Posts
-
Proving in the browser, by the numbers
What is actually feasible inside a browser tab in 2026 — Groth16 prover times for Poseidon, Range, and Merkle circuits, the WASM threading story, and where the main thread stops being a viable home for your prover.
-
Merkle inclusion proofs over compressed account state on Solana
How a 32-byte hash and a logarithmic path replace a multi-kilobyte account. Walk the tree-height math, the Light Protocol compressed-account model, and an inclusion-proof construction you can run in Node.
-
The fee paradox: why every smart-contract privacy mixer needs a relayer
On account-model chains the very act of paying a transaction fee deanonymises the recipient. This post formalises the paradox, walks through three resolutions, and sets up the SPST construction that resolves it inside the ZK proof itself.
-
Relayerless privacy on a Turing-complete L1: an intro to F_RP
A series-opening map of the relayerless full-privacy framework I've been writing up. Five cryptographic games, four constructions (SPST, PPST, TAB, UPEE), one main theorem — and why it matters that the target chain is Solana.
-
Poseidon, by hand and by code
Why one of the cheapest hashes in zero-knowledge cryptography also has the strangest insides. Derive the S-box, count the constraints, and run a 30-line implementation in the browser.
-
Stuck Sell, Post-Graduation: Fixing a Trapped-Funds Bug Without a Redeploy
A graduated launchpad token left users unable to sell. Fix shipped without redeploying the program: a frontend conversion path that withdraws SPL, compresses, then sells through the AMM.
-
Being CEO and still shipping code
The CTO-vs-CEO false dichotomy, why I still review every PR that touches the SDK core, and how I use Claude Code plus an MCP server over my own writing to keep technical leverage as the company grows.
-
The unified dashboard: collapsing private and transparent into one wallet view
Two pages — one for private balance, one for transparent — taught users to think in two heads. The 2026-04-17 commit folded them. The wallet now shows one balance, one feed, with the privacy boundary inside the data, not the URL.
-
Vanta: a Bitcoin fork with ZK at consensus
42 billion supply. 1-minute blocks. RISC Zero proofs verified at consensus. The opinionated answer to 'why fork Bitcoin in 2026?' is that you're not really forking Bitcoin — you're shipping a different L1 that has Bitcoin's surface area.
-
Private atomic swaps and the price-discovery problem
BTC ↔ VANTA atomic swaps via HTLC are the easy part. If the VANTA leg is shielded, no observer can compute the rate, and no rate means no public price. Walking through six designs and the hybrid recommendation in vanta/planning.