.jpg)
Private Ephemeral Rollups: Real-time, compliant privacy for Solana apps
Privacy is still one of the biggest fundamental missing properties for mainstream blockchain adoption.
Solana provides speed and verifiability, but exposes everything by default. Every program call, account, and state transition is visible. That transparency is powerful for verifiability, but it means sensitive business data (transaction volumes, treasury movements, customer relationships, execution patterns…, etc) can be observed in real time. For stablecoin issuers, payment processors, and enterprises, that level of visibility is often an operational risk or a blocker.
Many privacy approaches have pushed the field forward, but each introduces tradeoffs that are hard to accept for real-time financial workflows. Zero-knowledge systems are powerful for verification, but complex to engineer for general-purpose, low-latency execution. Fully homomorphic encryption remains too slow for practical payment throughput. Multi-party computation adds coordination and latency overhead.
MagicBlock’s Private Ephemeral Rollups (PERs) take a different approach: by combining Intel's Trust Domain Extensions (TDX) with MagicBlock's Ephemeral Rollup technology, developers can run sensitive logic in a hardware-secured environment while retaining Solana's composability and real-time performance.
This article explains how Private ERs work, the authorization model, compliance safeguards, and practical use cases.
How PERs work
A Trusted Execution Environment acts as a physical vault inside a CPU. Normally, when you run a program, the operating system can see and influence everything: the code, the state, and the memory. A TEE creates a hardware-secured enclave that physically prevents interference, even by the machine it's running on.
MagicBlock uses TEEs to protect the entire state of an Ephemeral Rollup with an opt-in model:
- Every account is public by default, exactly like on Solana
- An onchain program explicitly defines access rules for accounts or groups
- Clients prove key ownership to the TEE RPC, receive an access token, and use it to query permissioned state
- Unauthorized parties, including the node operator, cannot inspect protected accounts
The hardware enclaves enforce confidentiality at the execution layer. The state remains protected throughout the session, visible only to authorized parties.
Authorization Model
Private ERs use a Permission Program deployed on Solana to manage fine-grained access controls.
The model has three components:
Permission Groups: Define sets of users with shared access rights. Groups are created via CPI into the Permission Program and can contain arbitrary membership. A payment provider might create one group for operations, another for compliance officers, another for auditors, each with different visibility into the same accounts.
Permissions: Link accounts to groups. When an account is permissioned, only members of the associated group can read its state from the Private ER. Today, permissions imply read access; read/write splits may be added in future versions.
Access Tokens: Clients authenticate by signing a challenge from the TEE RPC. Successful authentication yields a token that grants access to the permissioned state. The token is passed as a query parameter when creating connections.
import { getAuthToken } from '@magicblock-labs/ephemeral-rollups-sdk';
const token = await getAuthToken(PRIVATE_ER_URL, publicKey, signMessage);
const connection = new Connection(`${PRIVATE_ER_URL}?token=${token}`);
The group abstraction enables atomic permission updates. Modifying a group's membership changes access for all associated accounts in a single transaction.
Compliance Safeguards
Private ERs are not tools for unchecked anonymity, but rather provide data confidentiality to authorised participants. The system enforces compliance at multiple layers:
Jurisdiction Controls: IP geofencing at ingress blocks connections from OFAC-sanctioned regions before any transaction is accepted. This enforcement happens at the infrastructure layer, upstream of execution.
Real-Time Screening: All interactions are subject to continuous AML and sanctions screening. This includes sanctions list verification, exposure assessment, and behavioral risk signals. Transactions that fail screening are rejected before execution or settlement.
Licensed Deployments: Private ER instances can operate under explicit licensing constraints. Because the workflow is opt-in, different instances can be subject to different licenses if desired, and all can ensure the infrastructure explicitly forbids illicit use cases.
Businesses don’t choose between performance, compliance, and control; they require all three. Private ERs deliver low-latency execution suitable for real-time applications while maintaining enforceable boundaries that satisfy regulatory mandates.
Why TEE?
There are several approaches to privacy, but each one of them involves different tradeoffs:
.png)
For real-time applications, payments, trading, auctions, TEEs offer the most practical path. Developers can write normal Solana programs, and users can interact with familiar wallets without bridging. To address the hardware trust assumption, MagicBlock uses remote attestation: clients can cryptographically verify they're communicating with genuine TEE hardware before sending sensitive data. The attestation flow uses TDX verification against Intel's certificate, proving the enclave is running expected code on authentic hardware. Furthermore, the system also enables third parties (guardians or trusted authorities) to run state replicas.
Application Unlocks
Private ERs enable categories of applications that were previously impractical on Solana:
Confidential Transfers: Move assets without exposing balances or counterparties. The Private Payments Demo (devnet) demonstrates SPL token transfers where amounts and participants remain hidden from observers.
Sealed-Bid Auctions: Keep bids hidden until settlement for fair price discovery. Bidders submit encrypted bids that only the TEE can read; the auction resolves inside the enclave and commits the result to Solana.
Private Games: Build poker, strategy games, or any application where revealing state undermines gameplay. Player hands, hidden information, and private decisions remain confidential throughout the session.
Enterprise Workflows: Run payroll, supply chain operations, or regulated processes while keeping sensitive data private. Audit trails exist without exposing operational details.
Summary
Private Ephemeral Rollups bring hardware-secured confidentiality to Solana without sacrificing the composability and the liquidity of the network. Arbitrary accounts can be cloned inside TEE enclaves, with an access control layer defined by an onchain program. The node runs with compliance safeguards in place to satisfy institutional and business requirements, and the system is still feeless and real-time. The result is a practical approach to privacy that works for real-time confidential transfers, sealed-bid auctions and trading, private games, or enterprise workflows.
Resources
