privashhdocs
HomeGitHubQuick start

Project

FAQ

Quick answers to the questions that come up most: is it ready for mainnet, what makes privacy 'unlockable', do I have to run a chain, what happens if I lose my secrets, and how the two profiles relate.

Is shh ready for mainnet?

No. The privacy core is done and verified, but the trusted setup is single-contributor and the code is unaudited. Mainnet requires a multi-party ceremony, an external audit, and fuzz/invariant tests. See Trusted setup and the Roadmap.

What does “unlockable” privacy mean?

In Profile B, withdrawing requires proving membership in an ASP-published association set. Honest deposits stay private; a tainted deposit can be excluded from the association root, leaving it deposited but non-withdrawable through the private path. The ASP never learns more than the public deposit set. See Profile B.

Do I have to run the OP Stack to build?

No. The privacy core, SDK, and contracts build and test with just Node, pnpm, and circom. pnpm dev gives you a local node and the wallet backend. Docker is only needed for real L3 blocks and the explorer. See Prerequisites.

What happens if I lose my note secrets?

The funds become unspendable. A note's (nullifier, secret) — or a shielded note's keypair and blinding — are the spending capability; there is no recovery path by design. Treat them like private keys. See SDK: Privacy Pool.

Can the relayer steal my withdrawal?

No. The proof binds the recipient and fee, so a relayer can only refuse to submit — never redirect funds or skim extra. You can always self-submit. See The relayer.

What's the difference between the two profiles again?

Profile A (full privacy) makes shielded UTXO notes the default value layer with arbitrary amounts. Profile B (open + pool) is a transparent L3 with an opt-in fixed-denomination pool gated by association sets. Same circuits and tree underneath. See The two privacy profiles.

Can the explorer deanonymize me?

Not at the protocol layer — it can show that commitments and nullifiers exist, not link a withdrawal to its deposit. Metadata (IP, timing) is a separate concern handled by relayer and client behavior, not the circuits. See the Threat model.

Where do I report a security issue?

Email gimalsrb2@gmail.com with a reproduction; don't open public issues for exploitable findings. Scope and details in Trusted setup & ceremony.