Solana made execution fast. The edges around execution (receiving,
signing, and offline authorization) remain exposed. We secure them.
Key stays offline
Fountain QR · Argon2id
Pay without internet connection
84-byte voucher · Ed25519
Wallet never appears on-chain
x25519 ECDH stealth · No ZK
The Problem
Private keys on connected devices are exposed to malware and phishing on every signature.
Solana payments require a live RPC connection. In low-signal environments, transaction broadcasting is impossible.
Who you pay exposes your balance and history. On-chain addresses are permanent links to real-world identities.
How it works · MORA
Live Devnet Demo: No Wallet Extension RequiredA merchant accepts SOL payments via QR.
No 4G, no wallet popup, no confirmation wait.
Offline voucher signing, no RPC call
84-byte message · fits in one QR
Alice locks SOL into escrow PDA via create_escrow.
Internet is never needed for payments again.
Alice signs an 84-byte MORA message on her air-gapped device. It encodes the escrow address, a unique nonce, the payee, and the amount. The 148-byte signed voucher (message + Ed25519 signature) reaches Bob via QR: no RPC call, no connectivity required.
Each nonce deterministically derives a unique Receipt PDA
on-chain. Replay protection is enforced by Solana. The same voucher cannot be settled twice.
Bob settles on Solana later. Native Ed25519Program pre-verify ensures permanent replay protection during settlement.
The Sirius stack integrates seamlessly to provide a complete privacy and resilience layer for low-connectivity transactions.
Bob shares a Stealth ID. Alice derives a one-time vault address and signs the intention air-gapped via AirSign.
Alice signs an 84-byte voucher offline. Bob scans the QR. No internet required at payment time.
Bob settles on Solana later. Funds land in the stealth vault. Bob signs his claim air-gapped to complete the cycle.
Key never online
Zero network required
Wallet never exposed
Settlement verifiable
Bob generates a stealth base key via GrayBox. He shares a single, permanent Meta-Address with Alice. This address is never seen on-chain.
Alice uses Bob's Meta-Address to derive a one-time stealth public key. She signs the transfer intention using AirSign in total isolation.
Alice signs the 84-byte MORA voucher offline. Her device is in airplane mode. Replay protection is enforced on-chain via a Receipt PDA, not a hash chain.
Bob verifies the signature offline. Hours later, he connects to the internet to submit the signature to the MORA program and claim funds.
Use Cases
From payroll to cross-border settlement, every flow benefits from recipient privacy and transaction unlinkability.
Salary amounts stay private. Only the authorized auditor can decrypt.
Send across borders without exposing sender or recipient identity on-chain.
Move funds between accounts without telegraphing strategy to on-chain observers.
Pay contractors without making payment relationships permanently public.
MORA enables payment authorization without live connectivity. Settle later.
Viewing keys let authorized auditors trace stealth transactions without full public exposure.
FAQ
Everything you need to know about MORA, AirSign, and GrayBox.
Technical Stack
Ed25519 signed voucher · double-spend protected · Anchor PDA settlement. Each nonce is unique. The chain rejects replay before funds move.
Fountain-coded QR frames · Argon2id KDF · Ed25519. Tolerates significant QR frame loss (~30%). Designed for air-gapped signing devices.
x25519 ECDH stealth addresses · unique vault per transfer. AML-screened quarantine vault. Each receiver gets an isolated address.
One SDK for coordinating AirSign × MORA × GrayBox flows. It handles Anchor programs, offline Ed25519 vouchers, and explorer-verifiable settlements without re-implementing the cryptographic stack.
// sirius-integrators · create escrow + sign 84-byte voucher offline
import { AnchorProvider, Program, BN } from "@coral-xyz/anchor";
import { Connection, PublicKey } from "@solana/web3.js";
import nacl from "tweetnacl";
import { Buffer } from "buffer";
import idl from "./mora_idl.json";
// Prerequisites: wallet (AnchorWallet), bob (payee PublicKey),
// keypair (payer, air-gapped), totalLamports (bigint),
// nonceBuffer / amountBuffer / payee (PublicKey) — see docs for details.
const MORA_PROGRAM_ID = new PublicKey("9fcXHD3pHDKLX79JuVgCEKQiqYkvVqFtpoAEVjBq4aJ8");
const connection = new Connection("https://api.devnet.solana.com");
const provider = new AnchorProvider(connection, wallet, {});
const program = new Program(idl, MORA_PROGRAM_ID, provider);
// 1) Lock SOL into escrow PDA — internet required only once
const seed = Date.now();
const seedBuffer = Buffer.alloc(8);
seedBuffer.writeBigUInt64LE(BigInt(seed));
const [escrow] = PublicKey.findProgramAddressSync(
[wallet.publicKey.toBuffer(), seedBuffer], MORA_PROGRAM_ID);
await program.methods
.createEscrow(new BN(totalLamports.toString()))
.accounts({ payer: wallet.publicKey, escrow })
.rpc();
// 2) Sign 84-byte voucher offline — no RPC call needed
// Format: "MORA"(4) | escrow(32) | nonce(8) | payee(32) | amount(8)
const msg = Buffer.concat([Buffer.from("MORA"), escrow.toBuffer(),
nonceBuffer, payee.toBuffer(), amountBuffer]);
const sig = nacl.sign.detached(msg, keypair.secretKey);
// 3) Bob settles — Ed25519 native verify + on-chain transfer
await program.methods
.settle(Buffer.from(sig))
.accounts({ settler: bob.publicKey, escrow })
.rpc();Modular with battle-tested Solana primitives: Anchor programs, WASM modules,
ECDH derivation, Explorer-verifiable devnet proofs.
On-Chain Proof
The Sirius stack can optionally route through Cloak, an independent ZK shielded pool not operated by Sirius Labs.
The transactions below are Cloak's own mainnet activity, shown as evidence that the integration is live and verifiable.
| Key Agreement | x25519 (ECDH) |
| WASM Runtime | Rust wasm-bindgen |
| Solana Tools | Anchor 0.32 |
| Compliance | Viewing Key Support |
Sirius Labs protects a fundamentally different attack surface. Existing ZK solutions hide what was sent. Sirius hides when it was sent, who receives it, and ensures the signing key never touches the internet. Double-spending and double-settlement are enforced on-chain by Solana itself. No trusted server required.
Sirius targets the massive gap between current blockchain requirements and how people actually move value. We unlock Solana for payment flows that demand privacy and resilience.
Existing payment rails require internet, identity verification, and real-time connectivity. Sirius removes all three constraints from Solana.
Sources: ILO, World Bank, GSMA. Emerging market estimates.
Core stack deployed on Solana devnet. MORA offline voucher escrow, GrayBox stealth addresses with AML-gated quarantine vault, and AirSign air-gapped signing, all functional and explorer-verifiable.
Sirius AI: Private Payroll Agent. The first AI agent layer built on top of the core stack. Offline authorization, stealth address routing, and air-gapped signing orchestrated autonomously for private payroll flows on Solana.
Usage-linked fees, enterprise licensing, and validator-aligned revenue share as throughput scales.
Wallet adapters, hardware-signer partnerships, and handset OEM pilots in low-connectivity markets.
Mainnet deployment, relayer network expansion with corridor-specific failover, and third-party security audit.
Specializing in Anchor development and high-performance Solana programs. Focused on deterministic state machines.
Specializing in institutional payment architecture and financial compliance frameworks. Bridging trad-fiat rails with Solana.
Providing economic analysis and market strategy for frontier technologies. Focused on emerging market adoption.
Sirius Labs emerged from the Colosseum Frontier hackathon to close the critical security gaps blocking broader adoption of Solana, recognized by Superteam Turkey and actively pursuing early-stage investment to deploy at scale across the Solana ecosystem.
Try the MORA demo. No wallet extension, no real SOL required.