zkr

Week in review. > `@entros/verify` shipped on npm. Popup-pattern integrator drop-in. One component, one callback, verification handled. > Mobile verify flow is end-to-end real. Encrypted baseline, Groth16 via mopro, on-chain submit via MWA. Dashboard reads Trust Score and verification fees live from chain state. > Mint-receipt enforcement live. Every anchor mint requires a signed Ed25519 receipt from the validation service. > Hardening: persistent Sybil registry on Postgres, per-source rate cap on the relayer, calibration-attack noise on borderline checks. pulse-sdk 1.5.3 adds OS-level voice isolation in browser capture. Next: integrator pilot outreach, mainnet preparation, continuous improvement.

Solana delivers what an on-chain identity layer needs: free reads on PDA state, sub-second finality, and composability across any program that wants to read the result. Entros is built on all three. One verification, readable by every dApp on the network. No API keys, no billing relationship, no permission to read.

Live on npm: @entros/verify. Drop-in React component for proof of personhood on Solana. One callback, five lines of JSX, popup pattern. The component handles wallet connect, the 12-second behavioral capture, the ZK proof, and the on-chain mint. Your app stays wallet-adapter-free until a verified payload arrives. 3.4 KB ESM gzipped. Wraps @entros/pulse-sdk so the on-chain output matches the canonical https://t.co/qqVm9CrreD flow. https://t.co/Sd25Qgs3CX

Developer docs are live at https://t.co/Oh9uqKpzdT. 26 pages across five sections: - Quickstart: gate a Next.js route, read a Trust Score on-chain - Concepts: proof of personhood, Trust Score, Anchor PDA, SAS attestations, validation layer, threat model - Integrate: gate, badge, on-chain reads, SAS, Realms voter weight, Agent Anchor - Reference: full SDK API, program instructions, PDA seeds, error codes, costs - Roadmap: current, near-term, medium-term, long-term

The original Entros challenge phrase was nonsense syllables, designed in 2025 to prevent dictionary-based deepfake attacks. By 2026 that threat model had collapsed: real-time streaming synthesis at sub-100ms latency makes pre-synthesis libraries irrelevant, so combinatorial vocabulary size constrains nothing. The defense had to become content-binding—verifying what was spoken matches what was asked—not vocabulary-obscuring. Three iterations to land it: - v1 (April 21): in-distribution speech recognition over the original nonsense challenge. Out-of-distribution audio caused the model to hallucinate. False rejects too high. - v2 (April 22): phoneme-level alignment over the same nonsense challenge. Architecturally clean but the discrimination window was too narrow to threshold confidently. - v3 (April 25): word-level matching over a curated real-word vocabulary. In-distribution for the recognizer, discrete signal, wide window. Live and calibrated. The research synthesis lives in the paper at §2.2.1, with references to ASVspoof 5 (which abandoned pre-synthesis as the dominant threat) and Pitch Imperfect 2025 (which establishes that prosodic human-vs-synth signals are vocabulary-independent). Vocabulary choice is a UX and accuracy decision; defense against synthesized voice lives in the prosodic acoustic and cross-modal coupling layers. Wave 4 of the T4a red team campaign confirmed the shipped result at scale—1,000 attempts of pre-recorded human voice paired with procedural motion, 0 passes. Wave 1 (acoustic only) was 100% pass. Wave 2 (cross-modal coupling enforced) was 10%. Wave 3 (phrase binding added) was 0% at small N. Wave 4 tightens the statistical bound at production scale. The pre-recorded-arbitrary-content attack class is closed. Real-time synthesized voice—T4b—sits in the queue for a future campaign cycle.

Closed 8 security items across the executor and SDK. 99 tests, all passing. The research paper is updated with a layered Sybil resistance model and desktop vs mobile verification analysis. Every finding is tracked in a public audit file. What's fixed, what's deferred, what's mainnet-only. Integrators can read the full trail. Verification is live. 12 seconds, no hardware, no personal data collected.

