Security

The explicit threat model — what Sombra protects, and what it doesn't.

This page states, explicitly, what Sombra defends against and what it does not. If you're evaluating whether Sombra is the right tool for your use case, read this carefully.

The adversary

Sombra is designed to hold up against an adversary with these capabilities:

  • Quantum-equipped at some future time T. Can run Shor's algorithm against elliptic-curve problems and Grover's algorithm against hash-based problems, at scale.
  • Network-observing. Sees every Solana transaction since genesis.
  • Active. Can submit their own transactions, attempt to forge, attempt to replay.
  • Archival. Can store today's ciphertexts and decrypt them later, once quantum capabilities exist.

The adversary cannot break:

  • Module-LWE hardness (the foundation of Kyber-768).
  • Collision-resistance of standardized hash functions (SHA-3, Poseidon).
  • STARK soundness.

If any of the above falls, Sombra's guarantees fall with them.

What Sombra protects

Confidentiality of transfers. Amounts, recipients, and memos are hidden in the encrypted note payload. They remain hidden even if the ciphertext is archived today and the adversary acquires a quantum computer later.

Vault unlinkability. Distinct vaults belonging to the same user cannot be linked from on-chain data alone. Observers cannot cluster vaults by activity pattern.

Soundness. No counterfeit value can be minted. Every output note is backed by input notes of equal total value, enforced by the STARK constraint system.

Spend authorization. Only the holder of the Kyber-768 secret key can authorize a spend. The ZK proof of decryption binds the spend to knowledge of the secret, without revealing it.

Transfer-graph privacy. Who-paid-whom cannot be reconstructed from chain data. Each transfer's input and output commitments are unlinkable beyond what a single commitment reveals.

What Sombra does not protect (MVP1)

These are known limitations of the MVP. Some are addressed in the roadmap; some are out of scope for any cryptographic protocol.

Depositing an asset into a vault produces a visible on-chain edge between the external wallet and the vault. Observers can see that wallet X funded vault Y. Once the user transacts inside the shielded pool, subsequent activity is private — but the initial funding step is not.

Mitigation path: A vault-less quantum-native token is proposed in the research roadmap. Minting such a token would not require the deposit step, eliminating the on-ramp link. This is a research direction without a committed timeline.

Practical advice today: If on-ramp privacy matters to you, fund the vault through a path that doesn't tie your identity to the external wallet used for the deposit.

Wrapped-token provenance

Assets bridged from chains that rely on classical-signature cryptography inherit the source chain's quantum exposure. A quantum adversary who can break the source chain's signatures can, in principle, counterfeit on the source chain, which affects the wrapped representation in Sombra.

Practical advice: Understand the provenance of any wrapped asset you bring into Sombra. Sombra's post-quantum guarantees apply to Sombra's own primitives — they don't upgrade the security of a classical asset bridged in.

User-side key compromise

If the user's seed is stolen, their vault is compromised. Sombra cannot defend against endpoint compromise, malware, phishing, or coerced disclosure.

Practical advice: Standard key hygiene. Hardware isolation for the seed is recommended.

Side-channel and physical attacks

Timing, power, and electromagnetic side channels on the user's device are out of scope. Physical attacks on the device are out of scope.

Solana consensus failure

Sombra inherits Solana's L1 security model. If Solana halts, reorgs, or is compromised at consensus layer, Sombra is affected accordingly.

Network-layer metadata

IP metadata, timing correlation across transactions, and other network-level identifiers are not hidden by Sombra. An observer with access to network-level metadata can correlate submissions even if the on-chain data is shielded.

Practical advice: If network-level privacy matters, submit transactions through a privacy-preserving relay.

Off-chain correlation

If a user publicly announces a deposit, signs a message tying a vault to an identity, or leaks side-channel information through an application, the cryptography can't undo it.

Audit status

Sombra is pre-launch. Audit scope, auditors, and publication cadence are TBD before beta. No production value should be committed until audits publish.

Responsible disclosure

A responsible-disclosure process will be published before beta. In the interim, security-relevant findings can be routed through the GitHub issues linked in the site header.

Architecture

How Sombra is assembled — the Solana program, the client, the prover, and the node set.

FAQ

Common questions about Sombra for users and builders.

On this page

The adversaryWhat Sombra protectsWhat Sombra does not protect (MVP1)On-ramp identity linkWrapped-token provenanceUser-side key compromiseSide-channel and physical attacksSolana consensus failureNetwork-layer metadataOff-chain correlationAudit statusResponsible disclosure