Pursuit of privacy : AMA Salvium

If you want to know more about pursuit of privacy :

Telegram > t.me/pursuitofprivacy

Mr Kwibs (Pursuit of privacy) : Good evening everyone. Hope you guys are ready for the Salvium AMA!

Q1: To start the AMA, can you tell us the story behind the Salvium project, and what it aims to achieve?

Scylark (Salvium): Thanks – Firstly, it’s good to be here, and thanks for having us.
Salvium was originally called Fulmo as a nod to Monero (meaning ‘coin’), Fulmo means ‘lightning’ in Esperanto. The original concept was inspired by a presentation by Pedro Moreno-Sánchez at MoneroKon 2019 on “Dual Outputs: Enabling Payment-Channel Networks in Monero”. You can find it on YouTube. He highlighted the trade-offs between privacy, scalability, and functionality in cryptocurrencies and layed out a proposal using dual outputs to enable payment channels, and a lightning network style layer 2.
While working through various ideas to use this extended capability set and considering what things like conditional payments would enable, a prototype was built for a yield payment system that paid out asynchronously. Only at that point did it become clear that if you can send a transaction at one point in time and have it do ‘stuff’ at some point in the future, then return it securely and privately – you’ve just built a system capable of running code on the blockchain.
So Fulmo became too limiting a name, and Salvium was born.

Mr Kwibs : I like both names (Fulmo and Salvium), sadly I wasn’t present at MoneroKon 2019, so thanks for explaining a little history there 🙂

Q2: Can you tell us about each team member’s background? Have you worked on other projects before?

Scylark (Salvium) : 

While we haven’t focused on individual identities, we’re not anonymous. But we are also not seeking exposure. The lead developers are known in the space as Dweab and Neac and are responsible for creating the coloured coin technology used in projects like Haven Protocol. Both are also fully doxxed, and their careers are known. Dweab started as a software engineer and mathematician and then went into high-level corporate roles. Neac has been a software engineer for over 30 years and is also a very accomplished and capable mathematician and cryptographer.
As you would expect; beyond these two individuals, there is a wider team of contributors that have a broad range of skills, including economics, finance, DevOps, technical, and creative. (myself included)

Mr Kwibs : Oh wow, do you mean that they created the coloured coin technology that Ravencoin first used, or that they implemented it as the first privacy chain that had this feature?

Jethro Toll: First on Monero/cryptonote.

Mr Kwibs : I still know some members from Haven times. Good to see there’s so much experience present at Salvium. Great, thanks.
Q3: You have chosen to have the project funds (12% of max supply) locked in a contract with gradual release over 24 months. Why did you choose this setup over other funding options, such as a block tax, premine, or community donations?
?

Scylark : This is a great question.
We chose a 9% premine with a 24-month gradual release because it provides both transparency and financial stability. Another 3% was allocated to early contributors and the founding team, compensating them for nearly a year of development and costs before launch.
By releasing 650,000 SAL per month, we have a stable funding source to deliver on our roadmap. We considered alternatives like community donations or ongoing developer fees, but those options either lacked financial stability or posed potential conflicts of interest. The 24-month lock-up also shows our commitment to the project’s long-term vision. In August 2024 we locked one month of unused payments for another two years to demonstrate our long-term commitment. This model allows us to focus on development without short-term market pressures.

Mr Kwibs : I fully agree with this. Many people have objections against premines or block taxes, but it’s a fairytale that community donations work for projects. It has only ever worked for Bitcoin. Every project needs funding. As long as its done transparent and fairly, that’s the way to go.

Scylark : Yeah – We fully intend on being transparent – The first of our treasury reports was issued last week
https://salvium.io/treasury-aug24/

Mr Kwibs : Nice work✅
Q4: People rarely discuss the choices of tokenomics and project financing(rewards/premine) over a timeline. Don’t you think your choice to allocate Salvium’s project funding with a token release over 24 months is risky given the current market conditions? It seems like a short-term bet where a bull market within the next two years is necessary to ensure your funding for the subsequent years. The timing of sales must be very well chosen to avoid running out of funding for future developments (after the first two years). What are your plans for funding after those 24 months?

