Uncompromising security, verifiable privacy
Solidus is designed from the ground up to protect user data and ensure protocol integrity — security primitives, an audit schedule, and compliance commitments, all in the open.
Enterprise-Grade Compliance
Meeting the highest standards for security and privacy, designed for enterprise adoption.
SOC 2 Type II
Phase 3 TargetRigorous independent audit of our security, availability, and confidentiality controls.
ISO 27001
Phase 3 TargetGlobal standard for establishing, implementing, and maintaining an ISMS.
GDPR Compliant
Phase 2Designed to meet stringent European Union data protection and privacy requirements.
Open Source
Full AuditabilityOur codebase is fully transparent, allowing community and third-party security audits.
Privacy by Design
Privacy isn't an afterthought—it's mathematically enforced at the protocol layer. These guarantees cannot be disabled.
No Biometric Data Stored
Biometrics are processed locally on the user's device. We never store, transmit, or process raw biometric data on our servers.
Selective Disclosure
Users share only the minimum necessary attributes (e.g., 'over 21') without revealing their entire identity or birthdate.
Unlinkability
Cryptographic accumulators ensure that verifiers cannot collude to track user activity across different services.
No Central Data Store
User data is stored entirely in self-custodied wallets. There is no central database for attackers to breach.
Credential Minimality
Zero-Knowledge proofs are highly optimized to ensure only a single bit of information (valid/invalid) is necessary.
User-Controlled Revocation
Users can instantly cryptographically revoke any verifiable credential they have issued, terminating access globally.
Cryptographic Primitives
Solidus relies on proven, peer-reviewed cryptographic algorithms to secure identity data at rest and in transit.
| Algorithm | Primary Use | Security Level | Status |
|---|---|---|---|
Ed25519 | Digital Signatures | 128-bit | Standard |
X25519 | Key Exchange | 128-bit | Standard |
XSalsa20-Poly1305 | Authenticated Encryption | 256-bit | Standard |
BLAKE3 | Hashing | 256-bit | Standard |
Groth16 | Zero-Knowledge Proofs | 128-bit | Roadmap |
BLS12-381 | Pairing-based Cryptography | 128-bit | Roadmap |
PBKDF2-SHA512 | Key Derivation | 512-bit | Standard |
Shamir's Secret Sharing | Key Splitting | N/A | Advanced |
Post-Quantum Migration Roadmap
While current elliptic curve cryptography is secure against classical computers, we are actively preparing for quantum threats. Solidus plans to integrate NIST-approved post-quantum algorithms (ML-KEM/ML-DSA) by 2028, ensuring long-term security for verifiable credentials.
Independent Audit Schedule
Prior to Mainnet launch, Solidus will undergo rigorous third-party audits by industry-leading security firms.
Trail of Bits
Core Protocol & Cryptography
NCC Group
Zero-Knowledge Verifiers
Sigma Prime
BFT Consensus & Slashing Logic
Vulnerability Disclosure Program
We believe in working closely with the security research community. Our bug bounty program rewards responsible disclosure of vulnerabilities that impact the integrity or privacy of the Solidus network.
Disclosure Timeline SLAs
Reward Tiers
Loss of user funds, consensus failure, protocol-wide deanonymization.
Significant denial of service, partial deanonymization, severe node compromise.
Smart contract logic errors not resulting in immediate fund loss, moderate DoS.
Minor configuration issues, defense-in-depth suggestions, non-exploitable bugs.