Olivia
Online
PLabs
@_PLabs
We build privacy
1. pERC20: EIP-8287-Draft-
https://t.me/perc20labs
Joined July 2021
100 Following
744 Followers
1.2K Posts
ย Pinned Tweet
Excited to share our research proposal, HIP-6: Dark Pool on Hyperliquid, for @HyperliquidX ๐ (https://t.co/ye1YzfPlsD)
The problem isn't transparency itself โ most flow trades fine on a lit book. It's size. A large order on an open book moves price against itself and invites front-running, so institutions route block flow off-exchange (40%+ of US equity volume). On-chain that pain is worse: orders, balances, and counterparties stay public forever. Today there's nowhere on-chain to execute size privately.
HIP-6 reproduces a TradFi dark pool, natively on-chain: โข Encrypted RFQ to a self-chosen LP set โ nothing public pre-trade โข Settled at the Hyperliquid lit reference price (read from HyperCore) โข No order book, no matcher, no price discovery โ no AMM slippage โข Non-custodial, atomic settlement on HyperEVM
And a dark pool isn't a mixer โ it's private to the public, transparent to the regulator: โข Clean-entry via ZK association proofs (Privacy Pools) โข Traceable through escrowed viewing keys โข Enforced by deny-spend freezes โ funds are never seized โข Selective disclosure on demand
Why Hyperliquid? Replicating this needs all three at once: a high-quality on-chain reference price (HIP-1), an EVM for shielded state (HyperEVM), and deep TVL to recycle into liquidity. HL is the only place that has all three.
The result: institutions trade size confidentially, LPs put idle TVL to work, and Hyperliquid opens a new lane of institutional block flow โ without cannibalizing existing volume.
Looking forward to all feeadbacks @chameleon_jeff @HyperliquidX @HyperFND @Sterling_hl
1/1 We then had Opus 4.8 check two live privacy protocols โ @RAILGUN_Project and @0xprivacypools โ for whether they use Circom/circomlib correctly.
Verdict: both are safe. Range checks use Num2Bits with safe bit-widths, selectors are binary-constrained, and they rely on the field-IO EdDSAPoseidonVerifier rather than the legacy bit-IO path.
The takeaway: the bug classes Opus surfaces are the kind that audit firms and tooling already catch โ funded projects that paid for audits are in good shape.
But if you're a project without the budget for an external audit, take a close look. These footguns are exactly where under-audited circuits bleed funds. ๐
๐ circomlib is safe โ but if you build on it, mind your funds.
Inspired by Opus 4.8's stunning catch of the @Zcash inflation bug, we had it audit Circomlib โ the circuit library behind nearly every ZK privacy project (Including us): https://t.co/VnLFHrPDvY
Verdict: Circomlib itself is safe. Opus found no directly exploitable bug.
But it pushes critical safety preconditions (subgroup checks, canonical bit uniqueness, input ranges, binary selectors) onto the caller. Misuse them and you risk double-spends, minting, or signature forgery โ i.e. real funds.
Full audit report below๐
https://t.co/KNHhkhiWON
Devs, check your circuits against it. Opus even shipped runnable PoCs proving the dangers are real, not theoretical.
Draft: https://t.co/yMK4a3z6gq
Who to follow
Ye Zhang
@yezhang1998
Doing research about crypto, system and hardware | ไธญๆ็ข็ขๅฟต @yezhang_cn
Nico
@nico_mnbl
'picious until proven otherwise @zksecurityXYZ. Research and cryptography. Recurring co-host on @zeroknowledgefm. Also a troubadour and chess enthusiast
Payne
@OctPayne
Developer of crypto
@cz_binance: "...If you want to trade privately, you could use @Aster_DEX..."
@notthreadguy: "Why couldn't @chameleon_jeff and @HyperliquidX just add Dark Pool privacy functionality..."
@cz_binance: "I would say they should..."