Scylark : The 24-month release was designed to meet Salvium’s initial funding needs while aligning with the community’s interests. We’re aware of the market risks but we aren’t relying on a bull market. Our strategy includes prudent financial management, a flexible development pace that can adapt to SAL’s value, and the potential for locking additional unused SAL tokens for future use. This is to build real value and generate trust and ongoing interest. Transparency with our community is crucial throughout this process.

Mr Kwibs : Yeah I saw a new announcement earlier this week about locking up a significant amount of SAL, that’s great.
Q5: The Knowledge Base section of your website mentions that Salvium uses ‘Confidential Transactions’ to mask transaction amounts. Can you explain in detail the cryptographic mechanism used to implement these confidential transactions, and how it differs from implementations in other blockchains like Monero or Zcash? Additionally, how do you manage the verification of transaction integrity without revealing the amounts?

Scylark : Salvium’s Confidential Transactions (CTs) are the same as Monero’s, with the exception that Salvium also provides uniformly random commitment masks for all consumed outputs, as opposed to some consumed outputs as Monero does, creating a reduction in potential for information leakage.

Mr Kwibs : Thanks, we move on.
Q6: Staking on Salvium is based on periods of approximately 30 days (21,600 blocks) with a yield of 20% of block rewards during the initial phase of the project. How does the Salvium protocol plan to adjust these staking rewards during the transition to a fee-based DeFi model, while maintaining sufficient incentives for participants?

Scylark : Maintaining network security and participant incentives is a priority. The current 20% share of block rewards for stakers will remain in place as we begin rolling out DeFi features in the future. As DeFi applications grow and generate revenue, we’ll gradually transition from block reward-based staking to a gas/fee distribution model. This transition will be carefully managed, ensuring that stakers continue to receive attractive rewards.
We’ll be transparent about any changes and seek community input to strike the right balance, ensuring the economic model remains sustainable as we expand DeFi capabilities.

Mr Kwibs : Great, any plans for some form of governance model so that you can weight the community’s input on significant changes?

Scylark : Yes – But this is all still to be defined by the community and network participants.

Mr Kwibs : Gotcha
Q7: Salvium introduces anonymous refundable transactions as a compliance feature. Can you detail the cryptographic process that allows for an anonymous refund of a transaction while ensuring the exact amount is returned to the correct sender? How does this mechanism integrate with other privacy features of Salvium, such as Stealth Addresses and Ring Signatures?

Scylark : Our approach builds upon the « Return Address Scheme » originally proposed by Knacc for Monero in 2019, adapting and extending it to meet the specific needs of Salvium’s regulatory compliance goals. We developed the mathematical proof for this in early 2024, and CypherStack audited it just before the launch of Savlium’s mainnet.
We can look at an example: Salvium’s refundable transactions are an optional feature integrating privacy with regulatory compliance. When Alice sends a transaction to Bob, she includes an encrypted “return address” (F_ab) in the transaction, which Bob can later use if a refund is needed.
This return address is encrypted using a Diffie-Hellman shared secret, ensuring only Bob can decrypt it. If a refund is required, Bob can use this information to create a new transaction without knowing Alice’s actual address.
This method preserves privacy by using stealth addresses and ring signatures, maintaining « unlinkability » and anonymity while enabling refunds. The refund amount is verified using Pedersen commitments and range proofs, ensuring the integrity of the transaction.

Mr Kwibs : Great to hear it’s been audited by CyperStack as well, they are a reputable company in the privacy space.
Q8: In the Knowledge Base section, it is mentioned that exchanges require the ability to monitor transactions in authorized wallets via a ‘viewkey’ mechanism. Can you explain how this ‘view key’ mechanism is technically implemented in the Salvium protocol, and how it ensures both user privacy and regulatory compliance? What security measures are in place to prevent the abuse of these ‘view keys’ by ‘authorized entities’?

Scylark : 👍The view key mechanism is currently being developed. It is being designed as an optional feature to balance privacy with compliance. Salvium will use a dual-key system: a ‘view-balance key’ (k_vb) and a ‘master key’ (k_m). The view-balance key allows authorized entities, like exchanges, to monitor transaction history and balances without the ability to spend funds. The master key remains necessary for spending and preserving security.
Even with a view key, the observer cannot link transactions to external identities or connected addresses, ensuring privacy. Security measures include revocable keys, access logs, and selective disclosure, where users can choose which transactions or time periods to share. This system is still being rigorously tested, with potential third-party audits planned before full deployment to ensure it meets both privacy standards and regulatory requirements.

