MD | ZKPs & Rust | verifier @bonsol_labs
Joined May 2017
- Tweets 2,435
- Following 2,066
- Followers 1,624
- Likes 5,232
95 Photos and videos
Pinned Tweet
28 Oct 2023
Ever been stuck for hours while integrating a product? ๐ซ
Well, discover the power of Technical Documentation Audits ๐งต
This post will cover:
๐ What they are
๐ก Why you should perform documentation audits as a Technical Writer or Developer Advocate
๐ ๏ธ How to perform them
1
13
29
2,363
luxorcode retweeted
Jun 16
Sombra wallet skips the ceremony that other zero-knowledge systems depend on.
Those setups hinge on a destroyed secret no one can actually verify is gone, and if even one copy survives, every proof can be forged.
No ceremony. No secret. No way to forge it.
The Sombra way
2
11
142
luxorcode retweeted
Jun 12
oops...leaked: Sombra wallet UI ๐
We're just getting started
2
2
9
184
luxorcode retweeted
Jun 11
Most privacy tools will need to be rebuilt at some point. However, Sombra was built for quantum-safe privacy from the beginning.
No retrofit.
No migration event.
No archive of secrets waiting on a quantum computer
Be the first to try it out ๐ sombra.tech/#waitlist
4
11
160
luxorcode retweeted
Jun 9
There is no "we'll migrate later" for a privacy chain.
The ciphertexts you write today are the ciphertexts an archive holds forever.
Sombra wrote post-quantum from the first block, because there was no other honest choice
3
7
114
luxorcode retweeted
Jun 10
Confidential amounts โ privacy
If your transfers are linkable, the transaction graph reconstructs itself from chain data, and the amounts barely matter.
Sombra makes every transfer unlinkable. No single transaction ever leaks whose on the other side.
Waitlist's still open ๐ sombra.tech/#waitlist
4
10
292
luxorcode retweeted
Jun 8
Move at Solana speeds.
Pay Solana fees.
Leave nothing on Solana that anyone can read.
sombra.tech/#waitlist
1
4
86
luxorcode retweeted
Jun 5
Sombra featured in Anagram's latest report - Taking Solana Post-Quantum.
TL;DR: Solana's ecosystem has made meaningful progress, but it is not production-ready.
Sombra is designed to bring quantum-safe privacy to the app layer, rather than waiting for the base layer migration.
1
1
4
323
luxorcode retweeted
Jun 3
What does Sombra actually look like?
Deposit USDC โ Shield it โ Send without a trace โ Secured by cryptographic proof on-chain.
This is quantum-secure privacy. Everything you need in one wallet.
4
10
637
luxorcode retweeted
May 28
Every other protocol writes your sender, recipient, amount, and memo to a ledger that always remembers.
Sombra writes ciphertexts that no one, not now and not in twenty years, can read.
Same Solana speeds, none of the receipts.
Join the moving train ๐ sombra.tech/#waitlist
2
6
162
luxorcode retweeted
May 25
The future of crypto privacy is quantum-resistant.
Meet Sombra ๐ค
Built for threats that don't exist yet.
Step into the shadow ๐ sombra.tech/#waitlist
1
4
11
403
luxorcode retweeted
May 22
Every encrypted transfer sitting on a privacy chain today is already being harvested for the day quantum can decrypt it.
Sombra brings quantum-safe privacy to Solana. Private trading and transfers, built for the quantum era.
Join the waitlist today, before it's too late: ๐ sombra.tech/#waitlist
May 15
This morning, THORChain was drained of roughly $10.8m
Node operators have freezed the network for nearly 13 hours. The full analysis isn't out yet, but according to @jpthor, this could be a MPC exploit.
ECDSA and TSS is hard. THORChain's vaults rely on TSS, a flavor of MPC where a quorum of nodes jointly produces a signature without ever reconstructing the private key. Clean for Schnorr or EdDSA; painful for ECDSA, which Bitcoin and Ethereum require. That's why we saw plenty of protocol attempts (Lindell17, GG18, GG20, CMP, CGGMP21, DKLS, KU23...), each patching flaws in the previous one.
GG20 has a track record. THORChain's TSS uses GG20, on a fork of Binance's tss-lib. GG20 has shipped two well-publicized critical bugs: CVE-2023-33241 and TSSHOCK. CGGMP21, now cggmp24, are the latest protocols, but GG20 is still widely deployed.
I often hear a misconception when I hear about MPC setup: "The key is split across many nodes, so any single co-signer doesn't really matter".
In every published GG18/GG20 attack, one malicious or compromised co-signer is enough to extract everyone else's shard and reconstruct the full key.
AI changes the threat model. Compromising a full software node, complex Go stack, exposed P2P, custom signing daemons, a churn protocol that admits new participants on a schedule, has always been difficult and acted as a barrier. With LLM-driven vulnerability discovery and exploit synthesis, the bar to compromise one of N validators is dropping fast.
Here, it's a plausible TSSHOCK-style playbook:
- compromise one operator
- wait for it to churn into an active Asgard vault
- send malformed proofs during keygen or signing
- reconstruct the key offline
- sweep in a single transaction
It's unclear yet if the attacker used a known-unpatched GG20 weakness, or a fresh cryptographic flaw.
But, in all cases, MPC and TSS are not a substitute for hardening every co-signer. They sit on top of co-signers that must each be treated as critical infrastructure, hardware-isolated enclaves, minimally exposed, continuously audited, and running protocol with security proofs.
While the investigation progresses, be careful in your interactions onchain. These TSS setup are used in various protocols.
1
9
249
luxorcode retweeted
May 21
Most wallets generate addresses.
Sombra generates invisibility. Quantum-safe from the first keypair created.
Be the first to try it out ๐ sombra.tech/#waitlist
2
7
127
luxorcode retweeted
May 20
One wallet. Two sides. One viewer.
The public column is everyone's. The private column is yours alone, shielded balances, hidden activity, visible only to you.
You see the whole portfolio. The chain sees only the side you left public.
Want to be the first to try it? ๐ sombra.tech/#waitlist
2
2
8
161
luxorcode retweeted
May 18
Your tokens are public knowledge. They don't have to stay that way.
One deposit, and the chain stops watching. Imagine privacy in:
โ๏ธ Amount
โ๏ธ Recipient
โ๏ธ Spend activities
Public by entry. Private by design
๐ sombra.tech/#waitlist
3
8
290
luxorcode retweeted
May 15
Encryption with an expiration date isn't encryption.
Your history shouldnโt belong to anyone else.
Only you can read it.
Today. Tomorrow. After quantum computers arrive.
๐ Get in before everyone else does ๐ sombra.tech/#waitlist
5
13
200
luxorcode retweeted
May 12
HNDL stands for harvest now, decrypt later. it's the bet every privacy chain is quietly making against its own users, and it only fails if the cryptography was quantum-safe from the very first transaction.
1
5
83
luxorcode retweeted
May 14
Solana finally gets a private "send."
Same speed. Same fees. None of the surveillance.
Join the waitlist: ๐ sombra.tech/#waitlist
5
7
19
567
luxorcode retweeted
May 14
Every ciphertext has an expiration date: the day a quantum computer makes it readable. On most privacy chains, that date already exists.
This one was built to never have one
3
7
152
luxorcode retweeted
May 13
Imagine a wallet where:
โ sends need no signature
โ receivers, amounts & token types leave zero trace on-chain
โ USDC USDT move in a single private tx
โ post-quantum crypto, native to Solana
2
7
116