The leader sees everything. We built the blind spot. Excustodia Protocol encrypts your strategy end-to-end — so Jito searchers, copy traders, and sandwich bots see only noise while you take the fill.
Every transaction submitted to a Solana leader is a leak. Your intent becomes the searcher's edge — your size, your timing, your strategy reverse-engineered before the slot is even sealed.
Configurations, thresholds, and decision trees are encrypted client-side before they ever leave your device. The protocol computes on ciphertext. Plaintext is reconstructed only at the moment of execution — and only by you.
Autonomous agents named after the Roman excubitores — night watchmen. They evaluate market state against your encrypted strategy without ever decrypting it, then execute when conditions are met.
Strategy creators sell encrypted agents on-chain. Buyers receive execution rights without ever seeing the source logic. Performance is verifiable. Alpha remains uncopyable.
From market input to settled trade — every stage operates over ciphertext. Decryption happens once, in a single hardware-attested enclave, at the final step.
// Custodia execution pipeline — strategy never decrypted in transit encryptedInput = CUSTODIA.encrypt(fetchMarketData()) encryptedConfig = CUSTODIA.encrypt(agentConfig) encryptedMetrics = CUSTODIA.computeMetrics(encryptedInput) encryptedSignals = CUSTODIA.compare(encryptedMetrics, encryptedConfig.thresholds) encryptedDecision = CUSTODIA.evaluate(encryptedConfig.strategy, encryptedSignals) if CUSTODIA.shouldExecute(encryptedDecision): decision = CUSTODIA.decrypt(encryptedDecision) // only here executeTrade(decision) storeEncryptedHistory(encryptedDecision) sendEncryptedNotification(encryptedDecision)
Excustodia is custodial in name only. Keys never leave your device. The protocol is non-upgradeable at the cryptographic core — once a sentinel is deployed, neither we nor any future operator can read its instructions.
Governance is reserved for ecosystem parameters: fee curves, sentinel rewards, marketplace listings. Your strategy is yours alone. Custodia est silentium.
A cryptographic framework for mempool-invisible strategy execution and the architecture of sentinel-driven trade custody.
Excustodia Protocol introduces a cryptographic execution layer for on-chain trading where strategy logic, market evaluation, and trade decisions are computed entirely over ciphertext. By combining MPC-based confidential compute (via Arcium) with ZK compression (via Light Protocol), the protocol eliminates the visibility window that allows Jito searchers, copy traders, and sandwich bots to capture value from leader-visible intent on Solana. We present the formal architecture, threat model, and economic design of a system in which a trader's strategy is provably uncopyable, unfrontrunnable, and unrevealed until the moment of settlement.
In Roman military tradition, the excubitores were the night sentinels — watchmen whose silence was their primary instrument. They guarded by being unseen. Excustodia inherits this discipline. We do not ask the market to trust us. We ask the market to be unable to read us.
Solana's high-throughput design has, by necessity, optimized for execution speed over execution privacy. Transactions submitted to the current leader become visible to a network of Jito searchers within milliseconds. Bundle-based MEV — atomic execution of attacker transactions ahead of victim transactions — has produced a parasitic economy. Estimates of value extracted via Solana MEV now exceed eight hundred million dollars annually, with sandwich attacks, JIT liquidity sniping, and copy-trading dominant.
The conventional response — Jito's MEV protection, private leader connections, RPC-level filtering — addresses transmission, not strategy. The searcher still learns the strategy from its outcomes. The copy-trader still reverse-engineers the configuration from observed positions on-chain. The leak is not in the broadcast; it is in the behavior.
We propose a stack in which the strategy itself never appears in plaintext anywhere a third party can observe — including, critically, the protocol's own operators. Three components compose the system: an encryption engine for strategy serialization, a sentinel runtime for ciphertext evaluation, and an attested egress layer for settlement.
