Introduction
What Sombra is, who it's for, and why post-quantum privacy matters on Solana.
Sombra is a private payments protocol on Solana, built post-quantum from genesis. It shields transfer amounts, recipients, and memos on-chain, using cryptography that stays secure against quantum attackers — today and retroactively.
Why "post-quantum from genesis"
Every privacy protocol running today stores encrypted data on-chain. That data can be archived now and decrypted later, once a sufficiently large quantum computer exists. This is called harvest-now, decrypt-later (HNDL), and it makes retrofitting post-quantum crypto fundamentally inadequate for privacy chains — the ciphertexts that leak your 2026 activity will have already been harvested.
Sombra launches with NIST-standardized post-quantum primitives in place from day one:
- Kyber-768 (ML-KEM, FIPS 203) for note encryption
- STARKs for zero-knowledge proofs, with no trusted setup and no elliptic-curve pairings
- Zero-knowledge proofs of decryption in place of classical signatures for spend authorization
- Hash-based key hierarchy with no elliptic-curve operations
No retrofit. No migration event. No window of archived ciphertexts waiting to be broken.
What these docs cover
- Concepts — the privacy model and the specific PQ primitives that make it work.
- Architecture — the on-chain program, the client, and how a transfer moves through the system.
- Security — exactly what Sombra protects, and what it doesn't.
- FAQ — common questions for users and builders.
Sombra is pre-launch. The private beta opens Q3 2026. Some parameters (proof size, fee model, node set) will be locked closer to launch — those spots are marked TBD before beta.
Who this is for
- Users — understand what Sombra shields, the current limitations, and how the beta works.
- Builders — integrate shielded transfers into a wallet, DEX, or treasury tool.
Researchers looking for full protocol detail should read the whitepaper when it publishes.