Key Highlights
- Stellar launched Confidential Tokens for SEP-41 compliant assets.
- The feature hides balances and transfer amounts, not wallet addresses.
- OpenZeppelin and Nethermind collaborated on the privacy solution.
Stellar, a decentralized public blockchain, has introduced Confidential Tokens, a new privacy feature designed to bring selective confidentiality to its ecosystem. Developed in collaboration with OpenZeppelin and Nethermind, the solution adds private balances and transfer amounts to any SEP-41 compliant token while maintaining transparency at the address level.
In a detailed X post on Tuesday, the team said that the launch marks an important step in balancing privacy with compliance on a public blockchain. Unlike fully anonymous systems, confidential tokens are scoped to hide only balances and transfer amounts.
Sender and recipient addresses remain visible, making the feature suitable for real-world business applications such as treasury management, payroll processing, and institutional settlement, where counterparties are known but transaction details need protection.
“Confidential, not anonymous,” the team emphasized. This design aims to support compliance-oriented workflows rather than complete transaction obfuscation.
How Confidential Tokens work
At its core, Confidential Tokens function as a wrapper contract around existing SEP-41 tokens, including USDC issued via the Stellar Asset Contract or other native tokens. Users deposit tokens into the wrapper, where balances are represented as Pedersen commitments, cryptographic constructs that hide values while allowing the network to verify transactions.
Transfers occur privately inside the wrapper, and users can withdraw back to the standard SEP-41 token at any time. This wrapper approach provides strong security isolation. The privacy logic exists entirely at the application layer, meaning any potential vulnerability would be contained to tokens within that specific wrapper and would not impact the underlying asset or the broader Stellar network.
Proofs are implemented in Noir and verified onchain using Nethermind’s UltraHonk verifier, leveraging cryptographic improvements from Protocol 25 (X-Ray).
What it brings to users
The preview release includes several compliance-focused primitives:
- Auditor view key — Allows a designated auditor to inspect balances and transaction amounts.
- Selective disclosure — Users can prove specific transactions to chosen parties without revealing their full activity.
- Account-level freezing — Integrates with existing Stellar Asset Contract controls.
- Configurable compliance policy engine — Supports allow-lists, block-lists, and identity-based policies.
The base ledger remains fully open and auditable, preserving Stellar’s core transparency principles while layering privacy where needed.
Developers can begin experimenting
Developers can already experiment with Confidential Tokens on the Stellar Testnet. A browser-based demo powered by the Freighter wallet allows users to test the full flow, including roles for account holders, disclosure receivers, and auditors. Open-source code and detailed documentation are available for those looking to integrate or build upon the contracts.
A developer preview session is scheduled for Thursday, July 2, at 4:00 PM UTC, featuring Alessandro Voto (senior PM at Stellar) and Boyan Barakov (senior OSS developer at OpenZeppelin). The webinar will dive into architecture, design decisions, and the broader importance of privacy advancements on Stellar.
The Stellar team has also invited design partners and contributions from the developer community, particularly those involved in compliance-focused projects or recent hackathons. Feedback during the testnet phase will help refine the feature before wider deployment.
Stellar prepares for post-quantum era
In a separate development, Stellar announced a comprehensive Quantum Preparedness Plan (QPP) on June 9. The initiative outlines a structured migration to quantum-safe cryptography to protect the network against future threats from advanced quantum computers capable of breaking current elliptic curve algorithms like Ed25519.
The plan enables every Stellar account to support quantum-resistant signatures while preserving existing addresses and transaction history. By the end of 2027, users will be able to add quantum-safe signers via a native protocol upgrade.
Potential limitations of Confidential Tokens
While Stellar’s Confidential Tokens introduce selective privacy, the implementation has some limitations. By keeping sender and recipient addresses fully visible, the feature offers only partial confidentiality, which may fall short for users seeking stronger anonymity in sensitive transactions.
The wrapper-based architecture, while secure in isolation, adds complexity and potential points of failure or smart contract risks that could deter conservative institutions. Compliance tools like auditor keys and freezing mechanisms, though useful for regulation, may undermine the decentralized ethos many blockchain users value.
Furthermore, the implementation relies on relatively new cryptographic components, including UltraHonk, that remain in the testnet phase. Their performance and security under production conditions have yet to be established.
Also Read: Anchorage Digital, Binance Launch Off-Exchange Settlement for Institutions
