Program Derived Address (PDA)

This page provides an overview of Program Derived Addresses (PDA), the mechanisms that make them possible, and the associated risk factors.

---

Kasway's payment engine draws strong inspiration from Solana and Solana Pay.

For each transaction, Kasway generates a unique, temporary payment address on the fly—avoiding static addresses or escrow-based methods. This approach reduces attack surfaces and minimizes the risk of lost funds caused by exploits targeting centralized points of failure.

All transactions are processed on-chain and confirmed at the consensus level immediately after being broadcast to the Kaspa network. Thanks to Kaspa's high throughput of 10 blocks per second and the Crescendo upgrade, confirmations happen ultra-fast, typically within sub-seconds.

Although called “Program Derived” addresses, these addresses are not derived from on-chain programs or smart contracts, as Kasway does not hold any wallet or keypair for address derivation. Instead, each payment request uses a random seed to generate a new address. This seed is converted into a private key, which is encrypted and temporarily stored on our server.

Once the payment is confirmed, the private key is automatically and permanently deleted from our system, ensuring security. Any attempt to intercept the transaction would have to outpace the network's rapid confirmation speed—an extremely unlikely scenario.

Looking ahead, with future Kaspa smart contract support, we plan to move this logic fully on-chain to achieve greater decentralization and security, effectively replicating Solana's PDA functionality.