Invisible

Protocol Flow

Step-by-step LP onboarding and Alice swap flow with the TEE coordinator.

LP Onboarding (One-Time)

Step 1 — Remote Attestation

The LP connects to the TEE and requests an attestation report containing the binary measurement (MRENCLAVE for Intel SGX, PCR for AWS Nitro). The LP verifies the measurement matches the approved open-source version.

Step 2 — DKG 2/2 FROST

The LP and TEE run a 2-round FROST Distributed Key Generation. Result: W_lp — a joint wallet whose private key is unknown to anyone.

Step 3 — Durable Nonce Refund

Before delegating, the LP co-signs a pre-built refund transaction using a durable nonce. This refund (W_lp → LP_origin) is valid indefinitely. If the TEE goes down, the LP broadcasts it unilaterally.

Step 4 — Spending Policy

The LP registers constraints: max_per_swap: 5 SOL, total_committed: 20 SOL, payout_deadline: 3 weeks, min_fee: 30 bps.

Step 5 — Fund

LP_origin → W_lp via SystemProgram.transfer. On-chain: a normal SOL transfer.

Step 6 — Delegate and Disconnect

The LP sends share_lp to the TEE. The TEE now holds both shares and can sign autonomously, constrained by the spending policy. LP disconnects.

Alice Swap Request

Step 1 — Remote Attestation

Same as LP: Alice verifies the TEE attestation matches the approved version.

Step 2 — Swap Request

Alice sends: amount (3 SOL), outputs (5), payout window (3 weeks). TEE responds with ACK.

Step 3 — DKG 2/2 FROST

Alice and TEE run DKG. Result: W_alice — the deposit wallet.

Step 4 — Durable Nonce Refund

Alice co-signs refund_alice = W_alice → Alice_origin with a durable nonce. Stored locally.

Step 5 — Deposit

Alice_origin → W_alice (3 SOL + fees) via SystemProgram.transfer.

Step 6 — Delegate and Disconnect

Alice sends share_alice to the TEE. The TEE immediately advances the durable nonce, invalidating Alice's pre-signed refund (prevents double-spend). Alice disconnects.

TEE Orchestration

Matching

Select compatible LP wallets (available amount, fee policy, spending constraints).

CSPRNG Scheduling

Generate random payout schedule: non-uniform amounts, random timing within the 3-week window, temporal jitter.

Fragmented Payouts

At each scheduled slot, 3 transactions:

TXFromToPurpose
PayoutW_lp_NAlice_fresh_NLP wallet to Alice's fresh address
ReimbursementW_aliceLP_refund_addressAlice deposit reimburses the LP
Fee(included)Protocol xPub addressProtocol revenue

Example

DayAmountLP WalletAlice Receives At
20.4 SOLW_lp_1Alice_fresh_1
51.1 SOLW_lp_2Alice_fresh_2
110.3 SOLW_lp_1Alice_fresh_3
160.8 SOLW_lp_4Alice_fresh_4
200.4 SOLW_lp_2Alice_fresh_5

After Day 20: W_alice is fully drained. Swap complete.

On-Chain Footprint

What an on-chain analyst sees — normal SOL transfers, nothing suspicious.

Protocol Overview

Why Invisible exists and what problem it solves.

On this page

LP Onboarding (One-Time)Step 1 — Remote AttestationStep 2 — DKG 2/2 FROSTStep 3 — Durable Nonce RefundStep 4 — Spending PolicyStep 5 — FundStep 6 — Delegate and DisconnectAlice Swap RequestStep 1 — Remote AttestationStep 2 — Swap RequestStep 3 — DKG 2/2 FROSTStep 4 — Durable Nonce RefundStep 5 — DepositStep 6 — Delegate and DisconnectTEE OrchestrationMatchingCSPRNG SchedulingFragmented PayoutsExample