This repository holds the viability experiments for Confidential sBPF on Logos: a way to run confidential Solana programs — Solana logic executed privately on Logos's zero-knowledge virtual machine, over secret inputs that never become public, with the verified result settled back on Solana.
Three experiments test the three things that had to be true for the idea to work. All three passed (the third with one honest, clearly-marked bridge step remaining).
Imagine you want to prove something is true without revealing the underlying secret. "I am over 18" without showing your birthdate. "My bank balance clears the bar" without revealing the balance. "My sealed bid is the highest" without revealing anyone's bid.
Normal blockchains can't do this. On a normal chain, the way everyone agrees a program ran correctly is that everyone re-runs it — which only works if all the inputs are public. The moment an input is secret, no one can re-run it to check, so the secret has to be exposed. That's the wall.
Logos is different: it runs programs inside a zero-knowledge virtual machine that produces a mathematical proof the program ran correctly — so no one has to re-run it, and the secret inputs can stay hidden. This project asks: can we take that power and offer it to the huge world of Solana developers, letting them write familiar Solana programs that operate on secret data, and settle the trusted result back on Solana?
The three experiments answer the three hard questions that stood in the way.
Running Solana bytecode inside a zero-knowledge VM means interpreting it instruction by instruction, which is inherently slower than running it directly. The question: is that slowdown survivable for small, confidential programs?
A minimal Solana-bytecode (sBPF) interpreter was built as a RISC Zero zkVM guest. It ran programs of increasing size, and the zkVM's cycle counter measured the cost. A straight-line fit separated the fixed startup cost from the per- instruction cost. A real proof was then generated and timed.
~314 zkVM cycles per instruction (stable across realistic instruction mixes — memory, branches, arithmetic). A 100-instruction confidential check is ~36,000 cycles — small enough to be a single, cheap proof. A real proof took 9.4 seconds on an unaccelerated laptop, and verified in 12 milliseconds.
It establishes that small confidential programs are economically practical to run this way. It also draws the honest boundary: this is for small, focused confidential checks — not giant programs.
Think of a certified translator reading a document aloud in another language. Translating live is slower than just reading — but for a short, important paragraph (a contract clause, a medical note) the small delay is completely worth it for the guarantee of an accurate, certified rendering. Experiment 1 measured that "small delay" and confirmed it's acceptable for short documents.
Prove the core privacy guarantee: a program can compute over a secret value and reveal only the answer, never the secret — and crucially, the person generating the proof can't lie about the secret.
- Layer 1 (the mechanic): a zkVM guest reads a secret balance as a private input and publishes only a yes/no result. A forensic scan of the public output confirmed the secret was absent. A deliberately-planted "leak" line, when switched on, was caught — proving the test is real.
- Layer 2 (the moat, on real Logos): a minimal Logos program evaluated "balance ≥ threshold" over a shielded account whose balance is cryptographically bound to an on-chain commitment. Real proofs were generated on the live Logos stack. The valid case proved; the false case (balance below threshold) could not be proven at all — you cannot forge a true proof of a false statement.
Both layers passed with real proofs. The secret balance never appeared publicly, the prover could not substitute a fake balance (the commitment binds it), and a false claim was unprovable.
This is the irreplaceable part. Ordinary zero-knowledge tools can prove computation, but they can't guarantee on-chain that the secret input was the real one. Logos's privacy layer — its commitment and shielding machinery — provides exactly that. This is what makes Logos necessary rather than optional.
Picture a sealed envelope with a tamper-proof government seal. A trusted clerk can stamp "the salary inside exceeds $50,000" on the outside of the envelope without opening it. Anyone can trust the stamp. And because the envelope is sealed by the authority, the clerk can't swap in a fake salary figure — the seal binds the stamp to the real contents. Experiment 2 built that sealed envelope: the answer is on the outside, the secret stays sealed inside, and no one can cheat about what's inside.
