Three-move interactive proof (commit, challenge, response) proving knowledge of a secret without revealing it. Used in Solana's confidential transfers: the sender proves they have sufficient balance and the transfer is valid without revealing amounts. Can be made non-interactive via Fiat-Shamir heuristic.
Start with the shortest useful explanation before going deeper.
Three-move interactive proof (commit, challenge, response) proving knowledge of a secret without revealing it. Used in Solana's confidential transfers: the sender proves they have sufficient balance and the transfer is valid without revealing amounts. Can be made non-interactive via Fiat-Shamir heuristic.
Use the quick analogy first so the term is easier to reason about when you meet it in code, docs, or prompts.
Think of it as part of the chain machinery that keeps ordering, execution, or consensus moving.
Place the term inside its Solana layer so the definition is easier to reason about.
Consensus, leader rotation, slots, epochs, and the runtime.
Turn the term from vocabulary into something operational for product and engineering work.
This term unlocks adjacent concepts quickly, so it works best when you treat it as a junction instead of an isolated definition.
Use this compact block when you want to give an agent or assistant grounded context without dumping the entire page.
Sigma Protocol (sigma-protocol) Category: Core Protocol Definition: Three-move interactive proof (commit, challenge, response) proving knowledge of a secret without revealing it. Used in Solana's confidential transfers: the sender proves they have sufficient balance and the transfer is valid without revealing amounts. Can be made non-interactive via Fiat-Shamir heuristic. Aliases: Zero-Knowledge Proof Protocol Related: Zero-Knowledge Proofs (ZKP), ElGamal Encryption, Groth16
Use glossary context, relationships, mental models, and builder paths to get structured answers instead of generic chat output.
Optional: paste Anchor, Solana, or Rust code so the Copilot can map primitives back to glossary terms.
The Copilot will answer using the current term, related concepts, mental models, and the surrounding glossary graph.
These branches show which concepts this term touches directly and what sits one layer beyond them.
A zero-knowledge proof is a cryptographic protocol by which a prover convinces a verifier that a statement is true — for example, that a state transition is valid — without revealing any information beyond the truth of the statement itself, satisfying the properties of completeness, soundness, and zero-knowledge. In Solana's ecosystem, ZKPs are used by ZK Compression (via Groth16 SNARKs) to prove correct state transitions for compressed accounts without storing full account state on-chain, and by the Token-2022 Confidential Transfers extension (via ElGamal encryption and range proofs) to prove token balances are non-negative without revealing the actual amounts. Solana's BPF VM exposes the alt_bn128 elliptic curve syscall to make on-chain Groth16 proof verification computationally feasible within the 1.4M compute unit budget.
ElGamal encryption is a public-key cryptosystem based on the Diffie-Hellman problem over an elliptic curve group, providing additive homomorphism — meaning the encryption of a sum of values equals the product of their individual ciphertexts — which makes it suitable for confidential token balance accounting where balances can be updated without decrypting them. On Solana, the Token-2022 Confidential Transfers extension uses Twisted ElGamal encryption over the Ristretto255 curve to encrypt token balances in token accounts, so transfers update encrypted balances homomorphically while zero-knowledge range proofs (proving a balance is non-negative and a transfer amount is within bounds) prevent overdrafts without revealing any amounts. Each confidential token account stores a pending encrypted incoming balance and an available encrypted balance, and the account owner uses their ElGamal private key to decrypt and rotate balances via ZK-proof-accompanied instructions.
Groth16 is a highly efficient zk-SNARK proving system introduced by Jens Groth in 2016 that produces constant-size proofs (128 bytes: two G1 points and one G2 point on a pairing-friendly elliptic curve) with constant-time verification regardless of circuit complexity, making it the preferred proof system for on-chain verification where calldata and compute costs are constrained. Light Protocol uses Groth16 proofs over the BN254 curve (known as alt_bn128 in Ethereum tooling) to verify compressed account state transitions on Solana, leveraging the native alt_bn128 pairing and point-addition syscalls added to the SVM to keep verification within the per-transaction compute unit limit. The trade-off is that Groth16 requires a trusted setup ceremony per circuit, producing a structured reference string (SRS) whose security relies on participants honestly discarding their toxic waste.
These are the next concepts worth opening if you want this term to make more sense inside a real Solana workflow.
These entries are easy to mix up when you are reading quickly, prompting an LLM, or onboarding into a new layer of Solana.
