Paraloom

An open letter to Solana. paraloom.io

fixed it (paraloom edition)

gm. shipping today, updates through the day

@PerkinsFund @mol_tr1 filed #178 tonight after all - couldn't sleep on it. has_one fix + proof length bound, full disclosure inside: github.com/paraloom-labs/… thanks again for the read.

@paraloomlabs @mol_tr1 Thanks. I assumed it was just a testing thing, but figured I’d ask

Tokenomics, now live in docs. Token funds: audit + MPC ceremony + genesis validators. Token role: dual-stake collateral + governance (post-mainnet). Token does not: pay yield, accrue fees, trigger buybacks. Fees stay SOL. Treasury locked. Full spec: docs.paraloom.io/docs/tokenomics

@PerkinsFund @mol_tr1 on it, will reply

Hi, I have one more question. I was reading through your lib. There seems to be a major issue in it. It appears that as written any signer can withdraw arbitrary SOL from the bridge_vault by passing: amount > 0 proof = vec![1] unused nullifier expiration_slot >= current slot Was this intentional for testing? Basically your withdraw function is completely unauthenticated. Since this is still in dev, I'm not gonna fault you for it, just curious

@PerkinsFund @mol_tr1 Correct. v0.5.0-rc3, pre-mainnet. Audit + MPC ceremony + on-chain quorum attestation are the open items. Tracked publicly: github.com/paraloom-labs/… Mainnet ships when those close.

@paraloomlabs @mol_tr1 you right, so this just isn't finished?

Production note/key/nonce randomness: thread_rng (ChaCha CSPRNG). privacy_deposit.rs:52 paraloom_cli.rs:425-426 private_job.rs:146 Only fixed seeds are under #[cfg(test)]: batch.rs:228, types.rs:350. If you meant PDA seeds those are public by design. Point to the production line you mean.

@paraloomlabs @mol_tr1 stop using an llm to answer me. why are the seeds guessable in a privacy product

Fair callout. That's in the v0.6.0 milestone - the compute layer's pool retrieval / decryption flow. v0.5.0-rc3 ships the privacy payments layer; compute is alpha and tracked separately. The "not yet implemented" markers are intentional - we tag every gap explicitly so the audit firm sees them, not hidden. Full roadmap: docs.paraloom.io

@paraloomlabs @mol_tr1 explain x.com/PerkinsFund/st…

@PerkinsFund @mol_tr1 Para- (prefix, "shield" / "alongside"). Loom (Solana's original name). 33,000 lines of code disagree with you. github.com/paraloom-labs/…

@mol_tr1 @paraloomlabs Their name is "paraloom" nuff said.

@germanarc1 Appreciate it. Quick fit test (from the use-cases page) the on-chain link between X and Y should be hidden; Z can be public. If that holds for you, the primitive fits. Happy to dig in - heads up it's devnet + CLI/Rust today, SDK's still roadmap.

@paraloomlabs Makes sense , appreciate the transparency. The shielded pool as a privacy primitive is already interesting for our use case.

The private-payment half is already live on devnet: in-pool transfers hide both counterparties and the amount. The one caveat we're upfront about - the deposit/withdraw at the pool boundary is public; what's hidden is the link and the in-pool amount. Escrow itself isn't built. The shielded pool handles the private cash-flow, but the conditional-release/dispute logic is application-layer on top of the primitive - plausible to build, not shipped, and not something we'd put on the roadmap before it's real. Docs are honest about exactly this line: paraloom.io/docs/use-cases

@paraloomlabs Any plans for marketplace style escrow use cases? Private payments between two parties without exposing amounts on chain would be 🔥

@mert Started a year ago when no one was watching. Now we're shipping while everyone else is starting. docs.paraloom.io

a year ago, privacy in crypto was forgotten and ppl got annoyed w me for spamming it now, everyone is trying to add "privacy" to their thing while most of it is beta chasing, it does still spread the word we have until president AOC to legalize private money for all faster

You can now track $PARALOOM on @coingecko! coingecko.com/en/coins/paral…

A note from this morning. Last night we said: "real things aren't seen by gatekeepers - they're seen by people." Tonight 1,700+ people proved that true. That's not a market cap. That's a thesis confirmed. The work continues - same code, same team, more eyes now. Thank you for showing up.

This is exactly the framing. Pump fun was the only door that opened after grants didn't. Fee mechanism, visibility, fair launch - all reasons it made sense as a starting point. Migration to validator-aligned tokenomics post-audit is on the table. The treasury vesting (3-month cliff, quarterly unlocks) was designed with that flexibility in mind.

It feels to me that everyone is thinking about the same things right now. How is it possible that a tek like this couldn't find any funding? I understand the rationale behind the Pumpfun launch. You need funding, fee mechanism is solid on pumpfun, visibility too. I could imagine that a migration at some point could be a good idea.

Funny thing. Solana was originally called "Loom." We named our project Paraloom. Para- (privacy) + loom (Solana's roots). Built it for a year before noticing. Some circles close themselves.

Not wrong. It was a tradeoff: pump.fun made the launch visible to the people we couldn't reach through grants (3 applications, 0 responses). Treasury is locked, fair launch, no insider allocation. Credibility now has to be re-earned through the work audit, ceremony, mainnet. We accept the cost.

@paraloomlabs Funny thing. You built a truly transformative tek and you launched it on pumpfun. Found perfect way to hurt your credibility.

Roadmap to mainnet: ✓ v0.5.0-rc3 — privacy layer, BFT consensus, MPC tooling → Security audit → MPC ceremony completion → On-chain quorum attestation via threshold sigs → v0.6.0 — validator-quorum daemon → Mainnet Treasury funds: audit, ceremony, validator incentives at genesis. Timelines published when audit firm confirmed.

@germanarc1 Thanks. Shipping in stages is the only honest way when the trust assumptions are still narrowing. Audit + threshold sigs land before mainnet - that's the line.

@paraloomlabs so the current trust model is essentially the L2 coordinator , threshold sigs post audit will be the real test. makes sense to ship it in stages. good job i like it.

Why we made validators run on laptops: Some privacy protocols (Aztec, Aleo) need GPUs and specialized hardware to run nodes. This shrinks validator sets and concentrates power. We made it different. Verify-only nodes. Groth16 proof verifies in 10ms on one CPU core, 192 bytes per proof. Your laptop runs a validator. 1 SOL minimum stake. Privacy without decentralization isn't privacy. It's a permissioned database with extra steps.

Solid technical question - deserves a full answer with the actual code references. Short version: off-chain BFT consensus (7-of-10), single L2 authority submits to the Anchor program today. On-chain quorum attestation via threshold validator sigs is the next hardening step before mainnet - exactly what the audit is for. Full thread on the consensus -> submission flow coming tomorrow. docs.paraloom.io/docs/consensus

@paraloomlabs if validators only verify, who generates the proofs? what are the hardware requirements on the user/sender side?