ParaloomPARALOOM

Installation

Toolchain, dependencies, and verification for paraloom-core.

Installation

For most operators the signed release binary is the right choice. Build from source if you're contributing, running a custom branch, or auditing the supply chain.

System requirements

ComponentUser walletValidator (recommended)
OSLinux / macOS (Windows via WSL2)Linux Ubuntu 22.04+ · macOS Apple Silicon · Windows via WSL2
CPU2 cores2 cores · x86_64 or arm64
RAM4 GB16 GB (8 GB minimum)
Disk10 GB120 GB SSD (RocksDB hot writes — HDD will lag)
Networkbroadband100 Mbit symmetric

The validator role is verify-only — no GPU, no specialized silicon. Apple Silicon, a Raspberry Pi 5, or a modest server all work.

# Signed binaries: paraloom-linux-amd64 / paraloom-macos-arm64 (unified CLI),
# plus paraloom-node-linux-amd64 / paraloom-node-macos-arm64 (node-only).
# Windows, Intel Mac, and Linux arm64: run the Linux binary under WSL2, or build from source.
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/paraloom-linux-amd64
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/SHA256SUMS
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/SHA256SUMS.sig
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/SHA256SUMS.crt

# Verify the Sigstore signature on the checksums file (binds artifact to the GitHub Actions run)
cosign verify-blob \
  --certificate SHA256SUMS.crt \
  --signature SHA256SUMS.sig \
  --certificate-identity-regexp 'https://github.com/paraloom-labs/paraloom-core/.*' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  SHA256SUMS

# Confirm the binary against the (now-trusted) checksums
sha256sum -c SHA256SUMS --ignore-missing

# Install
chmod +x paraloom-linux-amd64
sudo mv paraloom-linux-amd64 /usr/local/bin/paraloom
paraloom --version

A CycloneDX SBOM and a GHCR container image are also published. Full supply-chain story: Releases.

Build from source

1. Toolchain

# Rust 1.78+
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
rustc --version  # 1.78 or newer

# Solana CLI 1.18+ (only needed if you'll build the on-chain Anchor program)
sh -c "$(curl -sSfL https://release.solana.com/stable/install)"
export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"
solana --version

# Anchor 0.31+ (also only for on-chain build)
cargo install --git https://github.com/coral-xyz/anchor avm --force
avm install 0.31.0
avm use 0.31.0

2. Build dependencies

sudo apt update
sudo apt install -y build-essential pkg-config libssl-dev clang protobuf-compiler
xcode-select --install
brew install openssl pkg-config protobuf
wsl --install -d Ubuntu
# Then follow the Ubuntu instructions inside WSL

3. Clone & build

git clone https://github.com/paraloom-labs/paraloom-core.git
cd paraloom-core

# L2 / validator binaries (release-optimized)
cargo build --release

# Optional: on-chain Anchor program (only if you'll deploy your own)
cd programs/paraloom && anchor build && cd ../..

Binaries land in target/release/ (paraloom, paraloom-node, paraloom-ceremony-*, etc.).

4. Run the test suite

cargo test --all --all-targets
# 407 passed; 0 failed; 0 ignored

If you only want a subset:

# Privacy circuits + types
cargo test --lib privacy::

# Bridge integration
cargo test --test bridge_tests

# Coordinator HA scenario
cargo test --test coordinator_tests

Proving keys

Until the MPC ceremony completes, the proving keys shipped with paraloom-core are devnet-only keys generated by the setup_withdrawal_ceremony binary. They're fine for devnet / local testing. Mainnet keys come from the multi-party ceremony — see Ceremony.

# Generate devnet keys (one-shot, ~1–2 minutes)
cargo run --release --bin setup_withdrawal_ceremony

# Output lands in:
#   keys/devnet/deposit_pk.bin
#   keys/devnet/transfer_pk.bin
#   keys/devnet/withdraw_pk.bin

Solana CLI configuration (validator/builder workflows)

# Devnet (current pre-mainnet network)
solana config set --url devnet
solana-keygen new -o ~/.config/solana/id.json
solana airdrop 2  # for tx fees + validator stake

# Localnet (for E2E development)
solana config set --url localhost
solana-test-validator --reset

Mainnet activation is gated on the MPC ceremony + external audit.

Paraloom node configuration

Copy the template that ships with the repo (scripts/devnet/validator.toml.example) and edit the marked paths:

[network]
# Public listen address (a libp2p multiaddr). Open this TCP port on your firewall.
listen_address = "/ip4/0.0.0.0/tcp/9300"

# Devnet bootstrap anchor maintained by paraloom-labs. New nodes dial this
# to enter the Kademlia DHT; the rest of the validator set fans out from there.
bootstrap_nodes = [
  "/ip4/67.205.142.8/tcp/9300/p2p/12D3KooWFf8xfNz77E9Ve4HnpyZkAHKAcUdw4LmagpFCYQD6R7WK",
]

# mDNS is only useful on a LAN; leave off on a public-internet validator.
enable_mdns = false

# Persist this node's libp2p identity (generated mode 0600 on first start).
identity_path = "/var/lib/paraloom/node.key"

[node]
node_type = "ResourceProvider"
max_cpu_usage = 80
max_memory_usage = 70
max_storage_usage = 10240

[storage]
data_dir = "/var/lib/paraloom/data"

[bridge]
solana_rpc_url = "https://api.devnet.solana.com"
program_id = "8gPsRSm1CAw38mfzc1bcLMUXyFN7LnS8k6CV5hPUTWrP"
poll_interval_secs = 8
enabled = true
authority_keypair_path = "/home/USER/.config/solana/paraloom-validator.json"
event_lag_warn_threshold_slots = 1500
withdrawal_expiration_window_slots = 150
# Local-only HTTP endpoint for wallet/CLI Merkle queries. Stays on loopback.
merkle_path_query_address = "127.0.0.1:9090"
withdrawal_ingress_address = ""
transfer_ingress_address = ""

The on-chain program ID 8gPsRSm1CAw38mfzc1bcLMUXyFN7LnS8k6CV5hPUTWrP is the live devnet deployment — use exactly this value, and it matches the declare_id! in programs/paraloom/src/lib.rs.

Verify the install

paraloom --version

# Confirm your on-chain registration, or list the whole validator set
paraloom validator status --keypair ~/.config/solana/paraloom-validator.json
paraloom validator list

validator status reads your on-chain account (stake 1 SOL, reputation 1000, active: true); you can also open the validator PDA on Solana Explorer (devnet) for the same data. To watch a running node, follow its logs (RUST_LOG=info ./target/release/paraloom validator start --config ~/.paraloom/validator.toml).

Troubleshooting

Next

Quick Start

Build paraloom-core, run the test suite, and join devnet.

Architecture

Module layout, on-chain anchors, and data flow for paraloom-core.

On this page

InstallationSystem requirementsUse a signed release (recommended)Build from source1. Toolchain2. Build dependencies3. Clone & build4. Run the test suiteProving keysSolana CLI configuration (validator/builder workflows)Paraloom node configurationVerify the installTroubleshootingNext