Server-side validation is live. The SDK extracts 134 statistical features from voice, motion, and touch in physical units. These are aggregate summaries like means, variances, and spectral coefficients. Not recordings. Not identifiers. Not reversible to the original signal. Raw sensor data is destroyed on device after extraction. Those 134 numbers are the only thing that crosses the wire. Before the wallet prompt appears, the features pass through a private validation microservice. Multiple layers of analysis run against the feature vector simultaneously across all three modalities. Synthetic patterns, statistical anomalies, cross-modality inconsistencies. Fail any layer, no transaction, no fee, no on-chain state change. Most detection systems analyse one modality at a time. IAM validates three sensor streams together and checks that they correlate the way real human physiology demands. Voice, motion, and touch are coupled through the respiratory and motor control systems. That coupling is involuntary and biomechanical. A bot faking each stream independently produces signals that look plausible in isolation but fall apart under cross-modal analysis. A cross-wallet fingerprint registry runs server-side with an independent secret seed. One person running 50 wallets produces clustered behavioral signatures. The registry catches it. Trust Score then requires maintaining consistency across sessions over weeks, compounding the difficulty further. This is Tier 1. The validation layer deepens and improves as real user data accumulates and new detection research is integrated. Each iteration raises the cost of spoofing without changing anything about the user experience.

LLM Knowledge Bases Something I'm finding very useful recently: using LLMs to build personal knowledge bases for various topics of research interest. In this way, a large fraction of my recent token throughput is going less into manipulating code, and more into manipulating knowledge (stored as markdown and images). The latest LLMs are quite good at it. So: Data ingest: I index source documents (articles, papers, repos, datasets, images, etc.) into a raw/ directory, then I use an LLM to incrementally "compile" a wiki, which is just a collection of .md files in a directory structure. The wiki includes summaries of all the data in raw/, backlinks, and then it categorizes data into concepts, writes articles for them, and links them all. To convert web articles into .md files I like to use the Obsidian Web Clipper extension, and then I also use a hotkey to download all the related images to local so that my LLM can easily reference them. IDE: I use Obsidian as the IDE "frontend" where I can view the raw data, the the compiled wiki, and the derived visualizations. Important to note that the LLM writes and maintains all of the data of the wiki, I rarely touch it directly. I've played with a few Obsidian plugins to render and view data in other ways (e.g. Marp for slides). Q&A: Where things get interesting is that once your wiki is big enough (e.g. mine on some recent research is ~100 articles and ~400K words), you can ask your LLM agent all kinds of complex questions against the wiki, and it will go off, research the answers, etc. I thought I had to reach for fancy RAG, but the LLM has been pretty good about auto-maintaining index files and brief summaries of all the documents and it reads all the important related data fairly easily at this ~small scale. Output: Instead of getting answers in text/terminal, I like to have it render markdown files for me, or slide shows (Marp format), or matplotlib images, all of which I then view again in Obsidian. You can imagine many other visual output formats depending on the query. Often, I end up "filing" the outputs back into the wiki to enhance it for further queries. So my own explorations and queries always "add up" in the knowledge base. Linting: I've run some LLM "health checks" over the wiki to e.g. find inconsistent data, impute missing data (with web searchers), find interesting connections for new article candidates, etc., to incrementally clean up the wiki and enhance its overall data integrity. The LLMs are quite good at suggesting further questions to ask and look into. Extra tools: I find myself developing additional tools to process the data, e.g. I vibe coded a small and naive search engine over the wiki, which I both use directly (in a web ui), but more often I want to hand it off to an LLM via CLI as a tool for larger queries. Further explorations: As the repo grows, the natural desire is to also think about synthetic data generation + finetuning to have your LLM "know" the data in its weights instead of just context windows. TLDR: raw data from a given number of sources is collected, then compiled by an LLM into a .md wiki, then operated on by various CLIs by the LLM to do Q&A and to incrementally enhance the wiki, and all of it viewable in Obsidian. You rarely ever write or edit the wiki manually, it's the domain of the LLM. I think there is room here for an incredible new product instead of a hacky collection of scripts.

One thing that can help is to embrace open source: https://t.co/nXE7DtRZ77 It's natural to fear technology if it's an inscrutable thing made by Other People that you're supposed to just trust, and you can't participate except as an end consumer. Technology needs to be something that people everywhere can go and inspect and modify to suit their needs, and feel like it's theirs. The intellectual requirements of doing this are of course far higher than 100 years ago, but on the flip side we have AI to help.