Lelantus Spark Cryptography Audit Proposal

Posted on 2021-10-04 by mikerahq
Status: Completed

Lelantus Spark Cryptography Audit Proposal by HashCloak


Lelantus Spark is the next generation Lelantus protocol, jointly designed by Aram Jivanyan and Aaron Feickert. It improves upon the current Lelantus protocol by providing recipient privacy, fine tuned selective disclosure and other user friendly improvements. Further, the authors have provided more formal security arguments, ensuring more confidence in the Lelantus Spark construction.

Due to community interest across cryptocurrency ecosystems, the Lelantus Spark protocol would benefit from a cryptography audit. HashCloak would like to provide such an audit for the Firo community.

About Us

HashCloak Inc is a R&D lab and consultancy focused on privacy, anonymity and scalability for blockchains and cryptocurrencies. Founded in 2019, the Toronto-based team is well-known for working on state of the art Ethereum projects such as Ethereum 2.0, Shyft Network and Althea, for pioneering optimistic rollups and bringing forth the first empirical analysis of Ethereum’s privacy guarantees and applications. Recent projects such as Meson, a mix network project, and an SoK on universal SNARKs, delved into areas such as Multi-Party Computation (MPC), anonymous networking, Private Information Retrieval (PIR), zero-knowledge proofs and the intersection of cryptography, game theory and finance.

Audit Proposal

Audit Scope

The scope of the audit will be as follows: * Verifying that the security proofs in the paper are indeed correct * Providing alternative security proofs to ensure that the properties for Lelantus Spark are indeed correct * Identifying any security issues by providing counterexamples to security proofs and statements


Mikerah Quintyne-Collins is an independent researcher and founder and CEO of HashCloak, a blockchain privacy R&D startup with a global team. Her research focuses on networking, validator privacy, and optimistic rollups. She organized Scaling Ethereum, a research workshop bringing together top Ethereum researchers to work on Ethereum’s most pressing scalability problems. Currently, she’s focused on privacy for blockchains, specifically mixers and mix networks for cryptocurrency transactions. Previously, she was part of the ChainSafe Systems team working on ETH2.0, namely the Lodestar Typescript client. She was awarded a Vitalik YOLO grant for her work on ETH2.0.

Karl Yu is a researcher at HashCloak. His research focuses on zero-knowledge proofs, decentralized systems design, and blockchain protocol design. He’s contributed to several Mandarin translation articles about some of the core technical aspects of Ethereum. Karl has been an active member of the ZKProof research community since 2019. More recently, he is the lead author of an in-progress paper systematizing general purpose ZK-SNARKs protocols. He is familiar with Rust and Solidity. He has a bachelor’s degree in software engineering from WenZhou University.

Er-Cheng Tang is a research engineer with interest in cryptography and computer security. He engaged in projects that focused on exploiting and protecting against common security vulnerabilities, and worked as a system engineer in a hardware security company to strengthen the embedded systems. He is familiar with C, C++, Python, and Golang. He has a background in mathematics, and he conducted a research on improving the communication efficiency of zero knowledge arguments. Currently, he contributes to the Meson project and makes blockchain security audits with the HashCloak team.

Costs and Milestones

The overall costs of the audit will be $20K USD. The payments will be tied to milestones.

We propose the following payment schedule:

Milestone Tasks Week Fees
1 Read the following documents: 1) Lelantus Protocol. 2) Lelantus Spark. Any documents that we feel that is relevant will be read as well. 1-2 $8K
2 1) Start Cryptography analysis with emphasis on the following: Verify security proofs, Come up with alternate security proofs, Finding security issues. 2) Delivery of initial report. Note that this part of the audit is open-ended and exploratory due to the nature of working with mathematical proofs and constructions 2-4 $8K
3 1) Working with the Lelantus Spark authors on rectifying any issues that may have arisen during the audit. 2) Update the audit report. 5-6 $4K
Total $20K

We expect the audit to take 4 weeks for the initial delivery of the report and 1 to 2 weeks for verifying and assisting the authors in rectifying issues.

The start date for the audit is flexible depending on when the Firo community would like the audit done.

You need to be logged in to comment.

reuben [admin] 2022-01-20 06:55 The audit is complete and can be read here.
We are arranging payment to Hashcloak for this. Thank you to everyone who donated!
reuben [admin] 2021-12-09 07:44 Our interactions with Hashcloak have been very positive and they are being very thorough with the audit which we appreciate. Looking forward to the audit results. reply
mikerahq [op] 2021-11-30 02:44 Short update: The audit was meant to end today with the delivery of the report. However, due to the fact that we are dealing with mathematical proofs and are attempting alternate proofs for bespoke constructions given in the Lelantus Spark paper, we are taking more time for this portion. We want to provide a thorough review of the cryptographic constructions used in Lelantus Spark.
We hope you understand.
- HashCloak Inc
mikerahq [op] 2021-11-22 18:06 I've been providing updates directly to the researchers over the course of the audit.
I will provide a short update to the community.
The first two weeks were spent doing the background research as promised in addition to ideating on how to prove/break the protocols. In the midst of this, the paper went through several revisions. Now, we are in the last 2 weeks of the audit in which we attempt to tackle the proofs and constructions in the paper. During this team, the Lelantus Spark team got their reviews back from FC 2022 with comments mainly regarding the security proofs. As such, we will focus more on that angle in order to prepare the Lelantus Spark team for more peer review.
reuben [admin] 2021-11-01 02:39 Core has contributed another 500 FIRO reply
reuben [admin] 2021-10-15 05:24 Thanks for all the donation guys! Core team has contributed 1500 FIRO to this thus far. reply
reuben [admin] 2021-10-09 18:06 Hi, I would greatly support this.
Mikerah has been keeping track of Firo research for a long time and the cost of the audit is reasonable considering the scope and she has kindly granted a discount from her usual rates.
reuben [admin] 2022-04-19 17:31 Moved to status "Completed".
reuben [admin] 2021-10-15 01:03 Moved to status "Funding".
reuben [admin] 2021-10-14 12:20 Moved to status "Funding".