> For the complete documentation index, see [llms.txt](https://docs.hooded.cash/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.hooded.cash/privacy-and-confidential-transfers/confidential-transfers.md).

# Confidential Transfers Explained

HoodedCash's privacy model rests on one core distinction: confidentiality, not anonymity. Addresses stay visible on Robinhood Chain. Amounts do not.

This page walks through the cryptography that makes that possible.

***

## The building block: confidential token contracts

HoodedCash is built on its own confidential token contracts, an encrypted-balance ERC-20 in the Zether lineage. The EVM has no native confidential-transfer primitive, so HoodedCash implements this layer itself, on-chain on Robinhood Chain. It uses two techniques together:

* **ElGamal encryption** to encrypt account balances and transfer amounts homomorphically, meaning the contract can add and subtract encrypted values without ever decrypting them
* **Zero-knowledge range proofs**, checked by an on-chain verifier contract, to prove that an encrypted transfer is valid (the sender has sufficient balance, the amount is non-negative) without revealing what the amount actually is

Put together, the chain can verify a transfer is legitimate and update both parties' encrypted balances correctly, all without learning the amount involved.

***

## What a standard ERC-20 transfer looks like

```
Sender Address [PUBLIC] → Amount [PUBLIC] → Receiver Address [PUBLIC]
```

Anyone with an RPC connection can read the exact amount of every transfer, forever.

***

## What a HoodedCash transfer looks like

```
Sender Address [PUBLIC] → Amount [ENCRYPTED] → Receiver Address [PUBLIC]

Proof: a zero-knowledge proof that the encrypted amount is valid,
       without revealing the amount itself
```

***

## Step by step

1. You initiate a transfer in the HoodedCash app.
2. Your device's Privacy Engine generates a ZK proof locally, using your account's decryption key. The plaintext amount never leaves your device.
3. The encrypted transfer and its proof are submitted to Robinhood Chain as a call to the confidential token contract, with the proof as calldata.
4. The on-chain verifier contract checks the proof in the same transaction and the token contract updates both parties' encrypted balances on-chain, secured ultimately by Ethereum through the rollup's settlement. Addresses remain public. The amount is ciphertext.
5. Only the sender and receiver, using their private decryption keys, can decrypt the amount and see what moved.
6. For compliance, you can generate a selective disclosure proof that reveals a specific transaction's amount to a chosen third party, such as an auditor, without exposing any other transaction. See [Selective Disclosure & Audit Export](/privacy-and-confidential-transfers/selective-disclosure.md).

***

## Why this matters

Public blockchains solved verifiability by making everything visible. That trade-off works for auditors and analysts, but it means anyone can watch your salary, your rent, or your runway in real time. HoodedCash keeps the verifiability, meaning a transfer's validity is still checked by the network and permanently recorded, while removing the surveillance cost.

***

## Performance

ZK proof generation happens client-side, in the browser or the mobile app, using WASM. On modern devices this adds a small, sub-second delay before a transfer is submitted. Low-power devices fall back to a server-assisted proof generation path where the amount is still never transmitted in plaintext; only proof inputs derived client-side are used.

***

## Next

* [Selective Disclosure & Audit Export](/privacy-and-confidential-transfers/selective-disclosure.md)
* [Key Management & Custody](/privacy-and-confidential-transfers/key-management.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.hooded.cash/privacy-and-confidential-transfers/confidential-transfers.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
