Lelantus Spark is the next generation Lelantus protocol, jointly designed by  Aram Jivanyan and Aaron Feickert. It improves upon the current Lelantus protocol by providing recipient privacy, fined selective disclosure and other user friendly improvements. Further, the authors have provided more formal security arguments, ensuring more confidence in the Lelantus Spark construction.

HashCloak has previously completed a cryptographic audit of the Lelantus Protocol. You can read the report [here](https://firo.org/2022/01/04/lelantus-spark-audit-complete.html). Since then, the Firo team has been working on an implementation. This implementation is soon to be ready for an audit. As we audited the paper, we feel that we are in the best position to provide a code audit for the Firo ecosystem on their next generation privacy protocol.

## About Us

HashCloak Inc is a R&D lab and consultancy focused on privacy, anonymity and scalability for blockchains and cryptocurrencies. Founded in 2019, the Toronto-based team is well-known for working on state of the art Ethereum projects such as Ethereum 2.0, Shyft Network and Althea, for pioneering optimistic rollups and bringing forth the first empirical analysis of Ethereum’s privacy guarantees and applications. Recent projects such as Meson, a mix network project, and an SoK on universal SNARKs, delved into areas such as Multi-Party Computation (MPC), anonymous networking, Private Information Retrieval (PIR), zero-knowledge proofs and the intersection of cryptography, game theory and finance.

### Auditors

Mikerah Quintyne-Collins is an independent researcher and founder and CEO of HashCloak, a blockchain privacy R&D startup with a global team. Her research focuses on networking, validator privacy, and optimistic rollups. She organized Scaling Ethereum, a research workshop bringing together top Ethereum researchers to work on Ethereum’s most pressing scalability problems. Currently, she’s focused on privacy for blockchains, specifically mixers and mix networks for cryptocurrency transactions. Previously, she was part of the ChainSafe Systems team working on ETH2.0, namely the Lodestar Typescript client. She was awarded a Vitalik YOLO grant for her work on ETH2.0.

Manish Kumar is a Cryptography Security Researcher and Engineer at HashCloak. His broad area of research is in the field of Blockchain and Cryptography. Currently, his research focus is on the specific area of cryptography known as zero-knowledge proofs. Previously, he was a research intern at Persistence One where he was actively involved in research about blockchain technology.

Onur Inanc Dogryuol is a Cryptography Security Researcher and Engineer at HashCloak. His background is in Math and Cryptography. His reserach focus is in building and designing STARK-friendly cryptographic primitives. He is also a Cairo and Circom developer. Previously, he was a lead cryptography engineer at ZigZag Exchange, a STARK-powered exchange in the Starknet ecosystem, in he conducted research in using zero-knowledge proofs to build a scalable and privacy-preserving DEX.

### Costs and Milestones
The overall costs of the audit will be $80K USD. We have added a 10% volatility insurance in Firo so, the total cost is $88K USD. As per our previous arrangement with the Firo team, we will be paid in a USD-denominated stablecoin. If there is a surplus of donations to this proposal, the surplus will be donated to the general Firo fund to increase their runway for important Firo-related work. As such, the Firo address posted is in order to meet the posting requirements on the FCS and any donations made to it will be going to the Core Firo team.

We propose the following payment schedule:


| Milestone | Tasks | Week | Fees |
| -------- | -------- | -------- | -------- |
| 1    |<ol><li>Review the following documents: <ol><li><a href="https://firo.org/about/research/papers/Lelantus_Spark_Audit_Report.pdf">Lelantus Spark Audit Report</a></li><li> <a href="https://eprint.iacr.org/2021/1173.pdf">Lelantus Spark</a></li></ol> Any documents that we feel that is relevant will be read as well.</li><li>Start fuzzing using Honggfuzz and AFL++ using regtest testnet data</li><li>Identify key areas of concern for the codebase</li></ol> | 1-2 | $32K
| 2    | <ul><li>Start manual analysis with emphasis on the areas of concern brought up during the first week of the audit<li>Automated analysis using C++ static analysis tools for discovering new areas of concern</li></li><li>Delivery of initial report</li></ul> | 2-4 | $32K  |
| 3    | <ul><li>Working with the Firo developers on rectifying any issues that may have arisen during the audit</li><li>Update the audit report</li></ul>| 5-6 | $16K  |
|Total | | | $80K|

We expect the audit to take 4 weeks for the initial delivery of the report and 1 to 2 weeks for verifying and assisting the authors in rectifying issues.

The start date for the audit is flexible depending on when the Firo community would like the audit done.