet transaction graph completely

3. Bearer Token Privacy (Layer 3 - Cashu Ecash)

  • Converts funds into anonymous bearer tokens
  • Tokens can be held offline, stored securely, or transferred peer-to-peer
  • No ledger tracks token transfers
  • Blind signature scheme ensures mint cannot link tokens to users

Two Mixing Modes

Full Mix Mode (Automated)

  • Complete privacy pipeline in ~10-15 minute
  • User deposits STRK → system converts through all layers → recipient receives STRK
  • Fully automated with real-time progress tracking
  • Ideal for users who want streamlined privacy without managing tokens

Split Mix Mode (Manual Custody)

  • Issue Token Phase: User deposits STRK → system converts to Cashu bearer token → user stores token securely
  • Redeem Token Phase: User provides stored token → system converts back to STRK or pays Lightning invoice
  • Time gap between phases (hours to years) adds temporal privacy
  • Two settlement options:
    • STRK Settlement: Convert back to STRK on-chain (requires wallet)
    • Lightning Settlement: Pay Lightning invoices directly (no wallet needed, zero blockchain footprint)

Key Features

  • Zero-Knowledge Privacy: Cryptographically impossible to link deposits and withdrawals
  • Temporal Mixing: Configurable delays prevent timing correlation attacks
  • Amount Obfuscation: Intelligent splitting across denominations
  • Multi-Mint Support: Enhanced anonymity through distribution across Cashu mints
  • Self-Custody: Complete control over bearer tokens in Split Mix mode
  • Peer-to-Peer Transfers: Tokens can be gifted or traded offline
  • Emergency Withdrawals: Built-in safety mechanisms in smart contract
  • Multi-Wallet Support: Works with ArgentX, Braavos, and OKX wallets

Real-World Applications

  • Anonymous salary payments and spending
  • Confidential business transactions
  • Private donations to causes
  • Cross-border remittances without surveillance
  • Emergency fund access in restrictive environments
  • Gift tokens that function like digital cash
  • Privacy-preserving savings accumulation

How we built it

Architecture & Technology Stack

Smart Contract Layer (Cairo 2.x)

// Privacy Mixer Contract on Starknet Mainnet
- Commitment/nullifier scheme for unlinkability
- Zero-knowledge proof verification
- Emergency withdrawal mechanisms
- Multi-account support with role-based access

Frontend Application (Next.js 14 + TypeScript)

// Modern React with App Router
- Two mixing modes: Full Mix & Split Mix
- Real-time progress tracking
- Wallet connection management (ArgentX, Braavos, OKX)
- Responsive UI with privacy-focused design

Integration Layer (Real SDKs)

  • @cashu/cashu-ts v2.7.2: Cashu ecash protocol operations
  • @atomiqlabs/sdk v6.0.3: Lightning ↔ STRK atomic swaps
  • starknet.js v7.6.4: Starknet blockchain interaction
  • get-starknet v4.0.3: Multi-wallet connection support

Privacy Enhancement Engine

// Sophisticated privacy optimization
- Temporal mixing with randomized delays
- Amount splitting and denomination standardization
- Multi-mint routing algorithms
- Anonymity set batching and optimization

Server-Side Infrastructure

// Reliable backend operations
- Server-side Cashu melt with retry logic
- API routes for privacy-critical operations
- Fee calculation with safe invoice sizing
- Change token management

Development Process

Phase 1: Research & Design (Week 1)

  • Analyzed existing privacy solutions (Tornado Cash, Aztec, Railgun)
  • Designed three-layer architecture leveraging Starknet, Lightning, and Cashu
  • Created detailed specifications and threat models
  • Designed commitment/nullifier cryptographic schemes

Phase 2: Smart Contract Development (Week 2)

  • Implemented Cairo 2.x privacy mixer contract
  • Developed zero-knowledge proof verification
  • Built emergency withdrawal mechanisms
  • Comprehensive testing with Starknet Foundry

Phase 3: Core Integration (Week 3)

  • Integrated Cashu SDK for ecash operations
  • Connected Atomiq SDK for atomic swaps
  • Implemented wallet connection layer
  • Built orchestration engine for mixing flows

Phase 4: Privacy Features (Week 4)

  • Implemented temporal mixing algorithms
  • Built amount obfuscation strategies
  • Developed multi-mint routing
  • Created anonymity set optimization

Phase 5: Split Mix & Lightning Settlement (Week 5)

  • Implemented two-phase Split Mix mode
  • Added bearer token custody features
  • Built Lightning invoice settlement option
  • Developed safe invoice amount calculation

Phase 6: Polish & Optimization (Week 6)

  • UI/UX improvements and responsive design
  • Performance optimization
  • Comprehensive error handling
  • Documentation and deployment

Key Technical Innovations

  1. Hybrid Privacy Architecture: First system to combine Starknet ZK proofs, Lightning routing, and Cashu ecash
  2. Flexible Settlement: Choose between on-chain STRK or off-chain Lightning at redemption time
  3. Safe Invoice Calculation: Formula-based approach (max_amount = balance - max(2, 0.01×amount) - 1) prevents melt failures
  4. Server-Side Reliability: Server-side melt operations with retry logic ensure token safety
  5. Bearer Token UI: Clean interface for managing digital cash equivalents

Challenges we ran into

1. Cashu Token Spending Problem (Critical)

The Challenge: The most critical challenge we faced was with the Cashu ecash melting process. Cashu operates on a "spend-once" bearer token model, similar to physical cash. When you attempt to melt (spend) a token by paying a Lightning invoice:

  • The Cashu mint immediately marks proofs as "pending" when a melt request is received
  • If the melt operation fails for ANY reason (network timeout, invoice expiry, insufficient balance, mint issues), the proofs remain marked as spent
  • There is no rollback mechanism - the tokens are effectively burned
  • Users lose their funds with no recourse

Real-World Impact:

// Scenario that caused token loss:
1. User starts melt operation with 1000 sats token
2. Creates Lightning invoice for 980 sats (accounting for fees)
3. Melt request sent to mint
4. Mint marks proofs as "pending" 
5. Network timeout occurs before payment completes
6. Invoice expires (60 seconds)
7. Proofs remain "spent" - tokens are gone forever
8. User has no invoice payment AND no tokens

Our Solutions:

A. Server-Side Melt with Retry Logic

// Moved melt operations to server-side API
- More stable network environment
- Built-in retry capability
- Better error handling and logging
- Isolated from client-side network issues

B. Pre-Calculation of Safe Invoice Amounts

// Calculate exact amount that will succeed BEFORE melting
const maxAmount = balance - max(2, Math.ceil(0.01 * amount)) - 1;

// This prevents:
- Insufficient balance failures
- Fee calculation mismatches
- Retry loops that burn tokens

Lessons Learned:

  • Bearer tokens require different error handling than account-based systems
  • Client-side calculation should be trusted when cryptographically sound
  • Network reliability is paramount when tokens can be permanently lost

2. Direct Atomiq Invoice Melting Problem

The Challenge: We discovered a fundamental architecture limitation with our initial design:

Original Approach (Didn't Work):

// Intended flow:
1. Create Atomiq swap (Lightning → STRK)
2. Get Lightning invoice from Atomiq
3. Directly melt Cashu token to pay that invoice
4. Atomiq releases STRK on-chain

// The Problem:
- Atomiq invoices were never being payed successfully,
- We needed to receive the payment to claim the swap
- And the alternative is to run a Lightning node which I cannot due to:
  * Infrastructure complexity
  * Time constraints (hackathon deadline)
  * Deployment and maintenance overhead
  * LND/CLN setup requirements

Why This Was Critical:

  • Direct melt-to-Atomiq would have been the cleanest architecture
  • Would eliminate intermediary steps
  • Would reduce failure points
  • Would improve user experience with faster completion

NO WORK AROUND IT YET FOR THE ABOVE ISSUE

Future Solution:

// Post-hackathon plan:
- Deploy Lightning node infrastructure
- Accept Atomiq invoices directly
- Reduce flow to single melt operation
- Improve completion time to ~30 seconds
- Lower overall fees

Accomplishments that we're proud of

1. First-Ever Three-Layer Privacy System

We successfully combined three powerful privacy technologies—Starknet ZK proofs, Lightning Network routing, and Cashu ecash—into a cohesive system that provides stronger privacy guarantees than any single technology alone. This hybrid architecture is a genuine innovation in blockchain privacy.

2. Production-Ready Smart Contract

  • Deployed and verified on Starknet mainnet
  • Implements sophisticated commitment/nullifier schemes
  • Comprehensive emergency withdrawal mechanisms
  • Battle-tested with multiple wallet providers

3. Solved the Cashu Token Safety Problem

Despite the severe challenge of irreversible token spending, we developed a robust solution:

  • Server-side melt operations with retry capability
  • Mathematical formula for safe invoice calculation
  • Single-execution strategy that prevents token loss
  • Reduced processing time from 90+ seconds to ~4-5 seconds
  • Zero token losses in testing after implementing our solution

4. Split Mix Innovation

Created a novel two-phase mixing mode that enables:

  • True bearer token custody (first-of-its-kind in STRK ecosystem)
  • Temporal privacy spanning hours, days, or years
  • Peer-to-peer token transfers like physical cash
  • Offline storage capability
  • Flexible settlement options (STRK or Lightning)

5. Lightning Settlement Without Blockchain Footprint

Implemented the ability to pay Lightning invoices directly from Cashu tokens:

  • Zero on-chain transactions for complete redemption
  • No wallet connection required
  • Maximum privacy mode
  • Cross-ecosystem value transfer (Starknet → Bitcoin/Lightning)

6. Real SDK Integrations

No mocks in production code—everything uses real, audited SDKs:

  • ✅ @cashu/cashu-ts v2.7.2
  • ✅ @atomiqlabs/sdk v6.0.3
  • ✅ starknet.js v7.6.4
  • ✅ Real mainnet deployment

7. Comprehensive Documentation

  • 800+ line technical architecture document
  • Detailed sequence diagrams for all flows
  • Privacy analysis and threat modeling
  • API documentation
  • Smart contract specifications

8. User Experience Excellence

  • Clean, intuitive UI despite complex underlying tech
  • Real-time progress tracking with detailed status updates
  • Helpful error messages without exposing private information
  • Responsive design that works on all devices
  • Smooth wallet connection experience

9. Performance Optimization

  • Optimized Cashu melt from 90+ seconds to ~10-15 seconds (18x faster)
  • Single-transaction mixing flows
  • Efficient multi-mint routing algorithms
  • Gas-optimized smart contract operations

10. Overcame Infrastructure Limitations

Successfully delivered a working product despite:

  • Cannot run Lightning node (infrastructure/time constraints)
  • Atomiq invoice compatibility issues
  • Token irreversibility challenges
  • Complex multi-system coordination

What we learned

1. Bearer Tokens Require Different Mental Models

Key Insight: Bearer tokens like Cashu operate fundamentally differently from account-based systems:

// Account-based (traditional blockchain):
- Transactions are reversible (can be refunded)
- Balances are persistent (stored on-chain)
- Errors can often be recovered
- State is queryable

// Bearer tokens (Cashu ecash):
- Tokens are spend-once (like physical cash)
- No rollback mechanism
- Lost tokens = lost funds
- Possession = ownership

2. Privacy Requires Multi-Layer Approaches

Key Insight: No single privacy technology is sufficient:

  • ZK Proofs alone: Breaks on-chain links but doesn't solve timing/amount correlation
  • Lightning alone: Provides off-chain privacy but doesn't break L1 transaction graph
  • Cashu alone: Bearer privacy but doesn't integrate with smart contracts

Application: Combining all three creates privacy guarantees that are greater than the sum of parts.

3. Fee Calculation is Surprisingly Complex

Key Insight: Simple percentage fees have edge cases:

// The formula we discovered:
max_amount = balance - max(2, 0.01 × amount) - 1

// Why it's complex:
- Minimum fee floor (2 sats)
- Percentage scaling (0.01×)
- Reserve buffer (1 sat)
- Different mints have different rules

Application: Pre-calculate everything, validate before execution, trust math over retries.

4. Documentation is Product

Key Insight: For privacy tech, documentation is as important as code:

Why:

  • Users need to understand privacy guarantees
  • Auditors need to verify security claims
  • Developers need clear architecture docs
  • Community needs to trust the system

Application: We wrote 800+ lines of architecture documentation, detailed threat models, and clear API specs.

9. Temporal Privacy is Powerful

Key Insight: Time gaps between operations can be as valuable as cryptographic mixing:

// Same-session mixing: Anonymity set = N concurrent users
// Time-delayed mixing: Anonymity set = All historical users

// Split Mix enables:
- Issue token: Monday in New York
- Redeem token: Friday in London
- No correlation possible

Application: Split Mix's temporal disconnect is its strongest privacy feature.

10. Production Means Different Things

Key Insight: "Production-ready" is contextual:

For Privacy Tech:

  • Security audits (we have self-audited)
  • Extensive testing (hundreds of test cases)
  • Clear documentation (800+ lines)
  • Robust error handling (comprehensive)
  • User warnings (present)

Still Needed:

  • Third-party security audit
  • Mainnet battle-testing
  • Economic attack analysis
  • Long-term reliability data

Application: Be transparent about production status and limitations.

What's next for Starknet Lightning Privacy Mixer

Immediate Priorities (Q1 2026)

1. Lightning Node Infrastructure

// Deploy own Lightning node
- Reduce melt flow to single operation
- Improve completion time to ~10 seconds
- Lower overall transaction fees
- Better reliability and control

2. Security Audit

// Third-party security review
- Smart contract formal verification
- Cryptographic scheme audit
- Bearer token safety analysis
- Economic attack modeling
- Penetration testing

3. Enhanced Privacy Features

// Advanced mixing algorithms
- Adaptive anonymity set batching
- Decoy transaction injection
- Multi-round mixing options
- Privacy score calculation
- Anonymity set visualization

Medium-Term Goals (Q2-Q3 2026)

4. Mobile Application

// Native mobile experience
- iOS app with secure enclave storage
- Android app with hardware security
- QR code token scanning
- Offline token management
- Push notifications for settlement

5. Advanced Split Mix Features

// Enhanced bearer token capabilities
- Token splitting (divide into smaller denominations)
- Token merging (combine multiple tokens)
- Time-locked redemption
- Multi-signature requirements
- Inheritance planning

Built With

Share this project:

Updates