Viewing Keys and Compliance - Cloak Documentation

v1 model
Registration lifecycle
Enforcement and UX behavior
Chain-native scanner behavior
Trust model

v1 model

Users derive viewing material client-side (nk) and keep private keys local.
Transactions include compact encrypted chain notes.
History scanning decrypts chain data with nk and verifies integrity from public inputs.
Apps can cache encrypted history snapshots and trigger explicit rescan when needed.

Registration lifecycle

Wallet signs a fixed Cloak sign-in challenge.
SDK submits the signed viewing-key registration.
Signature ownership is verified and the viewing key is bound to the wallet identity.

Enforcement and UX behavior

SDK transaction flows enforce viewing-key registration by default.
Apps can reuse wallet sign-in sessions to avoid repeated prompts.
If registration is missing, history/compliance views should prompt users to register and retry.

Chain-native scanner behavior

scanTransactions reads Cloak program transactions from RPC.
Scanner extracts compact chain-note envelopes from transaction data.
Decrypts using nk and verifies chainNoteHash integrity.
Produces per-transaction gross, fee, net, and running balance.

Trust model

Compliance services can only process history for keys users have registered.
Scanner-based discovery remains chain-native — history is reconstructed directly from on-chain data using the viewing key.
Clients should never log raw viewing keys or full decrypted note payloads.

Transaction Flows Quickstart