A native Solana program (address: KeccakSecp256k11111111111111111111111111111) that verifies secp256k1 ECDSA signatures on-chain, enabling Ethereum-compatible signature verification within Solana programs. This precompile allows Solana dApps to verify signatures produced by Ethereum wallets (MetaMask, etc.), facilitating cross-chain identity verification, bridging, and interoperability without requiring users to create Solana-native keypairs.
A clock mechanism that cryptographically proves the passage of time between events. PoH uses a sequential SHA-256 hash chain where each output becomes the next input, creating a verifiable ordering of events without requiring consensus. The leader produces ~400,000 hashes per slot (~400ms), and any validator can verify the sequence in parallel, enabling Solana's high throughput by removing the need for validators to agree on time.
Glossary entries become useful when they are connected. These links are the shortest path to adjacent ideas.
A zero-knowledge proof is a cryptographic protocol by which a prover convinces a verifier that a statement is true — for example, that a state transition is valid — without revealing any information beyond the truth of the statement itself, satisfying the properties of completeness, soundness, and zero-knowledge. In Solana's ecosystem, ZKPs are used by ZK Compression (via Groth16 SNARKs) to prove correct state transitions for compressed accounts without storing full account state on-chain, and by the Token-2022 Confidential Transfers extension (via ElGamal encryption and range proofs) to prove token balances are non-negative without revealing the actual amounts. Solana's BPF VM exposes the alt_bn128 elliptic curve syscall to make on-chain Groth16 proof verification computationally feasible within the 1.4M compute unit budget.
ElGamal encryption is a public-key cryptosystem based on the Diffie-Hellman problem over an elliptic curve group, providing additive homomorphism — meaning the encryption of a sum of values equals the product of their individual ciphertexts — which makes it suitable for confidential token balance accounting where balances can be updated without decrypting them. On Solana, the Token-2022 Confidential Transfers extension uses Twisted ElGamal encryption over the Ristretto255 curve to encrypt token balances in token accounts, so transfers update encrypted balances homomorphically while zero-knowledge range proofs (proving a balance is non-negative and a transfer amount is within bounds) prevent overdrafts without revealing any amounts. Each confidential token account stores a pending encrypted incoming balance and an available encrypted balance, and the account owner uses their ElGamal private key to decrypt and rotate balances via ZK-proof-accompanied instructions.
Groth16 is a highly efficient zk-SNARK proving system introduced by Jens Groth in 2016 that produces constant-size proofs (128 bytes: two G1 points and one G2 point on a pairing-friendly elliptic curve) with constant-time verification regardless of circuit complexity, making it the preferred proof system for on-chain verification where calldata and compute costs are constrained. Light Protocol uses Groth16 proofs over the BN254 curve (known as alt_bn128 in Ethereum tooling) to verify compressed account state transitions on Solana, leveraging the native alt_bn128 pairing and point-addition syscalls added to the SVM to keep verification within the per-transaction compute unit limit. The trade-off is that Groth16 requires a trusted setup ceremony per circuit, producing a structured reference string (SRS) whose security relies on participants honestly discarding their toxic waste.
These entries live beside the current term and help the page feel like part of a larger knowledge graph instead of a dead end.
A clock mechanism that cryptographically proves the passage of time between events. PoH uses a sequential SHA-256 hash chain where each output becomes the next input, creating a verifiable ordering of events without requiring consensus. The leader produces ~400,000 hashes per slot (~400ms), and any validator can verify the sequence in parallel, enabling Solana's high throughput by removing the need for validators to agree on time.
Solana's custom BFT consensus algorithm built on top of Proof of History. Tower BFT uses PoH as a clock to reduce communication overhead in traditional PBFT from O(n²) to O(n). Validators vote on forks with exponentially increasing lockout periods—each consecutive vote doubles the lockout, making rollbacks progressively more expensive. A fork is finalized when it reaches supermajority (66.7%+ of stake).
A time window during which a designated leader validator can produce a block. Each slot lasts approximately 400 milliseconds. Slots are numbered sequentially from genesis and grouped into epochs of 432,000 slots (~2-3 days). Not every slot produces a block—a skipped slot means the leader was offline or too slow.
A set of entries produced by a leader during a single slot. A block contains transactions bundled into entries, each with a PoH hash proving ordering. Blocks are broken into shreds for network propagation via Turbine. Maximum block size is limited by compute units (48M CU cap per block) rather than byte size.