How it works

Unshielding

Unshielding is a spend where one of the output notes is replaced by a public withdrawal. You specify a recipient address; the contract releases the tokens to that address. The nullifier is recorded on-chain, preventing double-spend.

Privacy guarantee

No on-chain data links the original deposit (shield transaction) to the withdrawal. The observable facts are: some tokens left the pool, a nullifier was consumed, and tokens arrived at a recipient address. That is all.

typescript

await sdk.unshield(
  "0xA0b8...eB48",   // ERC-20 token address
  500_000n,           // amount in base units (e.g. 0.5 USDC with 6 decimals)
  "0xRecipient..."   // any Ethereum address
);

⚠

The recipient address you supply is public. If you withdraw to an address tied to your real-world identity, that identity can be linked to the withdrawal (but not to the original deposit).

←Private transfers

Merkle note system→