Security Architecture
Zero-Trust. Quantum-Resistant.
Sovereign by Design.
EDN's security model was not retrofitted. It was architected from first principles around the assumption that classical cryptography will fail. Every layer of our stack reflects that assumption.
The EDN Security Framework
Post-Quantum Cryptography Layer
All document signatures use SPHINCS+ (SLH-DSA), a stateless hash-based signature scheme standardized by NIST in FIPS 205. This algorithm is mathematically resistant to both classical and quantum computational attacks, including Grover's algorithm and Shor's algorithm. No EDN document signature can be forged or reversed by any known or projected quantum hardware.
Hardware Security Module (HSM) Key Custody
Private signing keys are generated inside and permanently stored within a Google Cloud Hardware Security Module operating at FIPS 140-2 Level 3 certification. This means the physical HSM hardware has been validated to resist tampering, probing, and physical extraction. A key generated in our HSM cannot be read — ever — even by EDN engineers. All signing operations occur inside the HSM boundary.
Zero-Trust Identity & Biometric Vetting
Identity verification uses a multi-factor, zero-trust model. We do not rely on password authentication alone. Our Biometric Gate applies liveness detection and government-issued ID cross-referencing before any notarial act is permitted. Our biometric identity vetting is entirely stateless. EDN utilizes zero-persistence processing pipelines where biometric identifiers are strictly processed in-memory for instant verification and permanently purged within 24 hours, adhering to Washington MHMDA and SOC 2 Type 2 privacy standards.
Sophisticated Data Lifecycle Management
Zero-trust biometric identity vetting. TLS 1.3 encrypted channel established.
Document hash computed. SPHINCS+ signature applied inside HSM. PII isolated.
Hash anchored to Ethereum Mainnet via dedicated GCP node. Immutable record created.
All raw PII and document content deleted. Cryptographic Security Audit Certificate retained for 50+ years.
The Security Audit Certificate that remains after the 24-hour purge contains no recoverable PII. It is a mathematical proof — a hash and its associated blockchain anchor — sufficient to verify document integrity at any point in the future without retaining the original document.
EDN utilizes public blockchain networks strictly as a neutral, non-custodial decentralized timestamping mechanism. The platform anchors document cryptographic hashes to achieve independent tamper-evidence; EDN does not facilitate, custody, or manage digital financial assets, tokens, or smart-contract-based securities.
Threats EDN Is Designed to Defeat
Harvest Now, Decrypt Later (HNDL)
Adversaries archiving encrypted documents for future quantum decryption are neutralized by SPHINCS+, which has no known quantum attack vector.
Key Extraction & HSM Tampering
FIPS 140-2 Level 3 HSM hardware is physically validated against extraction. No plaintext key ever leaves the HSM boundary.
Data Breach & PII Exposure
The 24-hour PII purge cycle ensures that a breach at any point after session completion exposes zero recoverable client data.
Man-in-the-Middle Interception
TLS 1.3 with certificate pinning on all session endpoints eliminates interception risk during document transmission.
Blockchain Reorganization & Anchor Tampering
Anchoring to Ethereum Mainnet — not a private or L2 chain — means document anchors inherit the full hash power of the most battle-tested public blockchain. Reorganization of 50+ blocks is computationally impossible.
Identity Spoofing & Synthetic ID Fraud
Real-time liveness detection and government ID cross-referencing in the Biometric Gate prevent synthetic or stolen identity use.