# Wallet top-up Wallet Top-Up in Sealed is designed to separate the wallet that provides ALGO from the wallet that later uses Sealed for communication. This matters because payment activity can become one of the easiest ways to identify a user. If the same wallet funds the account, sends messages, creates nicknames, and interacts with conversations, it becomes much easier to build a profile around that wallet. Sealed avoids this by using a credit code model. A user deposits ALGO into the credit smart contract, receives a code, and later activates that code inside the app from a different wallet. This creates separation between funding and usage. ### Separation between deposit and usage The main privacy goal of Wallet Top-Up is to avoid a direct public link between the deposit wallet and the messaging wallet. The deposit wallet is the wallet that provides ALGO to the smart contract. The messaging wallet is the wallet used later inside the Sealed app. In a simple system, these two actions could be connected easily: one wallet pays, the same wallet sends messages. In Sealed, the deposit creates a code, and the code can later be activated by a different wallet. This means the blockchain can show that a deposit happened and that a code was later activated, but it should not directly reveal that both actions belong to the same person. ### Fixed-size credit codes Each credit code has the same value: **10 ALGO equals 500 credits**, and 500 credits equal 500 messages. This fixed-size design is important for privacy because it prevents amount-based matching. If users could create codes for random amounts, it would be easier to connect a deposit with a later activation by comparing values. For example, a unique deposit amount could act like a fingerprint. By using the same standard size for every code, Sealed makes deposits look more uniform. Users who need more credits can create multiple standard codes instead of one unique large code. This keeps each code inside the same shared privacy set. ### Merkle tree privacy pool Sealed uses a Merkle tree-based privacy pool inspired by Tornado Cash. The idea is to place many identical deposit commitments into one shared structure. Later, a user can activate a valid code without publicly revealing which exact deposit created it. For a non-technical user, this can be understood like putting many identical sealed envelopes into one box. Later, someone proves they own one valid envelope without showing which exact person originally placed it there. This is what creates the separation between the deposit address and the activation address. The smart contract can verify that the code is valid, but the public chain does not need to show a simple one-to-one link between the original deposit wallet and the wallet that receives credits. ### Privacy depends on volume The privacy pool becomes stronger when more users participate. If only one person deposits and one person activates, the connection is easy to guess. If many users deposit the same fixed amount and many users activate codes over time, the link becomes much harder to reconstruct. This is called the anonymity set. The larger the group of possible deposits, the harder it is to identify which deposit belongs to which activation. In Sealed, more volume means stronger privacy for everyone using the credit system. ### Timing matters Timing is also important. If a user deposits ALGO and activates the code immediately, an observer may try to connect those two events based on timing. Even if the system does not reveal a direct link, the behavior itself can create a clue. Waiting longer before activating the code improves privacy because more deposits and activations can happen in between. The more time and activity between deposit and activation, the harder it becomes to make a confident connection. ### What this protects against Wallet Top-Up is designed to protect against simple payment-to-usage linking. It makes it harder for an outside observer to say: this wallet deposited ALGO, and that same person later used Sealed from this messaging wallet. It also helps protect against wallet profiling. The messaging wallet does not need to act like a normal funded crypto wallet, and the deposit wallet does not need to become the user’s communication identity. ### Wallet Top-Up summary Wallet Top-Up protects privacy by separating funding from communication. The user deposits a fixed 10 ALGO amount into the credit smart contract, receives a code worth 500 credits, and later activates that code inside the app from a messaging wallet. The privacy comes from several layers working together: fixed-size codes prevent amount-based matching, the Merkle tree privacy pool separates deposit and activation, higher volume increases the anonymity set, delayed activation reduces timing correlation, and credits remove the need to directly fund the messaging wallet with ALGO. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealed.channel/security-and-privacy/wallet-top-up.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.