Skip to main content

ULedgerNET Security Considerations

Overview​

This document outlines the security model, threat mitigations, and best practices for ULedgerNET deployments.

Security Architecture​

Defense in Depth​

πŸ” click to expand

Threat Model​

Byzantine Fault Tolerance​

πŸ” click to expand

Threat Categories​

CategoryThreatMitigation
NetworkMan-in-the-MiddleTLS 1.3 / Noise Protocol
NetworkSybil AttackCouncil membership validation
ConsensusDouble SpendBFT consensus with β…” threshold
ConsensusLong-Range AttackImmediate finality (no reorg)
CryptoSignature ForgeryProven signature schemes
CryptoHash CollisionSHA3-256/512 resistance
ExecutionReentrancyAtomic state transactions
ExecutionResource ExhaustionGas metering

Network Security​

Transport Layer Security​

πŸ” click to expand

Peer Authentication​

Every peer is authenticated using cryptographic identity:

πŸ” click to expand

Network-Level Protections​

ProtectionImplementation
EncryptionAll traffic encrypted (TLS 1.3/Noise)
AuthenticationPeer ID verification
Rate LimitingPer-peer message limits
Message SizeMaximum message size enforcement

Consensus Security​

Byzantine Fault Tolerance Properties​

PropertyGuarantee
SafetyNo two honest nodes finalize different blocks at same height
LivenessIf β‰₯ β…” nodes are honest, blocks continue to be produced
FinalityOnce finalized, blocks cannot be reverted

Equivocation Prevention​

πŸ” click to expand

Leader Failure Handling​

πŸ” click to expand

Cryptographic Security​

Signature Security​

AlgorithmSecurity LevelQuantum Resistance
secp256k1128-bit❌ Vulnerable
ED25519128-bit❌ Vulnerable
BLS12-377128-bit❌ Vulnerable
ML-DSA-87256-bitβœ… Resistant

Zero-Knowledge Proof Security​

πŸ” click to expand

Hash Function Security​

FunctionCollision ResistancePreimage Resistance
SHA3-256128-bit256-bit
SHA3-512256-bit512-bit
MiMC~128-bit~128-bit

Smart Contract Security​

Execution Isolation​

πŸ” click to expand

Gas Metering Security​

πŸ” click to expand

State Integrity​

πŸ” click to expand

Transaction Security​

Transaction Validation​

πŸ” click to expand

Timestamp Security​

CheckPurpose
Median CalculationPrevent time manipulation
Max DeviationReject outlier timestamps
Peer ConsensusMultiple timestamp sources

Replay Protection​

MechanismDescription
Transaction IDUnique hash per transaction
Validity WindowTime-limited acceptance
Recent TX CacheTrack processed transactions

Post-Quantum Considerations​

Quantum Threat Timeline​

πŸ” click to expand

Post-Quantum Migration​

ULedgerNET is prepared for the quantum future:

  1. βœ… ML-DSA-87 (Dilithium) already supported
  2. βœ… Algorithm agility built into protocol
  3. βœ… Key derivation supports all algorithms
  4. βœ… Can migrate chains to quantum-safe crypto

Security Best Practices​

Node Deployment​

PracticeRecommendation
NetworkDeploy behind firewall, use VPN for council communication
KeysUse HSM for production signing keys
UpdatesRegular security updates and patches
MonitoringEnable logging and alerting

Council Operations​

PracticeRecommendation
MembershipVet council members, require identity verification
DistributionGeographic distribution of nodes
CommunicationSecure out-of-band communication channel
Key ManagementRegular key rotation schedule

Smart Contract Development​

PracticeRecommendation
AuditingThird-party security audit before deployment
TestingComprehensive test coverage
Gas LimitsSet appropriate gas limits
UpgradabilityPlan for contract upgrades

Wallet Hierarchy Management​

PracticeRecommendation
Root Wallet ProtectionStore root wallet keys in HSM or secure vault
Least PrivilegeGrant minimum required permissions to child wallets
Hierarchy DepthLimit nesting depth for manageability
Regular AuditsReview wallet permissions and satellite lists
Offboarding ProcessDisable parent wallet to cascade-revoke all children

Wallet Security​

Hierarchical Access Control​

πŸ” click to expand

Cascading Disable Security​

When a wallet is disabled, all descendant wallets are automatically disabled:

BenefitDescription
Instant RevocationDisable one parent, revoke all children
No Orphaned AccessPrevents leftover active child wallets
Audit TrailAll disable operations recorded on-chain
ReversibleRe-enable parent to restore hierarchy

Permission Verification​

Every transaction verifies:

  1. Wallet Exists - Target wallet must be registered
  2. Wallet Enabled - Disabled wallets cannot transact
  3. Key Type Match - Transaction must use wallet's key type
  4. Signature Valid - Cryptographic signature verification
  5. Parent Authorization - Child operations require parent approval

Incident Response​

Response Process​

πŸ” click to expand

Severity Levels​

LevelDescriptionResponse Time
CriticalConsensus failure, fund loss riskImmediate
HighSecurity vulnerability, service degradation< 4 hours
MediumNon-critical bug, performance issue< 24 hours
LowMinor issue, improvement opportunityNext release

Security Contacts​

For security-related inquiries or to report vulnerabilities:

  • Follow responsible disclosure practices
  • Provide detailed reproduction steps
  • Allow reasonable time for remediation before public disclosure

Next: Wallet System