spl_token_2022::extension::confidential_transfer::instruction

Enum ConfidentialTransferInstruction

Source 
#[repr(u8)]
pub enum ConfidentialTransferInstruction {

Show 15 variants    InitializeMint = 0,
    UpdateMint = 1,
    ConfigureAccount = 2,
    ApproveAccount = 3,
    EmptyAccount = 4,
    Deposit = 5,
    Withdraw = 6,
    Transfer = 7,
    ApplyPendingBalance = 8,
    EnableConfidentialCredits = 9,
    DisableConfidentialCredits = 10,
    EnableNonConfidentialCredits = 11,
    DisableNonConfidentialCredits = 12,
    TransferWithFee = 13,
    ConfigureAccountWithRegistry = 14,

}
Expand description

Confidential Transfer extension instructions

Variants§

§

InitializeMint = 0

Initializes confidential transfers for a mint.

The ConfidentialTransferInstruction::InitializeMint instruction requires no signers and MUST be included within the same Transaction as TokenInstruction::InitializeMint. Otherwise another party can initialize the configuration.

The instruction fails if the TokenInstruction::InitializeMint instruction has already executed for the mint.

Accounts expected by this instruction:

  1. [writable] The SPL Token mint.

Data expected by this instruction: InitializeMintData

§

UpdateMint = 1

Updates the confidential transfer mint configuration for a mint.

Use TokenInstruction::SetAuthority to update the confidential transfer mint authority.

Accounts expected by this instruction:

  1. [writable] The SPL Token mint.
  2. [signer] Confidential transfer mint authority.

Data expected by this instruction: UpdateMintData

§

ConfigureAccount = 2

Configures confidential transfers for a token account.

The instruction fails if the confidential transfers are already configured, or if the mint was not initialized with confidential transfer support.

The instruction fails if the TokenInstruction::InitializeAccount instruction has not yet successfully executed for the token account.

Upon success, confidential and non-confidential deposits and transfers are enabled. Use the DisableConfidentialCredits and DisableNonConfidentialCredits instructions to disable.

In order for this instruction to be successfully processed, it must be accompanied by the VerifyPubkeyValidity instruction of the zk_elgamal_proof program in the same transaction or the address of a context state account for the proof must be provided.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writeable] The SPL Token account.
  2. [] The corresponding SPL Token mint.
  3. [] Instructions sysvar if VerifyPubkeyValidity is included in the same transaction or context state account if VerifyPubkeyValidity is pre-verified into a context state account.
  4. [] (Optional) Record account if the accompanying proof is to be read from a record account.
  5. [signer] The single source account owner.
  • Multisignature owner/delegate
  1. [writeable] The SPL Token account.
  2. [] The corresponding SPL Token mint.
  3. [] Instructions sysvar if VerifyPubkeyValidity is included in the same transaction or context state account if VerifyPubkeyValidity is pre-verified into a context state account.
  4. [] (Optional) Record account if the accompanying proof is to be read from a record account.
  5. [] The multisig source account owner.
  6. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: ConfigureAccountInstructionData

§

ApproveAccount = 3

Approves a token account for confidential transfers.

Approval is only required when the ConfidentialTransferMint::approve_new_accounts field is set in the SPL Token mint. This instruction must be executed after the account owner configures their account for confidential transfers with ConfidentialTransferInstruction::ConfigureAccount.

Accounts expected by this instruction:

  1. [writable] The SPL Token account to approve.
  2. [] The SPL Token mint.
  3. [signer] Confidential transfer mint authority.

Data expected by this instruction: None

§

EmptyAccount = 4

Empty the available balance in a confidential token account.

A token account that is extended for confidential transfers can only be closed if the pending and available balance ciphertexts are emptied. The pending balance can be emptied via the ConfidentialTransferInstruction::ApplyPendingBalance instruction. Use the ConfidentialTransferInstruction::EmptyAccount instruction to empty the available balance ciphertext.

Note that a newly configured account is always empty, so this instruction is not required prior to account closing if no instructions beyond ConfidentialTransferInstruction::ConfigureAccount have affected the token account.

In order for this instruction to be successfully processed, it must be accompanied by the VerifyZeroCiphertext instruction of the zk_elgamal_proof program in the same transaction or the address of a context state account for the proof must be provided.

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [] Instructions sysvar if VerifyZeroCiphertext is included in the same transaction or context state account if VerifyZeroCiphertext is pre-verified into a context state account.
  3. [] (Optional) Record account if the accompanying proof is to be read from a record account.
  4. [signer] The single account owner.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] Instructions sysvar if VerifyZeroCiphertext is included in the same transaction or context state account if VerifyZeroCiphertext is pre-verified into a context state account.
  3. [] (Optional) Record account if the accompanying proof is to be read from a record account.
  4. [] The multisig account owner.
  5. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: EmptyAccountInstructionData

§

Deposit = 5

Deposit SPL Tokens into the pending balance of a confidential token account.