Kwibs : Thanks, more technical questions to come, we dig deep!
Q9: The lite paper mentions the implementation of Asynchronous Transactions(AT) to improve the efficiency and flexibility of value transfers. Can you detail the cryptographic mechanisms and specific consensus protocol used to ensure the integrity and security of AT, particularly regarding the prevention of double-spending/manipulation and the management of transactional conflicts?

Scylark : IAsynchronous Transactions (AT) in Salvium are secured through the same cryptographic primitives as standard transactions, including ring signatures and Pedersen commitments. Each AT is linked to a unique ‘input context’ derived from its inputs, ensuring it cannot be reused. The AT process involves a ‘burn’ transaction to lock funds and a subsequent ‘mint’ transaction to unlock funds.
Our modified proof-of-work consensus includes additional validation rules to handle the asynchronous nature of these transactions, preventing double-spending. If multiple mints attempt to claim the same burn, the first-seen rule applies, with built-in timing constraints to prevent long-term pending transactions. This system ensures secure and efficient value transfers while maintaining strong privacy guarantees.

Mr Kwibs : Q10: Those Asynchronous Transactions are described as particularly useful for conditional payments. Can you provide concrete examples of use cases in Salvium’s DeFi ecosystem where AT offers a significant advantage over standard transactions, and how are these use cases technically implemented?

Scylark : Asynchronous Transactions (AT) enable complex DeFi operations that would be challenging with standard transactions. For example:
– Time-Locked Contracts: ATs can schedule payments or implement vesting schedules by locking funds until a time condition is met.
– Decentralized Lending: ATs enable collateralized loans, automatically releasing funds to the borrower or transferring collateral to the lender based on loan terms.
– Conditional Payments: ATs can function as escrows, locking payments until conditions like goods delivery are met.
– Yield Farming: ATs distribute rewards in liquidity pools by locking stakes and periodically minting rewards based on stake and time.
– Layer-2 Solutions: ATs facilitate faster, cheaper transactions off the main chain, with the final state settled on-chain.
These use cases leverage AT’s ability to separate fund locking from final transfer, enhancing efficiency and enabling sophisticated financial instruments within a privacy-focused framework.

Mr Kwibs : Looking forward to seeing all those things being built on the Salvium ecosystem.
Q11: The concept of Transactional Imbalances (TI) is presented as a key innovation in the lite paper. Can you explain in depth how TIs are created, managed, and resolved within the Salvium protocol? In particular, how do these imbalances affect the privacy and traceability of transactions, and what specific advantages do they offer compared to traditional transaction systems?

Scylark : Transactional Imbalances (TI) in Salvium allow inputs to exceed outputs, creating imbalances managed by the protocol_tx mechanism. These imbalances enable advanced features like staking and asset conversion, which are impossible in traditional systems where inputs must equal outputs plus fees. While the imbalance amount is visible, protecting transaction details through ring signatures and RingCT preserves privacy.
TIs link initial transactions with their resolution, potentially aiding timing analysis, but this is mitigated by using one-time addresses and delaying yield resolutions. TIs provide flexibility, efficiency, compliance, and scalability, supporting complex financial operations while maintaining(!) privacy.

Mr Kwibs : Q12: Going to play devil’s advocate here for a moment. The landscape of anonymous cryptocurrencies is already rich in projects. What are the reasons you believe Salvium brings innovation to the sector? Why do you think Salvium is essential for further developing the privacy coin sector?

Scylark : Salvium addresses several key challenges in the privacy coin sector, bringing innovation in areas that have hindered broader adoption whilst offering the same level of privacy many class-leading projects already offer. We balance strong programmable privacy with regulatory compliance, opening the door for privacy coins in regulated markets. Our introduction of Transactional Imbalances (TI) and Asynchronous Transactions (AT) enables complex DeFi operations, with the potential for simple porting of EVM Dapps and tokens in the future, each of those then becoming private once on the Salvium chain… filling a significant gap in the ecosystem.
We have an image that attempts to explain this(see above)

Salvium pushes the boundaries of what privacy chains can achieve. Salvium is essential for demonstrating that privacy, functionality and compliance can coexist, expanding use cases, and driving the evolution of privacy technology beyond simple coins, to full programmability.

