Security Model

Threat model

The threat model covers actor impersonation, key compromise, replay, scope widening, validator collusion, gateway compromise, side-channel disclosure, and revocation evasion. Mitigations are tracked in governance/threat_matrix.md in the public repository.

Cryptographic primitives

ML-DSA-65 (CRYSTALS-Dilithium) for signatures, with hybrid signature support. Hashing primitives and AEAD selections track current best practice and are documented in the security crate.

Determinism

No floating-point arithmetic anywhere in the protocol. Validation and consensus paths are deterministic so that disputes can be re-played bit-for-bit.

Disclosure

See the public security page for coordinated-disclosure contact and PGP key.