Recreated from solana-labs/solana-program-library#6880
(Reopened this one as it looks promising and is still missing)
Proposed feature
Token-2022 adds the token-extension of confidential transfers. For normal token transfers Token-2022 further adds the permanent-delegate extension, which allows granting a signer the authority to move tokens from any token account belonging to a mint at will. This functionality is however not present for confidential balances.
Adding an authority with "root-access" should also be possible for the confidential balances of a mint.
Proposed solution
A confidential-permanent-delegate extension, which adds an authority with the ability to move tokens in the confidential balance of any token account from the mint.
There is one main problem to adding this logic, which is that to move funds in a confidential balance the balance encryption keys (ElGamalKeypair & AeKey) are required to generate the relevant zk-proofs. So in order for the permanent delegate to be able to move funds, these secret keys have to be shared with the holder of the authority.
The proposed solution to the secret sharing issue is to by default set the approved flag on the confidential balance to false if the confidential-permanent-delegate is activated on a mint. The normal Approve instruction would then also be disabled and the approving of accounts could only be done via an ApproveAccount instruction processed within the new extension.
FYI: @abcalphabet
Recreated from solana-labs/solana-program-library#6880
(Reopened this one as it looks promising and is still missing)
Proposed feature
Token-2022 adds the token-extension of confidential transfers. For normal token transfers Token-2022 further adds the permanent-delegate extension, which allows granting a signer the authority to move tokens from any token account belonging to a mint at will. This functionality is however not present for confidential balances.
Adding an authority with "root-access" should also be possible for the confidential balances of a mint.
Proposed solution
A confidential-permanent-delegate extension, which adds an authority with the ability to move tokens in the confidential balance of any token account from the mint.
There is one main problem to adding this logic, which is that to move funds in a confidential balance the balance encryption keys (ElGamalKeypair & AeKey) are required to generate the relevant zk-proofs. So in order for the permanent delegate to be able to move funds, these secret keys have to be shared with the holder of the authority.
The proposed solution to the secret sharing issue is to by default set the approved flag on the confidential balance to false if the confidential-permanent-delegate is activated on a mint. The normal Approve instruction would then also be disabled and the approving of accounts could only be done via an ApproveAccount instruction processed within the new extension.
FYI: @abcalphabet