Glad to see the sentiment that "DEXs should have kind of Dark Pool functionality." We are cooking @HYPERDailyTK . ๐ฅ
CZ ่ฐ Aster ้่ฆๅไปไนๆ่ฝ่ถ
่ถ Hyperliquid (ๅๅฒ่ง้ข)
ๅธๅฎๅๅงไบบ่ตต้ฟ้น๏ผCZ๏ผ@cz_binance ๅจ 2025 ๅนด 10 ๆ 11 ๆฅๆฅๅ threadguy ้ข้้่ฎฟๆถ๏ผ่ขซ้ฎๅ Aster ้่ฆๆไนๅๆ่ฝ่ถ
่ถ Hyperliquid ๆถ๏ผCZ ่กจ็คบไบ่
ๅนถ้็ฎๅ็ซไบๅ
ณ็ณป๏ผ่ๆฏ้ขๅไธๅๅบ็จๅบๆฏใ
Hyperliquid ๆด้ๅโๅ
ฌๅผไบคๆใๆๆไบบๅฏ่งโ๏ผ่ Aster ๅจ้็งๅๅ็่ตไบงๅ
ๅผไธๆดๅผๆพ๏ผไธๅชๆฏไป
้ BNB ้พ็ Perp DEXใCZ ๆๅบ๏ผไธค่
ๅไธบ่ฟไธคๅนด็ๆฐไบงๅ๏ผๆชๆฅๆ ผๅฑไปๆช็กฎ๏ฟฝ๏ฟฝ๏ผ็่ณๅฏ่ฝ่ขซๅๆฅ่
ๅไปฃ๏ผโไธ่ฟๅ็ฌฌไบๅๅ่่ฝ้ฟๅผๅพๅคๅโใ
ๆฅๆบ๏ผthreadguy
Privacy101: Understand @Zcash Orchard - How your money stays private๏ผ
---
Previous in this series:
Ch 1 โ Orchard key components: https://t.co/DI5IszIreL
Ch 2 โ How does the user receive tokens with IVK?: https://t.co/ChiJxnDJaj
Ch 3 โ How does user disclose transaction details with OVK?: https://t.co/aadpcAnCKN
A shielded balance is not an account balance โ it is a bag of notes. Each note is a private coin with its own commitment on chain. This chapter: what is inside a note, what the chain sees, and how regulators link a spent nullifier back to the note commitment that created it.
1. What is inside a note?
Orchard note (private): (d, pkd, v, ฯ, ฯ, rcm) โ recipient address, value in zatoshi, nullifier randomness, commitment trapdoor (ยง3.2).
2. What the chain sees
Same note, two public fingerprints โ no plaintext:
Tx1 (output): cmx โ note created.
Tx2 (input, later): nf โ note spent.
C_enc carries encrypted data for the recipient; observers still cannot read d, v, or memo, and cannot link cmx to nf.
3. Linking nf to cmx โ regulator with FVK
On chain, cmx (Tx1) and nf (Tx2) are unlinkable. IVK or OVK alone cannot bridge them โ the link needs nk, which lives inside Full Viewing Key (ak, nk, rivk). FVK still cannot spend (no ask).
Step 1 โ Find the note. Trial-decrypt every Action's C_enc with ivk. One decrypts โ plaintext (d, v, rseed, memo); that Action is Tx1.
Step 2 โ Rebuild and verify. Take ฯ and cmx from the Tx1 Action (public), expand rseed โ ฯ, rcm, compute cm = NoteCommit(...), and check cm = cmx.
Step 3 โ Recompute the nullifier. nf' = Extract_P( [F_nk(ฯ) + ฯ mod p]ยทG + cm ). All four inputs needed: nk, ฯ, ฯ, cm.
Step 4 โ Match the spend. Scan every Action's nullifier for nf'. When it appears as the nf of Tx2, that transaction spent this note โ cmx (Tx1) and nf (Tx2) are now linked.
FVK also derives ovk for outgoing audit (Ch3). Share FVK only under compliance duty โ it exposes full incoming + outgoing history and spend linkage.
![_PLabs's tweet photo. Privacy101: Understand @Zcash Orchard - How your money stays private๏ผ
---
Previous in this series:
Ch 1 โ Orchard key components: https://t.co/DI5IszIreL
Ch 2 โ How does the user receive tokens with IVK?: https://t.co/ChiJxnDJaj
Ch 3 โ How does user disclose transaction details with OVK?: https://t.co/aadpcAnCKN
A shielded balance is not an account balance โ it is a bag of notes. Each note is a private coin with its own commitment on chain. This chapter: what is inside a note, what the chain sees, and how regulators link a spent nullifier back to the note commitment that created it.
1. What is inside a note?
Orchard note (private): (d, pkd, v, ฯ, ฯ, rcm) โ recipient address, value in zatoshi, nullifier randomness, commitment trapdoor (ยง3.2).
2. What the chain sees
Same note, two public fingerprints โ no plaintext:
Tx1 (output): cmx โ note created.
Tx2 (input, later): nf โ note spent.
C_enc carries encrypted data for the recipient; observers still cannot read d, v, or memo, and cannot link cmx to nf.
