Submarine sending is a cryptographic technique, originally conceptualized for Bitcoin, that enables a payer to commit funds to a transaction that remains invisible on the blockchain until the recipient chooses to redeem it. The process begins with the payer creating a cryptographic commitment, often a hash of a secret, and locking funds to a script that can only be spent by revealing that secret. This initial commitment transaction appears on-chain as a simple, unremarkable output, masking its true intent and the identity of the eventual recipient.
LABS
Glossary
Submarine Sending
A technique for privately committing to a blockchain transaction by broadcasting it with a future execution timestamp, hiding it from the public mempool until it is ready to be mined.
Chainscore © 2026
definition
BLOCKCHAIN PRIVACY TECHNIQUE
What is Submarine Sending?
A privacy-enhancing technique that allows a user to send a transaction on a blockchain without revealing its details until a later, predetermined time.
The core mechanism relies on a commit-reveal scheme. The payer sends funds to a OP_RETURN output or a similar timelock-based script containing a hash puzzle. The corresponding recipient, who knows the secret preimage, can later broadcast a second transaction that solves the puzzle and claims the funds. Crucially, to external observers, the initial commitment and the final redemption appear as two separate, unrelated transactions, breaking the direct on-chain link between the sender and receiver and enhancing transaction graph privacy.
This technique is particularly useful for enabling trustless atomic swaps between different blockchains and for creating private payment channels as a precursor to more complex Layer 2 systems like the Lightning Network. While it provides a degree of privacy, its effectiveness can be limited by blockchain analysis that correlates transaction timing and amounts. Modern implementations may use Pay-to-Taproot (P2TR) outputs to make the initial commitment even more data-efficient and indistinguishable from ordinary transactions.
etymology
TERM BACKGROUND
Etymology & Origin
The term 'Submarine Sending' has a colorful history in the Bitcoin ecosystem, originating from a clever cryptographic technique for private transactions that predated more advanced privacy protocols.
Submarine sending is a cryptographic technique that enables a payer to create a Bitcoin transaction that can be completed by a recipient at a later time, without revealing the payment's destination on-chain until the final step. The name is a metaphor: the transaction is initially 'submerged' (invisible on the blockchain) and only 'surfaces' (becomes publicly confirmed) when the recipient chooses to finalize it. This mechanism was a pioneering method for creating trustless, time-locked payments and private swaps before the widespread adoption of the Lightning Network.
The technique was first conceptualized and implemented by Bitcoin developer Olaoluwa Osuntokun and Alex Bosworth in 2016. It cleverly combines several native Bitcoin features: hash time-locked contracts (HTLCs), off-chain collaboration, and the use of adaptor signatures. The payer constructs a transaction that pays to a script only the recipient can satisfy, but the transaction is not broadcast. Instead, the recipient is given the necessary components to claim the funds by creating and broadcasting a final settlement transaction, which then reveals the payment's endpoint.
The primary historical use case for submarine sends was privacy-preserving payments and atomic swaps. For example, it allowed a user to pay a Lightning Network invoice without running a Lightning node themselves; a service could accept an off-chain invoice, create a submarine send on-chain, and the Lightning node could then claim it, making the original payer's on-chain transaction appear to pay the service, not the final recipient. While largely supplanted by direct Lightning Network payments for this specific use, the pattern remains a foundational concept in cryptographic protocol design.
key-features
SUBMARINE SENDING
Key Features & Characteristics
Submarine Sending is a privacy-enhancing technique that conceals the origin and destination of a blockchain transaction by routing it through a series of intermediate, unlinked addresses before final settlement.
01
Transaction Path Obfuscation
The core mechanism involves splitting a transaction into multiple, smaller hops through intermediate addresses, often called relayers or mixers. This breaks the direct, on-chain link between the sender's source address and the recipient's destination address, making transaction graph analysis significantly more difficult.
02
On-Chain vs. Off-Chain Components
While the final settlement and all intermediate hops are recorded on-chain, the critical mapping of the source to the final destination is managed off-chain. This is typically handled by a coordinating server or smart contract that knows the routing path but does not publish it, separating the public ledger data from the private intent.
03
Time Delay & Batching
To enhance privacy, transactions are often delayed and batched with others.
- Delays prevent time-based correlation attacks.
- Batching (or mixing) combines funds from multiple users, making it harder to trace individual inputs to specific outputs, a principle shared with CoinJoin implementations.
