Website

Privacy Mixer

Privacy Mixer

Multi-layer privacy protocol using shielded pools, stealth addresses, and confidential transactions. Monero-level privacy for Ethereum.

Architecture

Shielded Pool System

Macro uses a continuous shielded balance system, not traditional deposit/withdraw mixing.

How it works:

  • Assets move into encrypted on-chain balances (shielded pool)

  • All transfers within pool are confidential (hidden amounts, addresses, transactions)

  • Withdrawals use stealth addresses via decentralized relayers

  • No public transaction graph

Key components:

Note-based system - Each balance is an encrypted note with hidden amount and owner

Merkle tree - All notes stored in on-chain Merkle tree

Nullifiers - Spent notes marked to prevent double-spending

ZK-SNARKs - Prove valid transactions without revealing details

Confidential Transactions

Amounts hidden using Pedersen commitments and bulletproof range proofs.

Transaction privacy:

  • Sender amount: Hidden

  • Receiver amount: Hidden

  • Transaction balance: Verified cryptographically without revealing values

  • Range proofs: Confirm positive amounts without disclosure

What observers see:

On-chain view:
- Commitment A → Commitment B
- Range proof: ✅ Valid
- Zero amounts visible

Your view:
- Sent: 2.5 ETH
- To: [stealth address]

Stealth Addresses

One-time recipient addresses derived from meta-address. Sender cannot track, only receiver can detect and claim.

Protocol (ERC-5564):

  1. Receiver publishes stealth meta-address

  2. Sender derives ephemeral one-time address

  3. Funds sent to one-time address

  4. Receiver scans chain, detects payment, derives private key

  5. No public link between meta-address and one-time address

Decentralized Relayer Network

Relayers submit withdrawals to prevent IP/timing correlation.

Architecture:

  • 100+ independent relayers (run by $MACRO stakers)

  • Onion routing: Request passes through 3 relayers (entry → middle → exit)

  • Tor integration for IP protection

  • Batched submissions (10-50 withdrawals bundled)

  • Fee paid from shielded balance (no external payment trail)

Privacy guarantees:

  • No single relayer knows origin, destination, and amount

  • Exit relayer submits but cannot correlate with requester

  • Randomized delays prevent timing analysis

Multi-Hop Routing

For enhanced privacy, route through multiple pools across chains.

Enhanced unshield:

User balance (Ethereum Pool) → 
Arbitrum Pool (cross-chain bridge) → 
Polygon Pool → 
Unshield via relayer → 
Stealth address

Each hop adds entropy and breaks correlation.

How to Use

Shield Assets

Access: Wallet Panel → Privacy Layer

Select asset and amount:

  • Supported: ETH, USDC, USDT, DAI, WBTC

  • No minimum (confidential amounts)

  • Fee: 0.1%

Transaction:

Funds move to shielded pool. Balance encrypted on-chain, visible only to you.

Manage Shielded Balance

Available actions:

  • Send - Transfer to stealth addresses (private)

  • Swap - Exchange assets within pool (confidential)

  • Unshield - Exit to public address

Unshield Options

Standard (2-5 min):

  • Direct unshield

  • Good privacy

  • Fee: 0.3%

Enhanced (30-60 min):

  • Multi-hop routing (3 pools)

  • Decentralized relayer submission

  • Stealth address

  • Fee: 0.5%

Ultra (1-6 hours):

  • Cross-chain multi-hop

  • 5+ relayer hops

  • Batched with others

  • Random delays

  • Fee: 0.8%

Claim from Stealth Address

Final step: Claim funds from stealth address to your destination.

Best practices:

  • Use fresh address

  • Wait before exchange deposits

  • Enable VPN

  • Maintain operational security

Technical Details

Smart Contract Architecture

contract MacroShieldedPool {
  mapping(bytes32 => bool) public nullifiers;
  uint256 public merkleRoot;
  
  function shield(uint256 amount) external;
  function transact(bytes zkProof, bytes publicInputs) external;
  function unshield(bytes zkProof, address recipient) external;
}

ZK Proof System

Inputs:

  • Public: Nullifiers, commitments, Merkle root

  • Private: Amounts, addresses, keys

Proof: Valid transaction with balanced inputs/outputs

Verification: On-chain verification (~300k gas)

Cryptographic Primitives

Pedersen commitments:

C = amount * G + blinding * H

Range proofs: Bulletproofs (~700 bytes)

Stealth addresses: Elliptic curve Diffie-Hellman

ZK circuits: Groth16 SNARKs

Security

Threat Model

Protected against:

  • Chain analysis (Chainalysis, Elliptic)

  • Timing analysis

  • Amount correlation

  • IP tracking

  • Graph analysis

  • Statistical attacks

Not protected against:

  • User operational errors

  • Compromised devices

  • Legal key disclosure

Audits

  • Trail of Bits (smart contracts)

  • OpenZeppelin (smart contracts)

  • ABDK (ZK circuits)

  • Sigma Prime (ZK circuits)

Bug bounty: $500k

Privacy Comparison

Feature
Tornado Cash
Aztec
Monero
Macro

Shielded balances

Confidential amounts

Stealth addresses

Decentralized relayers

N/A

Multi-chain routing

Limited

Browser integration

Fees

  • Shield: 0.1%

  • Internal transfer: 0.05%

  • Unshield (standard): 0.3%

  • Unshield (enhanced): 0.5%

  • Unshield (ultra): 0.8%

Plus gas fees (200k-350k gas depending on operation).

Fee distribution:

  • 60% to relayer operators

  • 20% to liquidity providers

  • 20% to protocol treasury

Legal Considerations

Privacy tools are legal in most jurisdictions. Users responsible for compliance with local laws. Some exchanges flag shielded deposits.

Macro's position: Privacy is a right. The mixer is designed for legitimate financial privacy, not illegal activity.

One line: Shielded pool with confidential transactions, stealth addresses, and decentralized relayers. Monero-level privacy for Ethereum.

PreviousSigning Sandbox IntegrationNextOverview

Last updated