SHADE Protocol Whitepaper

Abstract

SHADE is a privacy layer for Solana that implements burner wallets, stealth addresses, and cryptographic isolation to enable untraceable transactions. This document describes the technical architecture, cryptographic primitives, and security model. The system operates entirely client-side with zero server trust, using industry-standard cryptography (AES-256-GCM, PBKDF2, SHA-512).

Contents

1. Introduction

1.1 The Privacy Problem

Public blockchains like Solana provide transparency but sacrifice privacy. Every transaction reveals sender address, recipient address, amount transferred, historical balances, and transaction patterns. This creates a surveillance economy where on-chain analysis can track individual spending habits, link addresses to real identities, enable targeted attacks on high-value wallets, and allow competitors to analyze business activity.

1.2 Design Goals

SHADE addresses these concerns with four objectives:

• Unlinkability — Transactions cannot be traced to the same user
• Zero Trust — No server ever sees private keys
• Usability — Privacy without complexity
• Compatibility — Works with existing Solana infrastructure

2. Cryptographic Primitives

2.1 Encryption Standard

SHADE uses AES-256-GCM (Galois/Counter Mode) for all encryption:

ciphertext = AES-GCM(plaintext, key, iv, aad)

Parameters:
- Key size: 256 bits
- IV size: 96 bits (random per encryption)
- Authentication tag: 128 bits

2.2 Key Derivation

Keys are derived using PBKDF2-HMAC-SHA256:

derived_key = PBKDF2(password, salt, iterations, key_length)

Parameters:
- Iterations: 310,000 (OWASP 2025 recommendation)
- Salt: 256 bits (random per derivation)
- Output key: 256 bits

At 310k iterations: ~0.3 seconds per attempt on modern hardware, ~9.5 years for 1 billion attempts.

3. Burner Wallet System

3.1 Generation

function createBurner():
    keypair = Keypair.generate()  // Ed25519
    id = SHA-256(keypair.publicKey)[:8]
    encrypted_secret = encrypt(keypair.secretKey, password)
    store(id, encrypted_secret, publicKey)
    return { id, publicKey }

3.2 Security Properties

• Forward Secrecy — Destroying a burner eliminates future compromise risk
• Isolation — Each burner has independent keys
• Unlinkability — No on-chain connection between burners

4. Stealth Address Protocol

4.1 Key Hierarchy

Master Seed (256 bits)
    │
    ├── Scan Key (viewing)
    │
    └── Spend Key (spending)

4.2 Address Generation

SHADE v1 uses a simplified deterministic model. Each index produces a unique keypair that cannot be linked to others:

stealth_address_0 = derive(seed, 0).publicKey
stealth_address_1 = derive(seed, 1).publicKey
// ... unlinkable to each other

Additional Sections

The complete whitepaper includes detailed coverage of:

• Section 5: Passkey Wallet implementation using WebAuthn and secure enclaves
• Section 6: Gasless transaction protocol and fee payer separation
• Section 7: Storage architecture with SecureKeyManager and IndexedDB
• Section 8: Comprehensive threat model and security analysis
• Section 9: Roadmap including ZK proofs, mixers, and cross-chain bridges