Cryptographic Posture

PrivateDAO uses a layered cryptographic posture rather than a single primitive.

Core Primitives

• Ed25519 for wallet signatures and Solana transaction authorization
• SHA-256 for commit-reveal vote commitments and artifact integrity manifests
• Groth16 zk-SNARKs for the current companion ZK layer
• Token-2022 extensions for the PDAO token surface

What Is Enforced Today

• Solana transaction authenticity is enforced by wallet signatures and on-chain account ownership checks.
• Commit-reveal integrity is enforced through SHA-256 commitments and proposal-bound vote records.
• Reviewer-visible evidence integrity is enforced through the published cryptographic manifest in docs/cryptographic-manifest.generated.json.
• The current ZK layer proves bounded validity and consistency off-chain through Groth16 circuits, registries, transcripts, and attestation artifacts.

What Is Not Claimed

• PrivateDAO does not currently claim post-quantum protection.
• The current ZK layer is not yet an on-chain verifier path.
• Groth16 trusted-setup assumptions still apply to the present companion stack.

Transition Boundaries

• If PrivateDAO later adds on-chain proof verification, the verifier path and its cost model must be audited separately.
• If post-quantum migration is required in the future, the first transition targets would be:
• artifact integrity hashing
• off-chain proof system choice
• long-lived signing and governance attestation surfaces

Reviewer Commands

npm run build:cryptographic-manifest
npm run verify:cryptographic-manifest
npm run build:supply-chain-attestation
npm run verify:supply-chain-attestation
npm run verify:all

Related Evidence

• docs/cryptographic-integrity.md
• docs/cryptographic-manifest.generated.json
• docs/supply-chain-security.md
• docs/supply-chain-attestation.generated.json
• docs/zk-layer.md
• docs/zk-assumption-matrix.md