04
Smart Contract Execution
On smart contract platforms like Ethereum, submarine sends are frequently facilitated by a relayer contract. Users submit hashed commitments off-chain. A relayer pays the gas fee to execute the final transaction on-chain and is later reimbursed from the user's forwarded funds, further decoupling the gas payer from the transaction initiator.
05
Privacy vs. Anonymity
It's crucial to distinguish the guarantee: submarine sending enhances transaction privacy by increasing the cost and complexity of analysis. It does not provide absolute anonymity. Sophisticated chain analysis or surveillance of the off-chain component could potentially de-anonymize users, unlike zero-knowledge proofs which offer cryptographic anonymity.
06
Use Cases & Applications
- Front-running Prevention: Hiding large DEX trades to avoid being front-run by MEV bots.
- Privacy for DeFi: Concealing wallet activity and holdings from public scrutiny.
- Obfuscating Fund Flows: For businesses or DAOs that wish to keep internal payment structures private.
- Enhanced Security: Reducing the attack surface for phishing or hacking by obscuring high-value wallets.
how-it-works
MECHANISM
How Submarine Sending Works
A technical breakdown of the cryptographic escrow process that enables trustless, off-chain swaps on the Bitcoin network.
Submarine sending is a cryptographic protocol that enables a trustless, atomic swap between two parties on the Bitcoin blockchain without requiring them to directly transact on-chain. It functions by using a time-locked hash time-locked contract (HTLC) to create a secure, conditional payment. One party commits funds to a special Bitcoin address, where they are cryptographically locked. The counterparty can then claim these funds by revealing a secret preimage within a set time window, or the funds are automatically refunded to the original sender. This mechanism allows for complex conditional logic, like cross-chain swaps or payment channels, to be executed securely.
The process begins when the sender, often a service provider, creates a cryptographic hash of a secret (the preimage) and embeds it, along with a refund time lock, into a Bitcoin transaction. This transaction sends funds to a Pay-to-Script-Hash (P2SH) or Pay-to-Taproot (P2TR) address, which acts as the escrow. The transaction is broadcast to the network, locking the funds. The receiver, who knows the secret preimage, can now spend this output by providing the correct preimage in a new transaction, which proves they have the right to claim the funds. If they fail to do so before the time lock expires, the original sender can reclaim the money using a refund path.
A primary use case for submarine sends is facilitating off-chain transactions on Layer 2 networks like the Lightning Network. For instance, to open a Lightning channel, a user can perform a submarine send to fund the channel's multisig address without revealing the channel's existence on the main chain. It is also foundational for cross-chain atomic swaps, allowing Bitcoin to be traded for Litecoin or other assets without a centralized exchange. The protocol's security is derived from Bitcoin's script system, ensuring that funds can only move according to the pre-agreed cryptographic conditions, making it a cornerstone of decentralized finance (DeFi) interoperability on Bitcoin.
visual-explainer
PRIVACY MECHANISM
Submarine Sending
A privacy-enhancing technique in blockchain transactions that conceals the link between a sender and a recipient by splitting a payment into multiple, unlinkable on-chain events.
Submarine sending is a cryptographic protocol that breaks a single payment into two distinct, unlinkable transactions to obscure the connection between payer and payee. The sender first commits funds to a secret, time-locked contract. Later, the recipient can redeem these funds by providing a cryptographic proof, creating a new transaction that appears to originate from a fresh, unrelated address. This process severs the on-chain link that would normally be visible in a direct transfer.
The core mechanism relies on a commit-reveal scheme using hash functions and time locks. The sender generates a secret preimage, hashes it, and locks funds in a script that can only be unlocked by revealing that preimage. This initial commitment transaction does not disclose the recipient. Only when the recipient later broadcasts the second transaction—the claim—with the correct secret, do the funds move, but this final transaction's inputs are controlled by the recipient's new, unlinked address.
This technique enhances financial privacy by preventing blockchain analysis from trivially associating two parties. Common use cases include private payments, tipping, and obfuscating the flow of funds in decentralized applications. It is a foundational concept for more complex privacy systems like the Lightning Network's submarine swaps, which use a similar commit-reveal structure to move funds across different blockchain layers without a trust intermediary.