3. Linking nf to cmx โ regulator with FVK
On chain, cmx (Tx1) and nf (Tx2) are unlinkable. IVK or OVK alone cannot bridge them โ the link needs nk, which lives inside Full Viewing Key (ak, nk, rivk). FVK still cannot spend (no ask).
Step 1 โ Find the note. Trial-decrypt every Action's C_enc with ivk. One decrypts โ plaintext (d, v, rseed, memo); that Action is Tx1.
Step 2 โ Rebuild and verify. Take ฯ and cmx from the Tx1 Action (public), expand rseed โ ฯ, rcm, compute cm = NoteCommit(...), and check cm = cmx.
Step 3 โ Recompute the nullifier. nf' = Extract_P( [F_nk(ฯ) + ฯ mod p]ยทG + cm ). All four inputs needed: nk, ฯ, ฯ, cm.
Step 4 โ Match the spend. Scan every Action's nullifier for nf'. When it appears as the nf of Tx2, that transaction spent this note โ cmx (Tx1) and nf (Tx2) are now linked.
FVK also derives ovk for outgoing audit (Ch3). Share FVK only under compliance duty โ it exposes full incoming + outgoing history and spend linkage.](https://pbs.twimg.com/media/HKiIxQEaAAA-W9_.jpg)
https://t.co/lfqhpWsPGx
Big Solana news:
The Light Protocol team is joining Helius to help build Solana's most complete ZK privacy layer.
Private payments, markets, and finance -- at Solana scale.
Fully composable, fully onchain, fully open-source.
@arc TEE is g00d, but ZK-based privacy is the end game.
@DaveStrategist Welcome this great feature on HL, Sir?
https://t.co/GeGI5zQcsp
Excited to share our research proposal, HIP-6: Dark Pool on Hyperliquid, for @HyperliquidX ๐ (https://t.co/ye1YzfPlsD)
The problem isn't transparency itself โ most flow trades fine on a lit book. It's size. A large order on an open book moves price against itself and invites front-running, so institutions route block flow off-exchange (40%+ of US equity volume). On-chain that pain is worse: orders, balances, and counterparties stay public forever. Today there's nowhere on-chain to execute size privately.
HIP-6 reproduces a TradFi dark pool, natively on-chain: โข Encrypted RFQ to a self-chosen LP set โ nothing public pre-trade โข Settled at the Hyperliquid lit reference price (read from HyperCore) โข No order book, no matcher, no price discovery โ no AMM slippage โข Non-custodial, atomic settlement on HyperEVM
And a dark pool isn't a mixer โ it's private to the public, transparent to the regulator: โข Clean-entry via ZK association proofs (Privacy Pools) โข Traceable through escrowed viewing keys โข Enforced by deny-spend freezes โ funds are never seized โข Selective disclosure on demand
Why Hyperliquid? Replicating this needs all three at once: a high-quality on-chain reference price (HIP-1), an EVM for shielded state (HyperEVM), and deep TVL to recycle into liquidity. HL is the only place that has all three.
The result: institutions trade size confidentially, LPs put idle TVL to work, and Hyperliquid opens a new lane of institutional block flow โ without cannibalizing existing volume.
Looking forward to all feeadbacks @chameleon_jeff @HyperliquidX @HyperFND @Sterling_hl
Thanks to @paradigm and @HyperliquidPC for pushing this forward. If FinCEN adopts the proposal to recognize smart contract-level compliance mechanisms, developers will finally have real regulatory certainty โ a critical foundation for building compliant onchain applications.
This matters just as much for the privacy space: privacy isn't the opposite of compliance. Onchain privacy use cases need compliance frameworks too. This direction also lays the groundwork for how privacy applications can be designed with compliance in mind.
https://t.co/gZX4O8GZgi
@decodejar @SuiNetwork That's why they call it "confidential". @SuiNetwork
The difference between "private" and "confidential" is as follows:
@BarrySilbert @HarrisPoll Finance privacy must be regulator-friendly, so Zcash satisfies that requirement, right?
https://t.co/lfqhpWsPGx
STRK20 on ZKVM
pERC20 on EVM
privacy is the future.
Privacy finally found the right frequency.
[STRK20] is live on Starknet.
๐งต
Privacy101 โ How Private Money Works๏ผ
---
Chapter 2 โ How does the user receive tokens with IVK? (ยง4.2.3, ยง4.20.2, ยง4.22 in https://t.co/0HXOVpApn6)
1. Derive shielded addresses โ receive fund
IVK = (dk, ivk). Together they generate one-time shielded addresses โ pre-make a batch or create one when needed. Share an address with a payer; one IVK still scans and decrypts them all.
