Skip to content
You are reading Hyperledger Besu development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.
Last update: September 2, 2021

Processing private transactions


Orion features have been merged into Tessera! Read our Orion to Tessera migration guide and about all the new Tessera features.

Processing private transactions involves the following:

  • Precompiled contract: A smart contract compiled from the source language to EVM bytecode and stored by an Ethereum node for later execution.

  • Privacy Marker Transaction: A public Ethereum transaction with a payload of the enclave key. The enclave key is a pointer to the private transaction in Tessera. The to attribute of the Privacy Marker Transaction is the address of the privacy precompiled contract.

The Privacy Marker Transaction is signed with a random key or the key specified on the command line.

Private transaction processing is illustrated and described in the following diagram.

Processing Private Transactions

  1. Submit a private transaction using eea_sendRawTransaction. The signed transaction includes transaction attributes specific to private transactions, including:

    • privateFor or privacyGroupId specifies the list of recipients
    • privateFrom specifies the sender
    • restriction specifies the transaction is of type restricted.
  2. The JSON-RPC endpoint passes the private transaction to the Private Transaction Handler.

  3. The Private Transaction Handler sends the private transaction to Tessera.

  4. Tessera distributes the private transaction directly (that is, point-to-point) to the Tessera nodes specified in privateFor or belonging to the privacy group identified by privacyGroupId. All recipient Tessera nodes store the transaction. Tessera associates the stored transaction with the transaction hash and privacy group ID.

  5. Tessera returns the transaction hash to the Private Transaction Handler.

  6. The Private Transaction Handler creates a Privacy Marker Transaction for the private transaction. The Private Transaction Handler propagates the Privacy Marker Transaction using devP2P in the same way as a public Ethereum transaction.


    If you want to sign the Privacy Marker Transaction outside of Besu, use priv_distributeRawTransaction instead of eea_sendRawTransaction.

  7. Besu mines the Privacy Marker Transaction into a block and the Privacy Marker Transaction is distributed to all Ethereum nodes in the network.

  8. The Mainnet Transaction Processor processes the Privacy Marker Transaction in the same way as any other public transaction. On nodes containing the privacy precompile contract specified in the to attribute of the Privacy Marker Transaction, the Mainnet Transaction Processor passes the Privacy Marker Transaction to the privacy precompile contract.


    Nodes receiving the Privacy Marker Transaction that do not contain the privacy precompile contract specified in the Privacy Marker Transaction ignore the Privacy Marker Transaction.

  9. The privacy precompile contract queries Tessera for the private transaction and privacy group ID using the transaction hash.

  10. The privacy precompile contract passes the private transaction to the Private Transaction Processor. The privacy group ID specifies the private world state to use.

  11. The Private Transaction Processor executes the transaction. The Private Transaction Processor can read and write to the private world state, and read from the public world state.


Using private transactions with pruning or fast sync is not supported.

Questions or feedback? You can discuss issues and obtain free support on Hyperledger Besu chat channel.
For Hyperledger Besu community support, contact the mailing list