While effective, submarine sending has limitations. It requires the recipient to be online to claim the funds within the time-lock window, or the committed capital is returned to the sender. Furthermore, sophisticated chain analysis might still infer links through timing or value correlation. Despite this, it remains a powerful, protocol-level tool for increasing transaction anonymity without requiring a complete overhaul of the underlying blockchain's transparency model.
examples
PRACTICAL APPLICATIONS
Examples & Use Cases
Submarine sends are a specialized privacy technique with distinct applications in arbitrage, compliance, and strategic trading.
01
Front-Running Protection for DEX Trades
A trader uses a submarine send to hide a large DEX swap from public mempool watchers. The transaction is signed and sent to a relayer, which holds it in a private mempool. The relayer only broadcasts it at the exact moment it can be included in a block, preventing MEV bots from seeing and front-running the trade to extract value.
02
Cross-Chain Arbitrage Execution
An arbitrageur identifies a price discrepancy for an asset between Ethereum and Polygon. To prevent other bots from copying the trade, they use a submarine send on Ethereum to conceal the initial large purchase. Once the Ethereum trade is confirmed, they can execute the opposing trade on Polygon before the arbitrage opportunity closes.
03
Obfuscating Treasury or VC Movements
A venture capital firm or DAO treasury needs to move a significant sum of tokens without signaling its intent to the market. A submarine send hides the transaction details until it is finalized, preventing speculative price movements that could occur if the transaction was visible in the public mempool for an extended period.
04
Compliance with Disclosure Timelines
An entity subject to scheduled financial disclosures (e.g., a public company's crypto holdings) can use submarine sends to execute necessary transactions precisely when required, without the transaction details being public knowledge during the planning and signing phase, thus adhering to strict timing rules.
05
Strategic NFT Bidding & Purchases
A collector wants to acquire a high-value NFT without alerting other bidders, which could drive up the price. They use a submarine send to submit a bid or execute a purchase on a marketplace like Blur or OpenSea. The transaction becomes visible only upon successful execution, preventing bidding wars.
security-considerations
SUBMARINE SENDING
Security Considerations & Limitations
Submarine sending is a privacy technique that obfuscates the link between a user's deposit and withdrawal transactions. While enhancing privacy, it introduces specific security assumptions and operational constraints.
01
Relayer Trust Assumption
The core security model relies on a relayer to broadcast the final withdrawal transaction. Users must trust this entity not to censor their transaction or front-run it. While relayers cannot steal funds (the withdrawal is cryptographically signed by the user), they can cause denial-of-service. Decentralized relay networks or permissionless gas abstraction can mitigate this single point of failure.
02
Temporal Linkability Risk
Privacy is compromised if an observer can correlate transactions based on timing. Key risks include:
- Blockchain Analysis: Linking deposit and withdrawal via block inclusion time.
- Network-Level Surveillance: Matching transaction propagation patterns via IP address or mempool monitoring.
- Amount Correlation: Withdrawing the exact same amount as was deposited. Effective implementations use time delays, amount mixing, and network-level obfuscation like Tor or VPNs.
03
Smart Contract & Protocol Risk
The submarine contract holding the committed funds is a critical attack surface. Vulnerabilities could lead to loss of funds. Considerations include:
- Audit Quality: The contract code must be rigorously audited.
- Upgradability Risks: If the contract is upgradeable, users trust the admin key.
- Cross-Chain Bridge Risk: For cross-chain submarine sends, the security depends on the underlying bridge or messaging protocol, which may have its own slashing conditions or validator set risks.
04
Regulatory & Compliance Exposure
Privacy-enhancing techniques can attract regulatory scrutiny. Users and relayers may face:
- Transaction Reversals: Regulators may pressure centralized relayers to block or reveal transactions.
- Chain Analysis Flagging: Addresses involved in submarine sends may be tagged by compliance firms, reducing future privacy.
- Jurisdictional Risk: The legal status of using such mixers or privacy tools varies globally and may carry liability.
05
Throughput & Cost Limitations
Practical limitations affect scalability and usability:
- Gas Costs: Requires two on-chain transactions (commit & reveal), doubling base-layer fees.
- Block Space Contention: Reveal transactions must be included in a timely manner, competing in volatile fee markets.
- Relayer Capacity: A centralized relayer's throughput and fee policies become a bottleneck. High volume can degrade privacy by creating identifiable patterns.
