[help-wanted] Cryptography review: ML-DSA-65 usage + Phase 3 STARK privacy direction

[Fiyiware]

What this is

A bounded, concrete review task for a cryptographer with a lattice / post-quantum / ZK background (PhD student, post-PhD, or practitioner). Not a "join a startup" ask — just expert eyes on two specific things.

The concrete asks

1. Validate the ML-DSA-65 (FIPS 204) usage. The Phase 0 prototype signs with dilithium-py and the Rust PoC (poc/ml-dsa-precompile/) verifies with fips204. Is anything off in how we handle signatures, address derivation (SHA3-256 of the public key), or domain separation? Are the parameter choices sound for the stated threat model?
2. Sanity-check the Phase 3+ confidentiality direction (STARKs + lattice-based commitments) before it gets committed more deeply in whitepaper v0.3 — see whitepaper §7.5. Is the "STARKs are natively post-quantum, SNARKs are not" framing accurate and well-scoped?
3. (Optional) Flag any over- or under-claim in the crypto sections of the whitepaper. We take the no-overclaiming discipline seriously.

What's in it for you

• Co-authorship on a short technical write-up we'd like to put on IACR ePrint or submit to a venue.
• Credit as reviewer/advisor in the README and whitepaper.
• Paid hours in Phase 1 if our NLNet (NGI Zero Commons) grant lands — see JOIN.md.

Honest status

Phase 0, single founder, AI-assisted (openly disclosed). Unpaid today; Phase 1 is grant-funded. We genuinely value rigorous critique over agreement.

How to engage

Comment here, or reach out via the channels in JOIN.md. Even partial feedback (one of the three) is very welcome.