Consider a trader executing a momentum strategy on Raydium or Orca. Their strategy file specifies a threshold: enter long when 5-minute RSI crosses 70 with volume confirmation above the 20-period mean. From the perspective of a Jito searcher with bundle visibility, three signals leak:
Each signal is independently exploitable. In aggregate, they are catastrophic. A sufficiently-funded adversary running statistical inference against published transactions can reconstruct the strategy with O(n log n) observations, where n is the parameter space cardinality. We have verified this empirically on Solana mainnet against active wallets; reconstruction is not theoretical.
Jito's MEV-resistant bundles prevent front-running of submitted transactions but do nothing to obscure the strategy that produced them. Private leader connections delay revelation but always reveal at slot inclusion. Intent-based execution reveals intent by definition. None of these solutions protect the upstream signal — the trader's logic itself.
Excustodia operates as a three-stage pipeline: encrypt, evaluate, egress. Plaintext exists only at two boundaries — the trader's local key enclave at ingress, and the attested settlement enclave at egress. Between these points, all computation occurs over ciphertext.
Strategy configurations are serialized into a constrained intermediate representation (CIR) — a domain-specific bytecode supporting arithmetic comparison, threshold evaluation, and conditional branching. The CIR is then encrypted using Arcium's MPC network for confidential compute, with state commitments compressed via Light Protocol's ZK compression layer. The resulting ciphertext is non-malleable and semantically hiding under chosen-plaintext attack.
Sentinel agents are stateless evaluators that consume an encrypted strategy and an encrypted market snapshot, producing an encrypted decision. The runtime is implemented as a Solana program (Anchor framework) coordinating MPC nodes via Arcium's confidential compute network. Sentinels cannot read their inputs; they can only transform them.
When a sentinel emits an encrypted "execute" signal, the egress module performs the only decryption in the pipeline. It does so via threshold MPC reconstruction, with the resulting transaction routed through Jito's bundle infrastructure for atomic, single-slot execution against Jupiter, Raydium, Orca, or Phoenix venues.
Pure homomorphic encryption remains computationally prohibitive for latency-sensitive trading. Pure TEE-based privacy concentrates trust in hardware vendors. Excustodia adopts a Solana-native hybrid: Arcium MPC for confidential strategy evaluation, Light Protocol ZK compression for state commitments, and threshold-signed transactions executed atomically through Jito bundles.
The security guarantee is conjunctive: an adversary must compromise both a threshold of Arcium MPC nodes and the user's local key material to recover plaintext. Compromise of either alone yields no information beyond what is observable on-chain at settlement.
Key material is generated and stored exclusively on the trader's device via Phantom, Backpack, Solflare, or hardware wallet (Ledger Solana app) derivation. The protocol's operators — including Excustodia Labs — possess no key material capable of decrypting any user's strategy.
A sentinel is a singular, addressable entity on-chain — a Solana program-derived address (PDA) paired with an Arcium computation reference. Each sentinel is bound to one trader's keypair at deployment and cannot be reassigned. Sentinels accept three classes of input: encrypted market data feeds (via Pyth or Switchboard), encrypted strategy parameters, and external triggers (slot timestamps, oracle updates, on-chain events).
Sentinel computation is bounded by Solana's compute unit (CU) limits to prevent side-channel timing attacks. All evaluations complete in fixed-time windows aligned to Solana's 400ms slot, ensuring that an observer cannot infer decisions from latency alone.
Strategy creators may publish encrypted sentinels for sale. Buyers receive a derivation key bound to their identity that grants execution rights but not source visibility. Performance is verifiable through cryptographic commitments to historical decisions; the strategy itself remains opaque. Alpha, in this regime, becomes a tradeable instrument that cannot be cloned.
Excustodia protects against four canonical adversaries: the passive observer (RPC monitors, copy-trading bots tracking famous wallets), the active extractor (Jito searchers, sandwich bot operators), the compromised operator (a future malicious version of Excustodia Labs itself), and the colluding venue (a DEX or aggregator seeking to learn customer strategies).
We do not defend against compromise of the trader's own device. Key custody is the trader's responsibility; Excustodia provides cryptographic infrastructure, not operational security. We also do not defend against statistical inference from large-volume settled transactions visible on-chain — though we note that without strategy parameter access, such inference requires orders of magnitude more data.
