Security Model

Security by construction

Six layers of defense. Zero compromises. Every layer of the identity stack is built on battle-tested cryptography with formal security properties.

01

Cryptographic Identity

Ed25519 signatures, HKDF-SHA256 key derivation, BLAKE3 hashing. Every identity is self-certifying and offline-verifiable.

Ed25519 signaturesHKDF-SHA256 derivationBLAKE3 content hashingJCS canonicalization
02

Capability-Based Access

Arsenal Agent Capability Tokens (ACTs) with short TTLs, proof-of-possession binding, and least-privilege scoping.

30s-10min TTL tokensProof-of-possessionScope narrowingHash-chained audit
03

Threshold Governance

FROST distributed key generation. No single point of compromise. t-of-n humans required for critical operations.

FROST DKGThreshold signingCoordinator-lessNoise XX transport
04

Policy Enforcement

Multi-dimensional policy engine with spending limits, temporal windows, lineage constraints, and contract policies.

Spending policiesTemporal windowsLineage constraintsDelegation narrowing
05

Trust Verification

7-step verification pipeline: resolve, validate schema, verify signature, check revocation, verify lineage, liveness, conformance.

7-step pipelineRevocation treesLiveness checksConformance levels
06

Memory Safety

Rust-first with #![forbid(unsafe_code)]. Zeroize on all key material. Constant-time comparisons. No timing side channels.

#![forbid(unsafe_code)]ZeroizeOnDropConstant-time opsNo timing leaks

Security Guarantees

#![forbid(unsafe_code)]
All Rust crates
0 CVEs
In production
Constant-time
All comparisons
ZeroizeOnDrop
All key material