Solana privacy in 2026: the four approaches

Solana publishes every balance, transfer, and instruction by default — which is exactly why privacy has become one of its most active infrastructure frontiers. By 2026 there isn't one Solana privacy story; there are four distinct technical approaches, each with different trust assumptions and different answers to the question that now defines the whole space: can it be audited?

The four approaches

Approach              Hides            Trust model              On Solana (2026)
────────────────────  ───────────────  ───────────────────────  ───────────────────
Encrypted balances    amounts          on-chain ZK proofs       Token-2022 Confidential
 (ElGamal + ZK)       (not parties)                              Transfers/Balances
MPC                   inputs+outputs   honest-majority nodes    Arcium (MXEs)
Shielded ZK pools     sender↔receiver  ZK + relayer             Privacy Cash, Umbra
TEEs                  runtime data     hardware vendor +        Jito BAM, MagicBlock,
 (SGX/TDX/SEV/Nitro)                   remote attestation       Switchboard

1. Encrypted balances — Token-2022 Confidential Transfers

The native option. The confidential transfer extension encrypts token amounts with twisted ElGamal and proves correctness with zero-knowledge proofs. It hides how much, not who — and famously had its proof program disabled in mid-2025 after soundness bugs. Native, auditable (per-mint auditor keys), but amount-only.

2. MPC — Arcium

Arcium (the rebrand of the shut-down privacy protocol Elusiv — same team) splits secrets across a network of Arx nodes so no single party ever sees plaintext. It's general-purpose confidential compute, not just payments — private order matching, sealed-bid auctions, confidential AI. Trust = honest-majority / non-collusion, no special hardware.

3. Shielded ZK pools — Privacy Cash, Umbra

The transfer-privacy approach: deposit into a shielded pool, withdraw to a fresh address, with a ZK proof breaking the on-chain link. Privacy Cash (a ZK mixer with Jupiter-routed private swaps, $400M+ processed) is the most-used by volume; Umbra builds shielded SOL/SPL transfers on top of Arcium with a viewing-key hierarchy. This is the approach under the most regulatory scrutiny.

4. TEEs — Jito BAM, MagicBlock, Switchboard

Trusted Execution Environments run code in hardware-isolated enclaves that emit a signed attestation of exactly what ran. Jito's BAM schedules transactions inside AMD SEV-SNP enclaves (a TEE-encrypted mempool against MEV), MagicBlock runs Private Ephemeral Rollups on Intel TDX, and Switchboard signs oracle updates inside enclaves. Fastest and most general — but you trust the chip vendor.

The axis that actually matters: auditability

After Tornado Cash was sanctioned (and then delisted in 2025), the Solana privacy ecosystem converged on one design principle: privacy that can be selectively disclosed. Auditor keys in confidential transfers, viewing-key hierarchies in Umbra, compliance-aware design in Privacy Cash — compliant privacy is now the dominant model. Pure, unaccountable mixing is the legally risky outlier, not the default.

How to choose

• Hide a token amount, stay native? Token-2022 confidential transfers.
• Compute on private data (matching, auctions, AI)? Arcium MPC.
• Break the link between sender and receiver? A shielded pool (Privacy Cash / Umbra) — with selective disclosure.
• Confidential, fast, general-purpose compute and willing to trust hardware? A TEE.

The honest read

None of these is "privacy" in the absolute sense — each leaks something (parties, or topology, or trusts a vendor), and each makes a different bet on what you're willing to give up. That's the maturation: Solana privacy in 2026 isn't about hiding everything, it's about hiding the right thing for a given use case while staying auditable enough to survive contact with regulators. The category is still young and the volume is thin, but the building blocks are finally all here.

References

• Arcium · Umbra · Confidential Transfers
• TEEs on Solana · Private payments after Elusiv

Transparency was Solana's default. Selective privacy is becoming its option — and the four approaches above are how you exercise it.