Proof of Security Controls
Security architecture is published, not hidden. Institutional counterparties can evaluate the threat model, key management, and authorization design directly.
Threat Model Summary
JIL's threat model covers key compromise, validator collusion, network partition, and supply chain attacks. Mitigations are layered across cryptography, consensus, and operational controls.
- Key compromise: MPC 2-of-3 threshold - no single point of failure
- Validator collusion: 14-of-20 quorum across 13 jurisdictions
- Network partition: adaptive quorum with halt-below-10 safety
- Supply chain: signed image pipeline with digest verification
Key Management Model
MPC 2-of-3 threshold signing ensures no single party controls settlement authorization. Post-quantum cryptography (Dilithium/Kyber) provides forward security against quantum threats.
- User holds 1 key shard - non-custodial by design
- Ed25519 + secp256k1 for current operations
- Dilithium/Kyber for post-quantum readiness
- AES-256-GCM encryption for keys at rest
Authorization Lanes
Settlement authorization flows through distinct lanes based on risk tier, amount, and jurisdiction. Each lane enforces its own policy corridor and approval threshold.
- Retail lane: standard MPC authorization
- Institutional lane: enhanced KYC + multi-party approval
- High-value lane: additional compliance gates
- Cross-border lane: jurisdiction-specific fencing
Data Boundaries and Incident Response
Settlement data is partitioned by jurisdiction. Validator nodes only process data for their assigned compliance zones. Incident response follows a defined escalation path.
- Per-jurisdiction data isolation
- 7-gate validator startup sequence
- 24h time-limited consensus authorization tokens
- HMAC-authenticated remote control commands
Ready to verify?
Start with a structured POC. Evaluate JIL settlement infrastructure on a single corridor.