HESTIAdocs

Privacy by default

The principles behind Hestia — privacy as a default, compliance without a backdoor, and trust minimization.

Hestia starts from a conviction: on a public ledger, privacy has to be the default, not a feature you opt into. A balance that is visible is a balance that can be front-run, profiled, censored, or used to reconstruct an agent's strategy. As autonomous agents begin to transact at machine speed, a transparent mempool stops being an inconvenience and becomes an attack surface.

But privacy that ignores compliance is a dead end — it gets sanctioned, delisted, and abandoned. So Hestia is built around four principles that have to hold together.

1 · Privacy is the default state

Inside the pool, amounts, balances, and links between sender and receiver are hidden by construction. There is no "private mode" to remember to switch on. The only things that ever become public are the things that must be — a deposit's gross amount, a withdrawal's destination and amount — and even those are unlinkable to the rest of an agent's activity.

2 · Compliance without a backdoor

The hard part of private money is staying legitimate without handing someone a master key. Hestia uses the Privacy Pools model: instead of one anonymity set for everyone, each spend proves — in zero knowledge — that its funds descend from a deposit in an approved association set. Honest users prove membership in a clean set; they are never forced to share an anonymity pool with provably illicit funds, and no operator can deanonymize them to achieve that separation.

Disclosure, when it is needed, is consent-based and selective: the owner of funds can export a viewing key that reveals their own history to a chosen auditor — and nothing else, about no one else.

3 · The agent's secrets never leave the device

Proving happens where the keys are. The SDK builds the witness — notes, amounts, secret key — and generates the Groth16 proof client-side. The relayer and indexer only ever see what is already public on-chain: commitments, nullifiers, and ciphertexts they cannot read. There is no server that can be subpoenaed for your plaintext, because no server ever has it.

4 · Trust minimization end to end

  • The chain is the source of truth. The indexer is a cache that can be rebuilt by re-scanning events; it holds no authority.
  • The relayer cannot cheat. Recipient, amount, and fee are bound into the proof, so a relayer can only submit your transaction faithfully or not at all — it can never redirect or skim it.
  • You can self-host every off-chain component, or run the SDK with no backend at all.

What this is not

Hestia is not a mixer that maximizes anonymity at any cost, and it is not a surveillance tool with a hidden key. It is a pool where good actors can prove they are good actors, privately — and where being private and being compliant are the same act, not opposing ones.

The rest of these docs show how those principles become code: the shielded pool and notes, the association sets that carry compliance, and the viewing keys that make disclosure a choice.