The confidential work happens on Logos, but the developer's program lives on Solana. Solana must be able to cheaply verify the result and act on it — and the secret must never touch Solana.
- L1 (
L1-solana-verification): a Solana program was built and deployed that verifies a Logos/RISC Zero proof by calling the audited on-chain verifier, then acts on the result. Only the public answer (yes/no + threshold) reaches Solana. - L2 (
L2-groth16-proof): the real verifier stack was confirmed (a known proof verifies, a tampered one is rejected), then a Groth16 proof of our own confidential predicate was generated (on a short-lived x86 cloud machine, because that final compression step needs x86 hardware) and verified through the exact Solana verification logic — with the secret absent from the public data.
The settlement path works end-to-end for a standalone confidential check: our own proof verified via Solana's real verification logic (cost: under 200,000 compute units), secret never exposed. The deeper bridge — making the fully shielded Logos proof from Experiment 2 directly Solana-verifiable — was assessed against the Logos source and found feasible: Logos produces exactly the kind of proof that this final compression and Solana-verification step expects. Completing it is integration work, not unsolved research.
It closes the loop. Confidential execution on Logos becomes actionable on Solana — the largest developer ecosystem in the space — cheaply and without leaking secrets. Logos becomes the confidential-compute layer; Solana stays the settlement layer.
Think of an international notary. A document is notarized abroad (on Logos), where the private work happened. Back home (on Solana), the local office doesn't re-do the work or open the private files — it simply checks the notary's seal against a public registry and accepts the result in seconds. Experiment 3 built and tested that "seal check": Solana confirms the Logos result is genuine and acts on it, fast and cheap, without ever seeing the private contents.
| Experiment | Question | Answer |
|---|---|---|
| 1 | Is confidential Solana logic fast enough to run in a zkVM? | Yes, for small programs (~314 cycles/instruction, seconds to prove) |
| 2 | Can the secret stay hidden and unforgeable on Logos? | Yes — proven on the real Logos stack |
| 3 | Can Solana cheaply verify and act on the result? | Yes for a standalone proof; the fully-shielded bridge is feasible, pending one integration step |
Together they show the full architecture is sound: write a confidential Solana program → run it privately on Logos over secret inputs → prove it → settle the verified result on Solana, with the secret never exposed.
The final, fully-end-to-end demonstration — taking Experiment 2's shielded Logos proof and verifying that exact proof on Solana — has been shown to be reachable from the Logos source (the proof Logos emits sits precisely at the boundary the Solana verifier expects), but the last wrap-and-parse step is integration work that hasn't been run start-to-finish yet. Everything it depends on has already been demonstrated separately.
tuniq-experiments/
├── exp1-sbpf-cycles/ Experiment 1: interpreter speed
├── exp2-private-witness/ Experiment 2: privacy + the moat
│ ├── L1-Privacy-mechanic/ Layer 1: secret stays out of the output
│ └── L2-the-moat/ Layer 2: shielded value on real Logos
├── exp3-solana-verification-groth16/ Experiment 3: Solana settlement
├── L1-solana-verification/ On-chain verifier program
└── L2-groth16-proof/ Groth16 proof + verification tests
├── proof_seal.bin A real Groth16 proof of the predicate
├── journal.bin Its public output (eligible + threshold)
└── image_id.txt The guest program's identity
Each experiment folder contains its own detailed EXPERIMENT-N-RESULTS.md with
exact commands, raw output, and technical specifics.
Most blockchains can't keep secrets, because everyone has to re-check every computation by re-running it. Logos can keep secrets by producing a mathematical proof instead of re-running. This project tested whether we can give that superpower to ordinary Solana developers: write a normal-looking Solana program that works on private data, run it privately on Logos, and let Solana accept the trusted answer without ever seeing the secret. Three experiments confirmed it's fast enough, genuinely private and tamper-proof, and verifiable on Solana — which together make a real product: confidential computing for the Solana ecosystem, powered by the one chain whose privacy makes it possible.