06
Contrast with zk-SNARKs & CoinJoin
Submarine sending has distinct trade-offs compared to other privacy solutions:
- vs. zk-SNARKs (e.g., Tornado Cash): Submarine sends are not cryptographically private; they are obfuscated. zk-SNARKs provide stronger, mathematical privacy but are more complex and computationally expensive.
- vs. CoinJoin: CoinJoin (e.g., Wasabi Wallet) mixes multiple users' coins in one transaction. Submarine sends are typically for two-party, fixed-amount transfers. CoinJoin offers better anonymity sets but requires coordination among participants.
ON-CHAIN PRIVACY TECHNIQUES
Comparison with Other Privacy Channels
A technical comparison of Submarine Sending with other common methods for achieving transaction privacy on public blockchains.
| Feature / Metric | Submarine Sends | CoinJoin | zk-SNARKs | Confidential Assets |
|---|---|---|---|---|
Primary Mechanism | Decoupled, time-delayed transactions | Multi-party collaborative batching | Zero-knowledge cryptographic proofs | Blinded asset amounts & types |
On-Chain Privacy Guarantee | Sender-receiver unlinkability | Input-output unlinkability | Full transaction data privacy | Asset amount & type privacy |
Trust Assumption | Trustless (relayer optional) | Semi-trusted coordinator | Trustless cryptographic setup | Trustless |
Latency (Typical) | 1-24 hours | < 1 hour | < 1 min | < 1 min |
Transaction Cost | Low (standard tx fee) | Medium (coordinator fee + tx fee) | High (proof generation gas) | Medium (computational overhead) |
Blockchain Footprint | Standard transaction pattern | Large, atypical transaction | Large, verifiable proof | Modified transaction format |
Interoperability | Universal (any UTXO chain) | Protocol-specific (e.g., Wasabi, JoinMarket) | Protocol-specific (e.g., Zcash) | Layer 1 protocol-specific |
Privacy Set Size | 1 (per transaction pair) | 10-100 (per mix round) | Full shielded pool | Per asset type |
SUBMARINE SENDING
Common Misconceptions
Submarine sends are a privacy-enhancing transaction technique, but they are often misunderstood. This section clarifies how they work, their limitations, and how they differ from related concepts.
A submarine send is a privacy technique that allows a user to send cryptocurrency to themselves in a way that breaks the on-chain link between the source and destination addresses. It works by creating a private commitment (like a hash) to the funds, which is then redeemed in a later transaction to a new address. The key mechanism involves a smart contract or a protocol like Tornado Cash, where the user deposits funds, receives a private note, and later uses that note to withdraw to a fresh address, severing the transaction graph.
How it works in practice:
- Commit: A user deposits funds (e.g., 1 ETH) into a pool contract, generating a cryptographic secret.
- Wait: The deposit is mixed with others in the pool.
- Redeem: The user submits a zero-knowledge proof using their secret to withdraw an equal amount (1 ETH) to a new, unlinked address. The blockchain only sees an unrelated deposit and withdrawal.
BLOCKCHAIN PRIVACY
Technical Deep Dive
Submarine Sending is a privacy-enhancing technique that allows a user to send a transaction to themselves in a way that obfuscates the link between the source and destination of funds on a public ledger.
Submarine Sending is a blockchain privacy technique that breaks the on-chain link between two addresses controlled by the same user. It works by creating a commitment (a cryptographic hash) to a secret value and a target address. The user sends funds to a special swap contract, locking them with this commitment. Later, the user (or a designated party) can redeem the funds to the target address by revealing the secret, proving they were the intended recipient. To an external observer, the transaction from the contract to the final address appears as a new, unconnected event, severing the transaction graph link from the original source.
SUBMARINE SENDING
Frequently Asked Questions (FAQ)
Submarine sends are a privacy-enhancing technique that obscures on-chain transactions. These questions address their core mechanics, use cases, and security considerations.
A submarine send is a privacy technique that breaks a single on-chain transaction into two separate, unlinkable transactions using a commitment scheme. It works by having a sender commit funds to a secret value, creating a commitment transaction visible on-chain. Later, the intended recipient, who knows the secret, can redeem those funds in a separate transaction. To external observers, the commitment and redemption appear unrelated, breaking the direct on-chain link between sender and receiver. This process often relies on hash time-locked contracts (HTLCs) or similar cryptographic constructs to ensure only the rightful recipient can claim the funds after a specific time.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall