Abstract
Summarizes the whole system: Solana rendezvous, MLS content privacy, three-pool mixer, Groth16 withdrawals, Shamir storage, direct QUIC transport, and the four-tier staking model.
Whitepaper Map
Every major section from the whitepaper, surfaced on the site.
This page is the exhaustive map, not the short brochure version. It tracks the actual structure of `docs/WHITEPAPER.md` so readers can see every major topic the paper covers before opening the full markdown document.
Core Argument
The first half of the paper defines the protocol shape.
1. Introduction
Covers the metadata problem, comparison to prior work, the core insight of using noisy public-chain activity as substrate, and the design principles that constrain the rest of the protocol.
2. Threat Model
Defines which adversaries matter, what Covenant explicitly defends, and what it does not claim to defend.
3. Global Architecture
Introduces the three planes and the reference crate layout used in the implementation.
4. Identity
Wallet as root identity, per-epoch identity tree, deterministic account choreography, curated mint universe, and contact-card model.
5. Two-Tier Epochs
Why there are fast and slow epochs, how the clock works, how HKDF domain separation is used, and how rendezvous tags are derived.
Metadata Layer
The middle of the paper is where the hard privacy machinery lives.
6. Covert Encoding
The ten encoding dimensions, per-epoch mapping rotation, sidecar minimality, distribution matching, and the honest limits of blockchain steganography.
7. Three-Pool Mixer Cascade
Pool A intake, Pool B shuffle, Pool C withdrawal, Groth16 proof structure, what the cascade hides, and what it does not hide.
8. MLS Integration
Separates message-layer cryptography from the protocol’s metadata machinery and keeps content protection grounded in OpenMLS. §8.1–8.2 cover add/remove/leave over the wire and the application-layer admin model.
9. Distributed Storage
Goals of the storage plane, Shamir split defaults, recipient-driven node selection, and pointer commitments.
10. Peer-to-Peer Transport
Direct QUIC common case, chain-coordinated NAT traversal, reflexive discovery, bootstrap interaction, and relayer fallback.
11. Token, Staking, and Rewards
CVN supply and distribution, participant tiers, user stake rationale, slashing parameters, rewards, and the lite-server role with its four bounded sub-roles.
Network And Product Model
The whitepaper goes beyond transport and covers the actual network lifecycle.
12
New User Onboarding
Cohort joins, intake intervals, warmup epochs, anonymity-set floor, and the shortened v0.3 time-to-first-message path.
13
Multi-Device Support
Device-as-member model, proximity pairing, seed-phrase pairing, stolen-seed warning window, and wallet rotation expectations.
14
Governance
What the foundation controls, what it does not control, the multisig model, on-chain governance transition, and compelled-foundation analysis.
15
Unified Wallet-And-Chat Client
One app / one identity, local profile policy, startup behavior, network switching policy, page model, feed role, invites, cross-platform shell strategy. §15.6 covers the browser / PWA client that signs real Solana transactions in WASM; §15.7 covers the privacy-opaque push backend.
16
Failure Modes And Honest Limitations
Intrinsic failure modes, implementation bugs, user behavior risks, out-of-scope attacks, transport-auth status, and hole-punching status.
17–18
Roadmap And Closing
Version milestones from v0.4 through hardening — group lifecycle, browser PWA wallet, and opaque push are shipped; storage / relayer nodes, devnet public testers, and mainnet beta are next — then the closing argument that ties the design back to the protocol's actual claims.
Appendices
The paper also nails down parameters, implementation status, and references.
Quantitative parameters
Epoch timings, identifiers, Shamir defaults, mixer settings, onboarding values, mint universe size, token numbers, staking tiers, reward rates, governance thresholds, bit budgets, and coalition resistance.
Implementation status
Implemented pieces, explicit placeholders, integration test coverage, and the remaining known issues and real-world gaps.
References
The external foundations the whitepaper builds on, including prior privacy systems, MLS, mixers, zero-knowledge proofs, and relevant network literature.
Question Coverage
The whitepaper is not just architecture; it answers product and risk questions too.
Does the whitepaper cover economics or just privacy design?
It covers both. Section 11 and Appendix A go into token supply, participant tiers, slashing, reward formulas, and the lite-server role.
Does it cover onboarding and real product UX, or only protocol internals?
Yes. Sections 12, 13, and 15 explicitly cover cohort onboarding, multi-device flows, wallet rotation expectations, and the unified wallet-and-chat client.
Does it say what Covenant cannot defend?
Yes. Section 2 has the high-level threat boundary, and Section 16 is the explicit honest-limitations section.
Does it connect to the actual repo and implementation status?
Yes. Section 3 maps the crate layout, and Appendix B is the implementation-status appendix with tests, placeholders, coverage, and known gaps.