Security guarantees

ENI6MA’s security rests on a set of design guarantees and cryptographic choices. This page summarizes the main guarantees and the cipher types and unique measures used in the system — without quoting or showing code. It is intended for evaluators and architects who need a high-level picture of how security is achieved.

No reusable credential

Proofs are one-time and bound to a nonce and tau; there is nothing to steal or replay. The Ledger enforces burn-before-validate and one attempt per challenge. So no artifact that leaves the user’s device or the ceremony can be reused in another session.

No replay

The Ledger consumes (burns) the nonce on the first validation attempt. A second submission with the same nonce returns 409 Conflict. Combined with TTL expiry (410 Gone for expired nonces), challenge stockpiling and stale replay are prevented.

Non-informative transcript

The bearing transcript is designed so that an observer who captures challenges and responses gains zero knowledge about the secret or the user’s private mapping. The transcript is structurally disjoint from the challenge unless the observer knows the 720-way color–bearing bijection; and per-session geometry reshuffling and multiple secrets keep the attacker’s distribution over possible solutions uniform. So interception and phishing do not improve the attacker’s odds; they are forced to brute force, and the Ledger rate limit bounds the number of attempts.

Time-bound and instant revocation

Every reserved nonce has a TTL (e.g. 300 seconds); unused challenges expire. Revocation is immediate: remove the circuit’s hash from the accepted set and the next proof attempt fails. No certificate revocation lists or propagation delay.

No server-side secret store

The Registry and Ledger hold metadata and nonce lifecycle data, never user secrets or mappings. The compiler does not retain configuration after delivery. So a breach of the infrastructure does not yield reusable credentials.

Audit without PII

Ledger events record circuit hash, nonce, time, and payload hash — not bearings, secrets, or PII. Compliance and forensics can reconstruct what happened and when without exposing credential material.

Cipher types and primitives

The system uses well-understood primitives and custom constructions where needed. Hashing and integrity use SHA256 and BLAKE3. Signing and key agreement use ECDSA and secp256k1 for the Enigma-ECDSA bridge and Ethereum compatibility. The interactive proof system is based on the Rosario-Wang proof family, which does not rely on factoring or discrete-log assumptions. Entropy is drawn from a pool embedded in the circuit; design measures include 512-bit prime XOR shards, entropy pool seeding, and Transform-Scatter-Zeroize patterns to avoid leaving sensitive material in memory. OP_RETURN encryption uses a prime-seeded BLAKE3-XOF stream cipher. Hybrid A2A uses Kyber768 (post-quantum) combined with X25519 for key encapsulation.

Post-quantum resilience

The proof system’s security is grounded in information-theoretic and combinatorial properties, not in assumptions that quantum computers could break. Where brute force is the only attack path, Grover’s algorithm gives at most a square-root speedup, which is insufficient to make the search space tractable. So ENI6MA does not depend on a future post-quantum migration for its core guarantees.

Source of truth

This summary is drawn from product.MD §6–7, §10 and from FEATURES-CAPABILITIES-PATTERNS §10. For formal arguments and mathematical detail, see the product document and the cited literature.