The honest line on what is not yet audited.

The prototype shipping at /seal, /unseal, and the memory variants is a v0.5demonstration. Its primitives — AES-256-GCM, Shamir’s Secret Sharing, sequential SHA-256, Argon2id — are themselves well-studied. AION’s composition of them is not yet third-party reviewed. Until that review is published, the prototype must not be used to seal real, irreplaceable secrets.

The Phase 1 audit covers the four cryptographic primitives (the AES-256-GCM and Shamir sealing primitive, the sequential-SHA-256 time-lock primitive, the Argon2id memory-layer primitive, and the convergence composition that binds them) together with the client-side flows that use them. The Phase 2 audit covers the production multi-sovereign storage path and the trustee quorum signing flow.

The lead auditor candidate is being chosen between Trail of Bits and Cure53. The decision is recorded as Open Question 4 in the planning Codex. The outcome is published here when signed.

A cryptographic audit reviews the math and the code. It does not review the operational practices of the seven sovereign operators, the physical security of the sanctuaries, the governance of the AION Foundation, the personnel-vetting of trustees, or the long-term durability of the substrates. Each of those gets its own attestation, on its own schedule, in its own report.

When a third-party report is signed, this page will host it in PDF, with a SHA-256 hash, the reviewer’s GPG signature, and a summary of every finding — including the ones AION has accepted as residual risk. Findings will not be redacted.

Until then, this page reads exactly as it does today.