C.01 Halo 2 Recursive zk-SNARK
reference upstream audited; Adamant gadgets pre-audit
§ Security · /security
Security posture,
spelled out.
Adamant's claims are made of cryptography, and cryptography is auditable. This page lists the primitives, their provenance, the threat model, the disclosure protocol, and where to send findings.
§ 01 / Progress
Audit progress, per primitive.
Visible bars. The chain ships when these reach 100% on the audits that matter for consensus and privacy.
C.02 ML-DSA (FIPS 204) Post-quantum signatures
NIST-final standard; Adamant hybrid integration pre-audit
C.03 Ed25519 Classical signatures
industry standard
C.04 ML-KEM-768 (FIPS 203) Post-quantum KEM
NIST-final standard
C.05 Wesolowski VDF Mempool time-lock
parameter review pending; group-of-unknown-order setup
C.06 Threshold BLS Mempool threshold encryption
DKG construction pre-audit
C.07 BLAKE3 Auxiliary hashing
industry standard
C.08 Poseidon zk-friendly hashing
parameters fixed; circuit-level review in flight
§ 02 / Primitives
Cryptographic primitives.
Standard, peer-reviewed primitives. The synthesis is what's novel; the building blocks are not (WP §2.6, §3).
| Code | Primitive | Use | Standard | Audit status |
|---|---|---|---|---|
| C.01 | Halo 2 | Recursive zk-SNARKs | spec | Implementation tracks zcash/halo2; audit pending public testnet. |
| C.02 | ML-DSA (FIPS 204) | Post-quantum signatures | FIPS-204 | NIST-standardised; Adamant's hybrid construction unaudited. |
| C.03 | Ed25519 | Classical signature (hybrid) | RFC 8032 | Industry standard. |
| C.04 | ML-KEM-768 (FIPS 203) | Post-quantum KEM | FIPS-203 | NIST-standardised. |
| C.05 | Wesolowski VDF | Mempool time-lock | spec | Reference implementation pre-audit. |
| C.06 | Threshold BLS | Mempool threshold encryption | spec | Specified in whitepaper §06; audit pending. |
| C.07 | BLAKE3 | Hashing, MAC | 1.x | Industry standard. |
§ 02 / Threat model
What the chain defends against.
Byzantine validators
BFT consensus tolerates f < N/3 Byzantine validators. Floor 7 means f=2 tolerated; ceiling 75 means f=24. Below floor, the chain halts.
Pre-execution MEV
Encrypted-by-default mempool prevents a single validator from reading transaction contents before inclusion. No sandwich, no front-run, no copy.
Network observers
Default-shielded transactions encrypt sender, recipient, amount, and memo. Observers see only the encrypted envelope and the validity proof.
Future quantum adversary
Identity (ML-DSA) and privacy key-agreement (ML-KEM-768) are post-quantum. Classical components (Ed25519, BLS) are bounded to short-lived consensus messages, finalised by recursive proofs.
Long-lived contracts
Mutability is declared per object. IMMUTABLE contracts cannot be upgraded — the rules cannot change without all participants agreeing (a hard fork).
Censorship
Threshold-encrypted mempool produces on-chain censorship proofs when a quorum refuses to include a valid transaction. Censoring validators are slashable.
§ 03 / Audits
External review.
| Auditor | Scope | Period | Report | Status |
|---|---|---|---|---|
| — | Cryptographic primitives | — | — | pre-launch |
| — | Consensus & networking | — | — | pre-launch |
| — | Adamant Move VM | — | — | pre-launch |
| — | Reference wallet | — | — | pre-launch |
Audit reports are published verbatim in adamant-spec/audits/ at the commit they targeted. No selective release; if the result is bad, the result is bad.
§ 04 / Disclosure
Responsible disclosure.
Where to send
security@adamantprotocol.com
PGP fingerprint: — pre-launch —
What to expect
Acknowledgement within 24h. Triage within 72h. Public advisory after the fix is shipped on mainnet, with credit to the reporter unless they request otherwise.
§ 05 / Bug bounty
Reward bands.
| Severity | Impact | Reward · ADM-equivalent USD |
|---|---|---|
| Critical | Loss of funds, halting the chain, signature forgery | $50 000 – $250 000 |
| High | Privilege escalation, privacy compromise, double-spend | $10 000 – $50 000 |
| Medium | Denial of service, consensus delay, RPC abuse | $2 000 – $10 000 |
| Low | Implementation deviations, hardening opportunities | $200 – $2 000 |
Bounty pool funded from the validator-allocated sub-counter through an on-chain custody mechanism declared in the constitution. Paid in ADM, scaled to USD-equivalent at the moment of award.
§ 06 / Incidents
Incident log.
| Date | Severity | Title | Resolution |
|---|---|---|---|
| — | — | No incidents recorded — chain is pre-launch. | The incident log begins at testnet activation. |
§ 07 / Builds
Reproducible.
Builds use Nix for deterministic output. Each release publishes SHA-256 hashes signed by maintainer Ed25519 and ML-DSA keys.
# Verify a release binary git clone https://github.com/adamant-protocol/adamant-node cd adamant-node git checkout v0.1.0 nix build .#adamant-node # or: just build sha256sum result/bin/adamant-node # compare to the table below adamant-node verify-signers v0.1.0 # checks Ed25519 + ML-DSA on the release manifest
| Artefact | Version | SHA-256 | Signers |
|---|---|---|---|
| adamant-node | v0.1.0 | — pre-launch — | Ryan Geldart |
| adamant-wallet (iOS) | v0.1.0 | — pre-launch — | Ryan Geldart |
| adamant-wallet (Android) | v0.1.0 | — pre-launch — | Ryan Geldart |
§ 08 / Signing keys
Who signs what.
Every release artefact carries a classical + post-quantum signature. The list below is the canonical roster of authorised signers.
| Signer | Role | PGP / Ed25519 | ML-DSA |
|---|---|---|---|
| Ryan Geldart | Spec maintainer · genesis cohort | — pre-launch — | — pre-launch — |
Fingerprints are published here and signed by the prior release's key on rotation. Compromise of any single key requires consensus among the remaining signers to revoke and re-issue.