The account owner can then invoke the ApplyPendingBalance instruction to roll the deposit into their available balance at a time of their choosing.

Fails if the source or destination accounts are frozen. Fails if the associated mint is extended as NonTransferable. Fails if the associated mint is extended as ConfidentialMintBurn.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [] The token mint.
  3. [signer] The single account owner or delegate.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] The token mint.
  3. [] The multisig account owner or delegate.
  4. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: DepositInstructionData

§

Withdraw = 6

Withdraw SPL Tokens from the available balance of a confidential token account.

In order for this instruction to be successfully processed, it must be accompanied by the following list of zk_elgamal_proof program instructions:

  • VerifyCiphertextCommitmentEquality
  • VerifyBatchedRangeProofU64

These instructions can be accompanied in the same transaction or can be pre-verified into a context state account, in which case, only their context state account address need to be provided.

Fails if the source or destination accounts are frozen. Fails if the associated mint is extended as NonTransferable. Fails if the associated mint is extended as ConfidentialMintBurn.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [] The token mint.
  3. [] (Optional) Instructions sysvar if at least one of the zk_elgamal_proof instructions are included in the same transaction.
  4. [] (Optional) Equality proof record account or context state account.
  5. [] (Optional) Range proof record account or context state account.
  6. [signer] The single source account owner.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] The token mint.
  3. [] (Optional) Instructions sysvar if at least one of the zk_elgamal_proof instructions are included in the same transaction.
  4. [] (Optional) Equality proof record account or context state account.
  5. [] (Optional) Range proof record account or context state account.
  6. [] The multisig source account owner.
  7. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: WithdrawInstructionData

§

Transfer = 7

Transfer tokens confidentially.

In order for this instruction to be successfully processed, it must be accompanied by the following list of zk_elgamal_proof program instructions:

  • VerifyCiphertextCommitmentEquality
  • VerifyBatchedGroupedCiphertext3HandlesValidity
  • VerifyBatchedRangeProofU128

These instructions can be accompanied in the same transaction or can be pre-verified into a context state account, in which case, only their context state account addresses need to be provided.

Fails if the associated mint is extended as NonTransferable.

  • Single owner/delegate
  1. [writable] The source SPL Token account.
  2. [] The token mint.
  3. [writable] The destination SPL Token account.
  4. [] (Optional) Instructions sysvar if at least one of the zk_elgamal_proof instructions are included in the same transaction.
  5. [] (Optional) Equality proof record account or context state account.
  6. [] (Optional) Ciphertext validity proof record account or context state account.
  7. [] (Optional) Range proof record account or context state account.
  8. [signer] The single source account owner.
  • Multisignature owner/delegate
  1. [writable] The source SPL Token account.
  2. [] The token mint.
  3. [writable] The destination SPL Token account.
  4. [] (Optional) Instructions sysvar if at least one of the zk_elgamal_proof instructions are included in the same transaction.
  5. [] (Optional) Equality proof record account or context state account.
  6. [] (Optional) Ciphertext validity proof record account or context state account.
  7. [] (Optional) Range proof record account or context state account.
  8. [] The multisig source account owner.
  9. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: TransferInstructionData

§

ApplyPendingBalance = 8

Applies the pending balance to the available balance, based on the history of Deposit and/or Transfer instructions.

After submitting ApplyPendingBalance, the client should compare ConfidentialTransferAccount::expected_pending_balance_credit_counter with ConfidentialTransferAccount::actual_applied_pending_balance_instructions. If they are equal then the ConfidentialTransferAccount::decryptable_available_balance is consistent with ConfidentialTransferAccount::available_balance. If they differ then there is more pending balance to be applied.

Account expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [signer] The single account owner.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] The multisig account owner.
  3. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: ApplyPendingBalanceData

§

EnableConfidentialCredits = 9

Configure a confidential extension account to accept incoming confidential transfers.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [signer] Single authority.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] Multisig authority.
  3. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: None

§

DisableConfidentialCredits = 10

Configure a confidential extension account to reject any incoming confidential transfers.

If the allow_non_confidential_credits field is true, then the base account can still receive non-confidential transfers.

This instruction can be used to disable confidential payments after a token account has already been extended for confidential transfers.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [signer] The single account owner.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] The multisig account owner.
  3. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: None

§

EnableNonConfidentialCredits = 11

Configure an account with the confidential extension to accept incoming non-confidential transfers.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [signer] The single account owner.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] The multisig account owner.
  3. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: None

§

DisableNonConfidentialCredits = 12

Configure an account with the confidential extension to reject any incoming non-confidential transfers.

