FAQ

Common questions about Sombra for users and builders.

For users

Is Sombra live?

No. Private beta opens Q3 2026. The waitlist at sombra.xyz is the way in. Do not commit production value to any endpoint claiming to be Sombra today.

What does Sombra protect?

On-chain observers see that a transfer happened, but not the amount, sender, or recipient. Vaults belonging to the same user cannot be linked from chain data alone. Ciphertexts archived today cannot be decrypted later by a quantum attacker. See Security for the full model.

What does Sombra not protect?

At MVP: initial deposits reveal the wallet → vault link, withdrawals reveal the destination, wrapped tokens inherit source-chain exposure, and network-level metadata (IP, timing) is outside the protocol. See Security for details.

Do I need a special wallet?

You interact with Sombra through a browser extension. Details on which wallets integrate support — and how to use your existing keys — will be published before beta.

Does this replace my regular wallet?

No. Sombra is a shielded layer on top of Solana. You keep your regular wallet for public activity and use Sombra for anything you want shielded.

Is there a token?

A Sombra-issued quantum-native token is on the research roadmap as part of the vault-less token work. It is not committed to a launch timeline.

For builders

How do I integrate Sombra into my app?

The client ships as a browser extension with an SDK surface for apps that want to trigger or compose shielded transfers. Integration interfaces, package layout, and example flows will be published before beta.

What does a Sombra transaction look like on Solana?

A standard Solana transaction calling the Sombra program, carrying: a nullifier (to retire an input note), an output commitment (a new note), the Kyber-768 ciphertext of the output note, and a STARK proving the whole thing is valid. See Architecture.

Can I run my own prover?

The MVP prover is server-side on GPU. A distributed prover network is planned as future work. Self-hosted proving is not in scope for the initial release.

Can I build on the protocol before beta?

Integration design conversations are welcome through the GitHub issues on the docs site. Protocol specifics that remain TBD before beta — proof size, fees, SDK surface — are gated behind beta launch.

On the cryptography

Why not just use Zcash's design?

Sombra's shielded UTXO model is directly inspired by Zcash, but the cryptographic primitives are not the same. Zcash today uses elliptic-curve commitments, Ed25519 or RedPallas signatures, and pairing-friendly SNARKs. All of those break under quantum attack. Sombra replaces every one of them with a post-quantum primitive from the start.

Why post-quantum now?

For privacy chains specifically, "migrate later" doesn't work. Ciphertexts sitting on-chain today are already part of the long-term record. A quantum adversary can harvest them now and decrypt them when the capability arrives. Every day a privacy chain runs on classical crypto is another day of archived plaintext at risk. See the Introduction.

Why Kyber-768 specifically?

Kyber-768 is the NIST-standardized ML-KEM at security category 3 (FIPS 203). It's the reference post-quantum KEM — well-studied, widely reviewed, and backed by a large body of implementation work.

Why STARKs over lattice-based SNARKs?

STARKs require no trusted setup (no ceremony, no toxic waste), avoid elliptic-curve pairings entirely, and reduce to collision-resistance of standardized hashes. They're conservative and already widely deployed.

How big are the proofs?

TBD before beta. Proof size is still being optimized. Updated numbers will land here when MVP benchmarks stabilize.

What's the anonymity set?

Every transfer includes 7–8 protocol-enforced decoy UTXOs alongside the real inputs. Users cannot choose a smaller decoy set — this is a deliberate design choice to prevent users from weakening their own privacy.

On the organization

Who builds Sombra?

Sombra is built by Bonsol Labs. The product was previously codenamed QCash; public docs and the website use the Sombra name.

Where do I report bugs or request features?

GitHub issues on the docs repository. A formal responsible-disclosure process for security-relevant findings will be published before beta.

Security

The explicit threat model — what Sombra protects, and what it doesn't.

On this page

For usersIs Sombra live?What does Sombra protect?What does Sombra not protect?Do I need a special wallet?Does this replace my regular wallet?Is there a token?For buildersHow do I integrate Sombra into my app?What does a Sombra transaction look like on Solana?Can I run my own prover?Can I build on the protocol before beta?On the cryptographyWhy not just use Zcash's design?Why post-quantum now?Why Kyber-768 specifically?Why STARKs over lattice-based SNARKs?How big are the proofs?What's the anonymity set?On the organizationWho builds Sombra?Where do I report bugs or request features?