Mr Kwibs : Thanks, just two more questions to go from our side before we continue to the community questions.
Q13: Salvium’s “Protocol_Tx” appears to be built to offer a series of significant advantages for end users, combining security, flexibility, DeFi integration, regulatory compliance, and privacy programmability. This positions Salvium as an innovative and attractive solution in the cryptocurrency ecosystem. Can you tell us a little more about the genesis of “Protocol_Tx”? How was it built, and what technological building blocks does it rely on?

Scylark : Protocol_Tx was the trigger mentioned at the start of this AMA – The moment protocol_tx was built as a secondary ‘coin base’ style transaction to deliver yield was the moment we understood the true power of Asynchronous Transactions and Transactional Imbalance, which are the building blocks of protocol_tx.
We have a blog that explains more
https://salvium.io/protocol_tx/
.

Mr Kwibs : Q14: Thanks for all the great answers! Before we continue with the community questions, is there something else you’d like to say about Salvium that we haven’t talked about yet?

Scylark : Thanks for taking the time to put this together.
Salvium is not just another privacy coin; it represents a forward-thinking approach to cryptocurrency. We’re addressing both current challenges and anticipating future needs in the privacy coin sector. Our work on combining privacy, compliance, DeFi integration, and scalability positions Salvium uniquely in the ecosystem, with the potential to set new standards for what privacy-focused cryptocurrencies can achieve. We’re excited about the journey ahead and look forward to pushing the boundaries of what’s possible in this space.

Mr Kwibs : Thank you too. I’m looking forward to see Salvium develop over all the years to come.

Scylark : It’s been a pleasure

Community question (from Johan Quintero) : Most of the regular questions people ask in the AMA sessions are about the strengths of the project. On the contrary,I am interested in difficulties and challenges. So what major difficulties did the team face while developing the project and how did they overcome them?

Scylark : I think our biggest challenge was finding a new way to solve the problem of yield. since the amount of yield was known to be variable, we had to separate the staking from the payout. that led to the development of protocol_tx, and to the idea of TIs in particular.

Community question (from Harper) : How many team members do you have? Do they have enough experience in the blockchain field? Do they have any experience on working in crypto and non-crypto project?

SomeRandomCryptoGuy : we have 2 « proper » devs, who have more than 40 years combined experience of cryptography software development between them. We have a good team around us, supporting the dev effort with everything from DevOps to Marketing.

Community question (Reuben from FIRO) : Is the view key system inherited from Monero? Do you have full view keys or only incoming?
Also I note your compliance feature of refundable transactions but as far as I understand it, the return address embedded you can’t guarantee that the person embedding it has spend authority to it so technically you can even embed a third party address which won’t satisfy compliance requirements.
It’s just a way of embedding a return address, but not one that you necessarily have control of.

SomeRandomCryptoGuy : hi, good questions also.
the current view key system is indeed inherited from Monero. Incoming view keys only, as you say. We are looking to address this with a future update, and have been keeping an eye on aspects of FCMP as a possible solution to the problem.
W.r.t return addresses, again you are correct. At present we have not finished the work to close the loop for spend authority. We have already identified that as part of the work that needs completion for compliance. We also note that our implementation of knacc’s proposal is incomplete, because we have limited to 2-out TXs for launch. Again, this is a work in progress that we are seeking to improve on.

THANKS TO SCYLARK, JETHRO TOLL AND SOMERANDOMCRYPTOGUY FOR TAKING THE TIME TO PARTICIPATE! I WILL BE FOLLOWING THIS PROJECT CLOSELY!

NOW, IF U ENJOYED THIS AMA, PLEASE TAKE THE TIME TO LEAVE A COMMENT!

Pursuit of privacy team

If you want to know more about Salvium:

Website > https://salvium.io

Website > https://discord.com/invite/P3rrAjkyYs

Telegram https://t.me/salviumcommunity