This instruction can be used to configure a confidential extension account to exclusively receive confidential payments.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [signer] The single account owner.
  • Multisignature owner/delegate
  1. [writable] The SPL Token account.
  2. [] The multisig account owner.
  3. .. [signer] Required M signer accounts for the SPL Token Multisig account.

Data expected by this instruction: None

§

TransferWithFee = 13

Transfer tokens confidentially with fee.

In order for this instruction to be successfully processed, it must be accompanied by the following list of zk_elgamal_proof program instructions:

  • VerifyCiphertextCommitmentEquality
  • VerifyBatchedGroupedCiphertext3HandlesValidity (transfer amount ciphertext)
  • VerifyPercentageWithFee
  • VerifyBatchedGroupedCiphertext2HandlesValidity (fee ciphertext)
  • VerifyBatchedRangeProofU256

These instructions can be accompanied in the same transaction or can be pre-verified into a context state account, in which case, only their context state account addresses need to be provided.

The same restrictions for the Transfer applies to TransferWithFee. Namely, the instruction fails if the associated mint is extended as NonTransferable.

  • Transfer without fee
  1. [writable] The source SPL Token account.
  2. [] The token mint.
  3. [writable] The destination SPL Token account.
  4. [] (Optional) Instructions sysvar if at least one of the zk_elgamal_proof instructions are included in the same transaction.
  5. [] (Optional) Equality proof record account or context state account.
  6. [] (Optional) Transfer amount ciphertext validity proof record account or context state account.
  7. [] (Optional) Fee sigma proof record account or context state account.
  8. [] (Optional) Fee ciphertext validity proof record account or context state account.
  9. [] (Optional) Range proof record account or context state account.
  10. [signer] The source account owner.
  • Transfer with fee
  1. [writable] The source SPL Token account.
  2. [] The token mint.
  3. [writable] The destination SPL Token account.
  4. [] (Optional) Instructions sysvar if at least one of the zk_elgamal_proof instructions are included in the same transaction.
  5. [] (Optional) Equality proof record account or context state account.
  6. [] (Optional) Transfer amount ciphertext validity proof record account or context state account.
  7. [] (Optional) Fee sigma proof record account or context state account.
  8. [] (Optional) Fee ciphertext validity proof record account or context state account.
  9. [] (Optional) Range proof record account or context state account.
  10. [] The multisig source account owner.
  11. .. [signer] Required M signer accounts for the SPL Token Multisig

Data expected by this instruction: TransferWithFeeInstructionData

§

ConfigureAccountWithRegistry = 14

Configures confidential transfers for a token account.

This instruction is identical to the ConfigureAccount account except that a valid ElGamalRegistry account is expected in place of the VerifyPubkeyValidity proof.

An ElGamalRegistry account is valid if it shares the same owner with the token account. If a valid ElGamalRegistry account is provided, then the program skips the verification of the ElGamal pubkey validity proof as well as the token owner signature.

If the token account is not large enough to include the new cconfidential transfer extension, then optionally reallocate the account to increase the data size. To reallocate, a payer account to fund the reallocation and the system account should be included in the instruction.

Accounts expected by this instruction:

  • Single owner/delegate
  1. [writable] The SPL Token account.
  2. [] The corresponding SPL Token mint.
  3. [] The ElGamal registry account.
  4. [signer, writable] (Optional) The payer account to fund reallocation
  5. [] (Optional) System program for reallocation funding

Data expected by this instruction: None

Trait Implementations§

Source§

impl Clone for ConfidentialTransferInstruction

Source§

fn clone(&self) -> ConfidentialTransferInstruction

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ConfidentialTransferInstruction

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<ConfidentialTransferInstruction> for u8

Source§

fn from(enum_value: ConfidentialTransferInstruction) -> Self

Converts to this type from the input type.
Source§

impl TryFrom<u8> for ConfidentialTransferInstruction

Source§

type Error = TryFromPrimitiveError<ConfidentialTransferInstruction>

The type returned in the event of a conversion error.
Source§

fn try_from(number: u8) -> Result<Self, TryFromPrimitiveError<Self>>

Performs the conversion.
Source§

impl TryFromPrimitive for ConfidentialTransferInstruction

Source§

const NAME: &'static str = "ConfidentialTransferInstruction"

Source§

type Primitive = u8

Source§

type Error = TryFromPrimitiveError<ConfidentialTransferInstruction>

Source§

fn try_from_primitive( number: Self::Primitive, ) -> Result<Self, TryFromPrimitiveError<Self>>

Source§

impl Copy for ConfidentialTransferInstruction

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V