Skip to content

Confidential Transfer Planner v1

This document defines the deterministic planning boundary for the current confidential transfer path.

For the wallet integration contract that consumes planner inputs/outputs, see spec/reference-wallet-api-sync-contract-v1.md.

Scope

The planner maps wallet intent and protocol state references into a deterministic transition plan.

The planner is pure: it does not execute backend proving, broadcast, or wallet persistence.

Planner input

Current planner input (v1):

  • source wallet note record (WalletNoteRecordV1)
  • source protocol state cell pointer (ShardPointer subset)
  • sender wallet context
  • receiver wallet context ((A,B) scan/spend capable wallet)

Planner output

Current planner output (v1):

  • deterministic receiver note leaf plan
  • deterministic nullifier insertion intent
  • pre-state and post-state SCv2 hashes
  • PIv1 bytes
  • encrypted payload bytes
  • RRE1 hints bytes
  • output fingerprint bind bytes
  • prevout coordinates used for deterministic session derivation

Determinism rule

For the same logical inputs, planner output must be byte-for-byte stable.

No random values are introduced in this planner path.

Dependency matrix

Frozen dependencies consumed by planner v1:

  • TKT-P3-26: output fingerprint policy and boundary fields
  • TKT-P3-27: RRE1 shape and inbound note transport assumptions
  • TKT-P3-28: note commitment and nullifier policy freeze + replay rules

Out of scope

  • backend proving
  • covenant execution
  • tx broadcast
  • chain indexing orchestration