ParaloomPARALOOM

Security

Security model and considerations for Paraloom

Security

This document outlines Paraloom's security model, assumptions, and best practices.

Security Model

Cryptographic Assumptions

Paraloom's security relies on:

AssumptionDescription
Poseidon HashCollision-resistant (128-bit security)
Groth16 zkSNARKSound under q-SDH assumption
BLS12-381 CurveDiscrete log hardness (128-bit)
Trusted SetupCeremony performed correctly

Byzantine Fault Tolerance

ParameterValue
Threshold7/10 (70%)
Max Malicious3/10 validators
Reputation SystemReduces unreliable validators

Threat Model

Paraloom Threat Model

Attacks Prevented

Double Spending

Nullifier tracking prevents spending the same note twice.

Inflation

zkSNARK proofs ensure valid amount transitions.

Transaction Linking

Zero-knowledge proofs hide sender, recipient, and amounts.

Malicious Validators

7/10 consensus threshold tolerates 3 malicious validators.

Attacks NOT Fully Prevented

These attacks require additional mitigation at the application level.

AttackDescriptionMitigation
Timing AnalysisTransaction timing may leak informationUse random delays
Amount AnalysisUnique amounts can be tracedUse standard denominations
Network AnalysisIP addresses may be observedUse Tor/VPN
Front-runningTransactions may be observed in mempoolUse commit-reveal

Privacy Guarantees

What is Hidden

  • Transaction amounts (except at deposit/withdrawal)
  • Sender identity
  • Recipient identity
  • Transaction graph connections

What is Visible

  • Deposit events (amount visible)
  • Withdrawal events (amount visible)
  • Nullifiers (unlinkable to deposits)
  • Merkle root updates

Trusted Setup

Current Status: TESTNET ONLY

The current trusted setup is centralized and NOT suitable for production.

Production Requirements

For mainnet deployment:

  1. Multi-Party Computation Ceremony

    • 50+ independent participants
    • Geographically distributed
    • Verifiable participation

  2. Security Guarantees

    • Only 1 honest participant needed
    • Public verification of ceremony
    • Toxic waste destruction proof

  3. Ceremony Process

    Participant 1 → Compute → Pass to Participant 2
Participant 2 → Compute → Pass to Participant 3
...
Participant N → Finalize → Publish Keys

Code Security

Audit Status

ComponentStatus
Privacy LayerInternal review
ConsensusInternal review
BridgeInternal review
Solana ProgramInternal review

External security audit planned before mainnet launch.

Known Limitations

  1. No Formal Verification

    • Circuits not formally verified
    • Rust code not formally verified

  2. Limited Testing

    • 197 tests, but not exhaustive
    • Fuzz testing not complete

  3. Single Implementation

    • No alternative implementations to compare

Validator Security

Secure Key Management

# Generate validator keys securely
paraloom-node keygen \
  --output ./validator-key.json \
  --entropy-source /dev/random

# Set restrictive permissions
chmod 600 ./validator-key.json

# Backup securely (offline)
cp ./validator-key.json /secure/backup/

Network Security

# Firewall configuration
ufw allow 9000/tcp  # P2P
ufw deny 9090/tcp   # Metrics (internal only)

# Rate limiting
iptables -A INPUT -p tcp --dport 9000 \
  -m connlimit --connlimit-above 50 -j REJECT

Monitoring

Monitor for:

  • Unusual verification patterns
  • Consensus participation drops
  • Reputation score changes
  • Memory/CPU spikes

User Security

Wallet Security

  • Use hardware wallets for large amounts
  • Never share private keys or seeds
  • Verify addresses before sending
  • Test with small amounts first

Note Security

Shielded notes contain:

  • Commitment
  • Amount
  • Randomness
  • Secret

If you lose your notes, you lose access to your funds!

Backup strategy:

# Encrypt notes before backup
gpg --symmetric --cipher-algo AES256 notes.json

# Store in multiple locations
cp notes.json.gpg /backup1/
cp notes.json.gpg /backup2/

Privacy Best Practices

  1. Use Unique Addresses

    • Different deposit address each time
    • Different withdrawal address each time

  2. Avoid Unique Amounts

    • Use standard denominations (1, 10, 100 SOL)
    • Split large amounts into smaller transactions

  3. Timing Obfuscation

    • Wait random intervals between operations
    • Don't deposit and withdraw same amount quickly

  4. Network Privacy

    • Use Tor for transaction submission
    • Use VPN as additional layer

Incident Response

Reporting Security Issues

Do NOT publicly disclose security vulnerabilities!

Report to: security@paraloom.network

Include:

  • Detailed description
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Bug Bounty Program

SeverityReward
CriticalUp to $50,000
HighUp to $20,000
MediumUp to $5,000
LowUp to $1,000

Roadmap

Before Mainnet

  • Multi-party ceremony (50+ participants)
  • External security audit
  • Formal verification of circuits
  • Bug bounty program launch
  • Economic security analysis
  • Validator network decentralization

Ongoing

  • Regular security reviews
  • Continuous monitoring
  • Incident response procedures
  • Community security education

Use Cases

Real-world applications and scenarios for Paraloom

Performance

Performance characteristics and benchmarks

On this page

SecuritySecurity ModelCryptographic AssumptionsByzantine Fault ToleranceThreat ModelAttacks PreventedAttacks NOT Fully PreventedPrivacy GuaranteesWhat is HiddenWhat is VisibleTrusted SetupProduction RequirementsCode SecurityAudit StatusKnown LimitationsValidator SecuritySecure Key ManagementNetwork SecurityMonitoringUser SecurityWallet SecurityNote SecurityPrivacy Best PracticesIncident ResponseReporting Security IssuesBug Bounty ProgramRoadmapBefore MainnetOngoing