Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nacrelabs.xyz/llms.txt

Use this file to discover all available pages before exploring further.

Nacre uses BIP-341 Taproot on Pearl. The per-user Deposit Address and the shared Cold Reserve are both Taproot outputs with a key-path controlled by the validator quorum and a single script-path leaf for emergency recovery.

Deposit Address (per user)

Deposit Address = Taproot(
  internal_key = validator-quorum-signed key,
  script_tree  = [
    leaf 0: <1008> OP_CSV OP_DROP <user_xonly_pubkey> OP_CHECKSIG
  ]
)
  • Key-path sweeps user deposits into the Cold Reserve once validators reach quorum.
  • Script-path lets the user reclaim their deposit after 7 days (1,008 blocks) with no validator involvement.
Each user gets a distinct Deposit Address, deterministically derived from their Solana public key. Anyone can re-derive the address client-side and verify it against the on-chain record before depositing.

Cold Reserve (shared vault)

Cold Reserve = Taproot(
  internal_key = validator-quorum-signed key,
  script_tree  = [
    leaf 0: <1008> OP_CSV OP_DROP <admin_3of5_musig2_pubkey> OP_CHECKSIG
  ]
)
  • Key-path pays out user redemptions and rotations under validator quorum authority. This is the normal-operations path.
  • Script-path is emergency only. Admin (3-of-5 multisig, aggregated via MuSig2) can sweep the Cold Reserve after a 7-day timelock if the validator quorum is permanently lost. Off-chain monitors publicly log any use of this path.

Deposit Address derivation

A user’s Deposit Address internal key is derived deterministically:
  1. The validator quorum’s Pearl key serves as the base internal key.
  2. A taproot tweak is computed from the user’s Solana public key plus a protocol-specific tag.
  3. The tweaked key becomes the Deposit Address’s internal key.
The same Solana key always yields the same Deposit Address. Implementations of the derivation are cross-validated against shared test vectors so the SDK, validator, indexer, and reclaim CLI all agree byte-for-byte.