Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.inkwell.finance/llms.txt

Use this file to discover all available pages before exploring further.

CONFIDENTIAL & PROPRIETARY © 2026 Inkwell Finance, Inc. All Rights Reserved. This document is for informational purposes only and does not constitute legal, tax, or investment advice, nor an offer to sell or a solicitation to buy any security or other financial instrument. Any examples, structures, or flows described here are design intent only and may change.
Pre-alpha vs production. Pages that describe “the operator holds the session-to-ephemeral-key mapping” describe today’s single-operator implementation. Production Dagon will distribute this custody across an Ika 2PC-MPC dWallet network — no single “operator” entity will hold the mapping, and no unilateral disclosure (lawful or otherwise) will be possible without the network agreeing. The two-party composition described here is strengthened, not weakened, by the migration. See Design Philosophy for the full decentralization roadmap.
Confidential matching means the venue operator can run the matching algorithm without ever seeing plaintext orders. The engine’s inputs are ciphertexts, its internal state is ciphertexts, and its output is a ciphertext clearing price. In production, this is not “trust us” privacy: the operator physically cannot decrypt the orders it processes, because decryption requires a quorum of the threshold-FHE committee. In pre-alpha today, a single operator holds the decryption key, and the mock Encrypt executor operates on plaintext under the same API — see the status section below.

The privacy boundary

The boundary sits between matching and settlement. Everything between order submission and clearing-price emergence is encrypted:
  • User’s order → encrypted client-side into a FHE ciphertext
  • Market maker curves → encrypted ciphertexts
  • Bisection passes over the vector → homomorphic operations on ciphertexts
  • Clearing price p★ → emerges as a ciphertext
  • Fills per lane → updated in ciphertext
At settlement, the vault-balance updates are plaintext Solana transactions — but they describe balance deltas per lane, not individual orders. Which order caused which delta stays encrypted.

What the operator can see

  • That a batch happened.
  • The number of participants in the batch.
  • The aggregate notional volume (via vault-delta sums).
  • The clearing price, eventually (decrypted for settlement).

What the operator cannot see

  • Any individual order’s curve, size, or direction.
  • Which participant’s curve was at which position in the vector.
  • Any user’s identity beyond their session public key.

Why this is load-bearing

A venue that “could decrypt but promises not to” is a legal target: a subpoena forces it to exercise the capability. A venue that structurally cannot decrypt — because the key material is split across parties — can only respond to compelled process by coordinating with the other party. That coordination is the positive compliance claim. See: Two-party composition for the full shape of the identity split.

Pre-alpha status

Today’s devnet uses a mock Encrypt executor. The cryptographic invariants above hold in principle but are not enforced on current bytes — the mock has plaintext access for integration testing, and a single operator holds the decryption key. Mainnet Dagon is gated on three production primitives landing against the same integration contract:
  • Threshold-FHE committee — 5-of-7 committee at launch, polynomial-modulus Boudgoust–Scholl TFHE, targeting sub-200ms decryption on LAN-class hardware.
  • Threshold-PRE federation — 2-of-3 proxy re-encryption federation across dispersed jurisdictions for reveal liveness.
  • Real BBS+ / Coconut credential gate replacing the current stub.
Until those primitives ship, Dagon does not market devnet as delivering FHE privacy today.