2. Block scan โ view
A sender pays you in an Orchard Action. You never get a normal on-chain credit. Each Action publicly carries epk, C_enc, and cmx; the plaintext stays inside C_enc. Your wallet scans every block, every Action. No spending key โ only ivk to try decryption. (nk checks spent later.)
3. Trial decryption โ is this note mine?
You do not match addresses first. For each Action: ivk + epk โ shared secret โ decrypt C_enc.
โFail โ skip.
โ
Succeed โ rebuild note commitment, check it equals cmx.
โ
Pass โ your note (value, memo, d).
4. Keep IVK secret
IVK never appears on chain. Anyone with IVK (+ nk) can see all your incoming payments โ amounts, memos, timing. They cannot spend (no ask) or see outgoing payments (need ovk). Share IVK only with parties you trust to scan for you.
๐Next: How does user disclose transaction details with OVK?
Privacy101 โ How Private Money Works๏ผ
Privacy is becoming foundational infrastructure for blockchains. More projects are looking at the @Zcash protocol โ still the strongest privacy design we have โ as their reference. But the spec is dense. This series walks through it from ยง3.1, focusing on Orchard.
---
Chapter 1 โ Orchard key components (ยง3.1 in https://t.co/0HXOVpApn6)
1 . Spending key (sk)
The root private key. Ultimate control over the account โ backup this to recover everything.
2. ask / ak (spend authorizing key / validating key)
Derived from sk. ask is re-randomized into a one-time key pair (rsk, rk) used solely for each spendAuthSig.
Core purpose: a delegated prover may need private data (e.g. ak, nk) to build the proof โ enough to view incoming notes โ but cannot spend the user's notes without ask, which only the user holds to derive rsk and sign.
3. Full viewing key (ak, nk, rivk)
Derived from sk. From it you can derive the keys to view incoming and outgoing shielded activity. Does not let you spend.
nk (nullifier deriving key)
Computed from nk and the note contents โ one note, one nf, spend once. Zcash's June 2026 Orchard attack broke exactly this rule: https://t.co/os9tRrpSlc
rivk
Derived from sk. Commit_ivk randomness โ used with (ak, nk) to derive ivk, dk, and ovk.
4. Incoming viewing key (dk, ivk)
Decrypts incoming note ciphertexts.
5. Outgoing viewing key (ovk)
Decrypts outgoing payment details โ what you sent, to whom, how much. Useful for compliance and audit: view your own sends without spend authority.
6. Shielded payment address (d, pkd)
What you share to receive funds. Users can generate many unlinkable shielded addresses to improve anonymity, while reusing the same viewing keys to scan and decrypt them all.
๐Next: How does the IVK work?
@EliBenSasson Who control OVK for users? Sir
Privacy101 โ How Private Money Works๏ผ
Privacy is becoming foundational infrastructure for blockchains. More projects are looking at the @Zcash protocol โ still the strongest privacy design we have โ as their reference. But the spec is dense. This series walks through it from ยง3.1, focusing on Orchard.
---
Chapter 1 โ Orchard key components (ยง3.1 in https://t.co/0HXOVpApn6)
1 . Spending key (sk)
The root private key. Ultimate control over the account โ backup this to recover everything.
2. ask / ak (spend authorizing key / validating key)
Derived from sk. ask is re-randomized into a one-time key pair (rsk, rk) used solely for each spendAuthSig.
Core purpose: a delegated prover may need private data (e.g. ak, nk) to build the proof โ enough to view incoming notes โ but cannot spend the user's notes without ask, which only the user holds to derive rsk and sign.
3. Full viewing key (ak, nk, rivk)
Derived from sk. From it you can derive the keys to view incoming and outgoing shielded activity. Does not let you spend.
nk (nullifier deriving key)
Computed from nk and the note contents โ one note, one nf, spend once. Zcash's June 2026 Orchard attack broke exactly this rule: https://t.co/os9tRrpSlc
rivk
Derived from sk. Commit_ivk randomness โ used with (ak, nk) to derive ivk, dk, and ovk.
4. Incoming viewing key (dk, ivk)
Decrypts incoming note ciphertexts.
5. Outgoing viewing key (ovk)
Decrypts outgoing payment details โ what you sent, to whom, how much. Useful for compliance and audit: view your own sends without spend authority.
6. Shielded payment address (d, pkd)
What you share to receive funds. Users can generate many unlinkable shielded addresses to improve anonymity, while reusing the same viewing keys to scan and decrypt them all.
๐Next: How does the IVK work?
https://t.co/v7BiOdzU9E
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers