Updated Ledger Entries
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

The Confidential Transfers amendment updates two existing ledger entry types to support confidential balances and transfers:

MPTokenIssuance - Adds fields for issuer and auditor public keys, and tracks total confidential supply.
MPToken - Adds fields for holder public keys and encrypted confidential balances.

MPTokenIssuance

In addition to the existing MPTokenIssuance fields, confidential MPTokenIssuance entries support:

Name	JSON Type	Internal Type	Required?	Description
`IssuerEncryptionKey`	String	Blob	No	A 33-byte compressed ElGamal public key for the issuer.
`AuditorEncryptionKey`	String	Blob	No	A 33-byte compressed ElGamal public key for an optional on-chain auditor.
`ConfidentialOutstandingAmount`	Number	UInt64	No	The total amount of this token that is currently held in confidential balances.

In addition to the existing MPTokenIssuance flags, confidential MPTokenIssuance entries support:

Flag Name	Hex Value	Decimal Value	Description
`lsfMPTCanConfidentialAmount`	`0x00000080`	128	If enabled, indicates that confidential transfers and conversions are enabled for this token issuance.
`lsfMPTCannotMutateCanConfidentialAmount`	`0x00040000`	262144	If enabled, the Can Confidential Amount flag cannot be changed after the token is issued, permanently locking the confidentiality setting.

In addition to the existing MPToken fields, confidential MPToken entries support:

Name	JSON Type	Internal Type	Required?	Description
`HolderEncryptionKey`	String	Blob	No	The holder's ElGamal public key for confidential balances. Present when the holder has a confidential balance.
`ConfidentialBalanceInbox`	String	Blob	No	Encrypted inbox balance that receives incoming confidential transfers. Before it can be spent, the holder must merge it into their spending balance using the ConfidentialMPTMergeInbox transaction. Present when the holder has a confidential balance.
`ConfidentialBalanceSpending`	String	Blob	No	Encrypted spending balance used to generate proofs for outgoing transactions. Present when the holder has a confidential balance.
`ConfidentialBalanceVersion`	Number	UInt32	No	Version number that increments each time the spending balance changes. This version is cryptographically bound to ZKPs in outgoing transactions to prevent replay attacks and ensure proof validity. If the version changes between proof generation and submission, the transaction will fail.
`IssuerEncryptedBalance`	String	Blob	No	Copy of the holder's total confidential balance encrypted for the issuer to audit supply. Present when the holder has a confidential balance.
`AuditorEncryptedBalance`	String	Blob	No	The holder's total confidential balance encrypted under the auditor's key for independent auditing. Only present if an auditor is configured.