UPDATE: The various orgs and protocol developers mentioned have agreed on the specific consensus rule changes for Ironwood, after settling the finer details. Here's a summary: 1. Ironwood introduces a new pool using the Orchard protocol, just like the existing pool. 2. The circuit for the Orchard protocol—which applies to both the existing Orchard pool and the new Ironwood pool—will have a flag that consensus rules can toggle. This flag disables payments to *other* users within that pool, while maintaining the ability to create change notes. (This enables a privacy safeguard.) 3. The old Orchard pool will have this flag enabled after the network upgrade, and payments to the old pool will also be disabled by constraining valueBalance. 4. Because payments are disabled on the old pool, wallets must send new payments to Orchard receivers (inside existing unified addresses) via the new pool, and they should also migrate funds away from the old pool. This combination enforces a bound on the circulating supply of ZEC through the use of the existing turnstile mechanism; the amount of ZEC that anyone can transact with is no more than the amount that is supposed to exist. Meanwhile, users' wallets can migrate funds to protect them from risk, which also gradually provides evidence that counterfeiting never took place. Now that we have this decided, we'll collectively move on to the implementations, specifications, and ecosystem support/outreach. (We also have many different auditing and formal verification efforts taking place behind the scenes to provide assurance about the circuit correctness. More on that soon!)

Since we started the project, I’ve been telling the @circle team that this will be the last privacy solution in blockchain space. And we delivered. What we have built is not just privacy-preserving smart contracts. Instead, it's a paradigm shift in how blockchains, composability, and privacy need to co-exist. The design addresses the two core failures of prior privacy systems: lack of composability and a painful developer journey. Pure cryptographic privacy is elegant, but expensive and hard to scale in practice. Instead, this design builds on the now-established trend of cryptographic enclave technologies. What we’ve built is a parallel execution environment on @arc : Arc public blockchain continues processing cleartext blocks, while the Arc privacy sector operates as a parallel privacy-preserving virtual machine that processes encrypted transactions. State, transactions, and user accounts remain hidden. Validators cannot inspect what’s inside, even if they try to snoop or are compromised. Yet they continue producing blocks for both public and private states in sync, committing to each state tree. That is also a major difference from designs that rely on access control, which inevitably creates failure points and data exposure risk. The public and private state composition is the game changer for developing. For the first time, users can move between private and public state within the same block space. No bridge. No extra wallet layer. No separate accounts. A single transaction can move between private and public execution with zero friction. Furthermore, the environment gives users post-quantum protection by design. Transactions and accounts remain encrypted, and public keys stay protected under post-quantum secure algorithms. Any account or asset created inside the privacy sector is automatically post-quantum secure. The result: a fully composable privacy sector on @arc that is post-quantum secure and seamlessly interoperable with public execution. This is the last privacy layer in Web3. See the whitepaper: 6778953.fs1.hubspotuserconte… @circle @arc

Together with @zodl_co, @ZcashFoundation, @ValarGroup and @ShieldedLabs, we're advocating for a network upgrade that would make ZEC's circulating supply auditable, providing additional reassurance that no counterfeiting occurred in the Orchard pool before this week's bugfix. tachyon.z.cash/blog/auditing…

the activity around the $ZEC pool the exploit was found in is the wildest data i've seen for a situation like this the only thing that would explain this behavior is that the majority of the tokens in this pool is highly concentrated to a small set of users and they don't want to expose this fact by unshielding i just dont understand how anyone in their right mind would stay shielded when you can simply unshield to a transparent address and shield again after the coast is clear if you want to move to a new pool you would need to unshield as well so might as well just do it now while there is any sort of uncertainty and risk and then there's the price action, where did the dump come from if nobody unshielded to sell? so unshielded transparent $ZEC holders were the dumpers when they are the safe ones? or the dump came ENTIRELY from perps? why would the holders of the safe tokens be the ones dumping while the exposed holders of potentially counterfeit tokens stay pat and in the pool or add to the pool? quite mind-boggling this flow

lol im afraid youve become possessed by an ai datacenter doomer / bernie sanders hybrid I told you three times now that tachyon pool will be *formally verified* and *mathematically sound*. Ai might help discover vulnerabilities in software but it turns out it ALSO helps you build more sound systems that will reduce the risk in that class of bug by orders of magnitude. and it will be combined with fuzzing and reduction in circuit arithmetic and quantum proofing cryptographic-currencies, it turns out, use cryptography. And it turns out you can improve that cryptography! There is no getting around this. The entire industry relies on this. By this logic you should never use software again (which includes your favorite coin, the risks simply change form, they dont eliminate) You can get the risk to be extremely low but never zero. No amount of doomerism on the advancements here is going to get anyone to stop. I suggest you start helping so we can all be better off! (If your general point is that users should be more informed on the tradeoffs, i agree. I will figure out a way to do that. But fear mongering is not productive)

We have some crazy formal verification engineering going on at zkSecurity and IMO it’s too little well known. Clean has been continuously worked on for almost 2 years now, and we have a big update here: blog.zksecurity.xyz/posts/cl…

To get ahead of scams, if you're interested in donating to me for finding the Zcash bug, my addresses are in this post or in my replies below (be careful to check the exact username for lookalike scammers). Nothing else has been approved by me. Note: I intend to apply for a bounty through a Zcash coinholder grant, so donations are much appreciated but not necessary! Zcash: u1k6y9wpyc5m5ec3wz49ny9chewklyexn8rdj7928n3zswh0gwl0gh3zwwg37p76j7vrrv8s0dj8rhjfc49pg9yv9mjdea2sn86tnjh99a9424cdvw3aadyz8v40ddancr7e4kjzw07qhrcdez3d9sycx89f87vjw7eaxys2aktsm57tkp t1eykDAemzff7oPAA2E43Z47iawATB4bZRy Solana: D6c34hRcmhkHMXaAhoPXgVw9JYrh84saeSfYnk7ZSjeW ETH: 0x1b8203102aE3469a67E78FF9a78d8A5cC7E7e769 BTC: bc1qtxqv8fzj2pnewj2y5l8nh4ur4rkrvm2kv6mlp9