Excustodia is governed by the Custodian Council — a body of token holders whose authority is constitutionally limited to ecosystem parameters: fee curves, sentinel reward schedules, marketplace listings, and treasury allocations. The Council cannot modify the cryptographic core. The Council cannot read user strategies. The Council cannot freeze sentinels.
The protocol token, $CVST (SPL Token 2022), accrues fees from sentinel deployment, marketplace transactions, and egress settlement. A portion is burned per transaction; the remainder funds the security budget for Arcium MPC node incentives and protocol audits.
Note: Token launch parameters, vesting schedules, and supply mechanics are detailed in Volume II of this whitepaper, forthcoming.
Phase I — Sigil (current). Solana mainnet deployment of the encryption engine, sentinel runtime, and Jito-routed egress. Limited beta to Custodian Council members.
Phase II — Vigil. Public mainnet launch with marketplace activation, integrations across Jupiter, Phoenix, Raydium, and Drift, and the first audited Arcium computation framework.
Phase III — Tenebris. SVM-cross-chain encrypted state (Eclipse, Sonic), sentinel composition (agents that compose other agents), and Token 2022 confidential transfer integration for fully-private positions.
Phase IV — Custodia Aeterna. Renouncement of upgrade authority on the cryptographic core. The protocol becomes immutable. The watchmen continue their watch without us.
Custodia est silentium.
In tenebris vincimus.
— End of Volume I —
Welcome to the Excustodia Protocol. This documentation will teach you how to deploy encrypted trading agents — sentinels that execute your strategy without ever revealing it.
Excustodia is a Solana-native cryptographic execution layer for on-chain trading. Unlike traditional bots whose intent becomes visible to Jito searchers and copy-traders, Excustodia sentinels operate on encrypted state via Arcium MPC. Your logic, thresholds, and decisions never appear in plaintext until the moment of settlement.
If you've used a traditional trading bot before, the developer experience will feel familiar. Configure a strategy, deploy an agent, monitor performance. The difference is invisible to you — and to everyone watching you.
New to encrypted execution? Start with the Quickstart for a five-minute walkthrough, or read the Whitepaper for the cryptographic foundations.
Deploy your first sentinel in under five minutes. This guide assumes you have a funded Solana wallet (Phantom, Backpack, or Solflare) and Node.js 20+ installed.
$ npm install @excustodia/sdk $ npm install @excustodia/sentinel-cli --global
Keys are generated locally and never transmitted. Store the seed phrase securely.
$ excvst keygen --output ~/.excustodia/keys → Generated keypair → Public custodia: 7xKXtg2C...wW9HmNz → Seed phrase: [22 words shown once]
import { defineStrategy } from '@excustodia/sdk'; export default defineStrategy({ name: 'momentum-rsi-v1', market: 'SOL/USDC', triggers: { rsi: { period: 14, threshold: 70 }, volume: { period: 20, multiplier: 1.5 }, }, action: { type: 'long', venue: 'jupiter', size: '2%-of-portfolio', stopLoss: '-3%', takeProfit: '+8%', }, });
$ excvst deploy strategy.ts → Compiling to CIR bytecode... → Encrypting with custodia key 7xKXtg2C...HmNz → Deploying sentinel to mainnet... → Sentinel PDA: ExCv4Z7n...4f2zwx → Arcium computation: 9b3cE08f...mxa1 → Status: ACTIVE · Watching market
That's it. Your sentinel is now executing on encrypted state.
A custodia keypair is the root of your privacy. Built on Solana's Ed25519 curve and derivable from any standard Solana wallet. The public key derives sentinel PDAs; the private key decrypts execution decisions via threshold MPC. Keys are never transmitted to Excustodia infrastructure — they exist only on your device.
A sentinel is an autonomous Solana program (PDA) bound to a single custodia keypair. Sentinels coordinate with Arcium MPC nodes to evaluate encrypted strategy logic against encrypted market data and emit encrypted decisions. They cannot read their own logic. They cannot be reassigned to another key.
