ParaloomPARALOOM

Installation

Toolchain, dependencies, and verification for paraloom-core.

Installation

For most operators the signed release binary is the right choice. Build from source if you're contributing, running a custom branch, or auditing the supply chain.

System requirements

ComponentUser walletValidator (recommended)
OSLinux / macOS / WindowsLinux Ubuntu 22.04+ (also macOS, Windows)
CPU2 cores2 cores · x86_64 or arm64
RAM4 GB16 GB (8 GB minimum)
Disk10 GB120 GB SSD (RocksDB hot writes — HDD will lag)
Networkbroadband100 Mbit symmetric

The validator role is verify-only — no GPU, no specialized silicon. Apple Silicon, a Raspberry Pi 5, or a modest server all work.

# Pick the asset for your platform from the release page:
# paraloom-linux-amd64, paraloom-linux-arm64, paraloom-darwin-arm64, paraloom-windows-amd64.exe
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/paraloom-linux-amd64
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/SHA256SUMS
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/SHA256SUMS.sig
curl -LO https://github.com/paraloom-labs/paraloom-core/releases/latest/download/SHA256SUMS.crt

# Verify the Sigstore signature on the checksums file (binds artifact to the GitHub Actions run)
cosign verify-blob \
  --certificate SHA256SUMS.crt \
  --signature SHA256SUMS.sig \
  --certificate-identity-regexp 'https://github.com/paraloom-labs/paraloom-core/.*' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  SHA256SUMS

# Confirm the binary against the (now-trusted) checksums
sha256sum -c SHA256SUMS --ignore-missing

# Install
chmod +x paraloom-linux-amd64
sudo mv paraloom-linux-amd64 /usr/local/bin/paraloom
paraloom --version

A CycloneDX SBOM and a GHCR container image are also published. Full supply-chain story: Releases.

Build from source

1. Toolchain

# Rust 1.78+
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source $HOME/.cargo/env
rustc --version  # 1.78 or newer

# Solana CLI 1.18+ (only needed if you'll build the on-chain Anchor program)
sh -c "$(curl -sSfL https://release.solana.com/stable/install)"
export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"
solana --version

# Anchor 0.31+ (also only for on-chain build)
cargo install --git https://github.com/coral-xyz/anchor avm --force
avm install 0.31.0
avm use 0.31.0

2. Build dependencies

sudo apt update
sudo apt install -y build-essential pkg-config libssl-dev clang protobuf-compiler
xcode-select --install
brew install openssl pkg-config protobuf
wsl --install -d Ubuntu
# Then follow the Ubuntu instructions inside WSL

3. Clone & build

git clone https://github.com/paraloom-labs/paraloom-core.git
cd paraloom-core

# L2 / validator binaries (release-optimized)
cargo build --release

# Optional: on-chain Anchor program (only if you'll deploy your own)
cd programs/paraloom && anchor build && cd ../..

Binaries land in target/release/ (paraloom, paraloom-node, paraloom-ceremony-*, etc.).

4. Run the test suite

cargo test --all --all-targets
# 407 passed; 0 failed; 0 ignored

If you only want a subset:

# Privacy circuits + types
cargo test --lib privacy::

# Bridge integration
cargo test --test bridge_tests

# Coordinator HA scenario
cargo test --test coordinator_tests

Proving keys

Until the MPC ceremony completes, the proving keys shipped with paraloom-core are devnet-only keys generated by the setup_withdrawal_ceremony binary. They're fine for devnet / local testing. Mainnet keys come from the multi-party ceremony — see Ceremony.

# Generate devnet keys (one-shot, ~1–2 minutes)
cargo run --release --bin setup_withdrawal_ceremony

# Output lands in:
#   keys/devnet/deposit_pk.bin
#   keys/devnet/transfer_pk.bin
#   keys/devnet/withdraw_pk.bin

Solana CLI configuration (validator/builder workflows)

# Devnet (current pre-mainnet network)
solana config set --url devnet
solana-keygen new -o ~/.config/solana/id.json
solana airdrop 2  # for tx fees + validator stake

# Localnet (for E2E development)
solana config set --url localhost
solana-test-validator --reset

Mainnet activation is gated on the MPC ceremony + external audit.

Paraloom node configuration

Create validator.toml:

[node]
data_dir   = "./data"

[network]
network         = "devnet"            # devnet | localnet | mainnet (when live)
listen          = "0.0.0.0:9001"
# bootstrap_peers are read from on-chain ValidatorRegistry — usually no manual entry needed

[consensus]
threshold        = 7                   # of `total_validators`
total_validators = 10
heartbeat_secs   = 5

[bridge]
solana_rpc = "https://api.devnet.solana.com"
program_id = "DSysqF2oYAuDRLfPajMnRULce2MjC3AtTszCkcDv1jco"

[metrics]
listen = "0.0.0.0:9300"               # /health /ready /metrics

[validator]
key_path = "./validator.key"

The on-chain program ID DSysqF... matches the declare_id! in programs/paraloom/src/lib.rs.

Verify the install

paraloom --version
paraloom validator status --config ./validator.toml
curl -s http://localhost:9300/health

If /health returns {"status":"ok"} and validator status shows your peer count, the node is healthy.

Troubleshooting

Next

Quick Start

Build paraloom-core, run the test suite, and join devnet.

Architecture

Module layout, on-chain anchors, and data flow for paraloom-core.

On this page

InstallationSystem requirementsUse a signed release (recommended)Build from source1. Toolchain2. Build dependencies3. Clone & build4. Run the test suiteProving keysSolana CLI configuration (validator/builder workflows)Paraloom node configurationVerify the installTroubleshootingNext