> For the complete documentation index, see [llms.txt](https://docs.lacunalabs.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.lacunalabs.io/security-and-trust.md). # security and trust *What we protect, what we assume, what we have tested.* Privacy infrastructure earns trust by being explicit about what it protects, what it assumes, and what it has been tested against. ## Threat model A credible privacy system states plainly whom it defends against. Lacuna assumes a powerful adversary: one who can read the entire chain and all of its history, run sophisticated address-clustering and timing analysis, submit and reorder transactions, operate relayers, and — in the EmergencyExit setting — physically coerce a user or fully compromise their device. Against this adversary, Lacuna's task is to ensure that what reaches the chain reveals nothing beyond the validity of each operation. It rests on explicit assumptions: that the underlying cryptography is sound, that the trusted-setup ceremony had at least one honest participant, and that the user's device and its secure storage are intact at the moment of use. It does not claim to defeat a global observer who can correlate network traffic outside the protocol, nor to protect a user who deliberately links a shielded withdrawal back to a public identity. ## Guarantees — and their limits Confidentiality follows from the commitment scheme; unlinkability from membership proofs combined with unlinkable nullifiers; and sole-spend authority from the fact that only a note's owner can spend it, once. The honest limit: realised privacy depends on participation and on behaviour outside the protocol. A small or idle pool, or an address you re-link elsewhere, reduces privacy regardless of the cryptography. ## The SolidProof audit Lacuna's contracts and mobile client have been audited by SolidProof across multiple review cycles, with findings remediated and re-verified along the way. All critical- and high-severity findings have been resolved. * **0** — critical & high findings open * **72.66** — SolidProof TrustNet score * **4+** — independent re-audit cycles Security is treated as ongoing. The latest architecture, including on-device proof generation, is slated for a focused follow-up review, and the protocol will continue to be audited as it grows. ## Trusted setup Groth16 requires a one-time, per-circuit trusted setup. Its integrity rests on a multi-party ceremony in which a single honest participant is enough for the result to be secure; the ceremony transcript is published for anyone to verify. ## Responsible operation & disclosure Security extends beyond cryptography to how the system is run. Dependencies are pinned and reviewed, sensitive flows are guarded against transient failure states rather than left to fail open, and a channel for responsible disclosure of vulnerabilities is maintained. Audits are treated not as a one-time stamp but as a standing commitment, repeated as the protocol changes — including a focused review of the on-device proving architecture ahead of broader release. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.lacunalabs.io/security-and-trust.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.