Strategies are compiled from high-level definitions into CIR bytecode — a domain-specific instruction set supporting comparison, threshold logic, and bounded arithmetic. CIR is what gets encrypted; raw TypeScript or Python source never leaves your machine.
The single point of decryption in the entire pipeline. When a sentinel decides to execute, the egress module decrypts only the signed transaction via threshold MPC — not the strategy that produced it. Routes through Jito Block Engine for atomic, single-slot execution to whitelisted venues (Jupiter, Raydium, Orca, Phoenix, Drift).
Excustodia follows a strict separation between three planes:
No single component holds enough information to reconstruct your strategy. The compute plane sees only ciphertext. The settlement plane sees only the final transaction, never the conditions that produced it.
Agents are created in three steps: define, encrypt, deploy. The SDK abstracts the cryptography, but it's worth understanding what happens at each stage.
Use the defineStrategy primitive to declare your logic. Strategies are pure data — they describe conditions, not execution. The runtime translates them into encrypted CIR.
rsi, macd, bollinger — technical indicatorsprice, volume, liquidity — market structureoracle — external feeds via Pyth, Switchboard, or customcomposite — boolean combinations of other triggersYour key is your custody. Excustodia provides no recovery mechanism — by design. If you lose your private key, the strategies bound to it become permanently inaccessible.
Critical: Excustodia Labs cannot recover keys. We cannot read your strategies. We cannot reset your sentinels. This is the design.
The reference SDK, @excustodia/sdk, supports Node.js 20+ and modern browsers. Built on @solana/web3.js and @coral-xyz/anchor. All cryptographic operations run in WebAssembly for consistent behavior across environments.
import { Custodia } from '@excustodia/sdk'; const custodia = new Custodia({ keyPath: '~/.excustodia' }); // Deploy a sentinel const sentinel = await custodia.deploy(strategy); // Query encrypted history const history = await sentinel.history({ days: 30 }); // Decrypt selectively (locally) const trades = await custodia.decrypt(history); // Pause without revealing strategy await sentinel.pause();
The Excustodia Marketplace allows strategy creators to monetize their alpha without revealing it. When you publish a sentinel, buyers receive execution rights — not source code.
excvst publishBuyers don't need to trust your claimed track record — they can verify it. Each sentinel emits cryptographic commitments to its decisions over time. These commitments can be opened by the creator (proving past performance) without revealing the strategy that produced them.
CVST-1001 — Invalid custodia key formatCVST-1042 — Sentinel not found at addressCVST-2003 — CIR compilation failed (unsupported operation)CVST-2117 — Attestation verification failedCVST-3008 — Egress enclave temporarily unavailableCVST-4044 — Insufficient balance for deploymentNo. The strategy is encrypted with your local key before transmission. We possess no key material capable of decrypting it. This is not a policy choice — it is a cryptographic guarantee enforced by the protocol.
The sentinels bound to that key become permanently inert. Funds held by the sentinels are recoverable through the on-chain emergency withdrawal path (which requires only proof of original deposit), but the strategies themselves are gone. Back up your keys.
Both. By eliminating mempool-visible strategy signals, we remove the precondition for sandwich attacks and front-running. By using attested egress enclaves, we ensure that even the broadcast moment leaks no pre-decision information.
Phase I (Sigil): Solana mainnet. Phase II (Vigil): expansion to Eclipse and Sonic SVM. Phase III (Tenebris): cross-VM encrypted state via Wormhole/LayerZero.
Jito's MEV protection prevents front-running of transactions you submit through their bundle infrastructure. Excustodia prevents adversaries from learning your strategy at all — the transactions you submit reveal only individual outcomes, not the logic that produces them.
The cryptographic core is audited by OtterSec and Zellic — leading Solana security firms. Audit reports will be available before public mainnet release.
v1.0.0 · Sigil Release · April MMXXVI
Initial mainnet deployment. Encryption engine, sentinel runtime, egress enclave.