S
Stratum
Stratum GatewayStratum ConsoleStratum ExplorerStratum SDKDocsSecurityFacilitatorsRegister API

Security

Stratum is designed so that trust is minimized and verification is maximized. This page explains what is trusted, what is verified, and what is anchored on-chain.

Trust Model

Trusted

The Stratum node signs receipts with its Ed25519 key. Participants trust that the node correctly records payment intents. The node never holds funds.

Verified

Every receipt signature is independently verifiable. Merkle inclusion proofs confirm receipt existence. The sum-to-zero netting invariant is mathematically guaranteed.

On-Chain

Only Merkle roots are anchored on-chain — one 32-byte hash per settlement window. This is a data commitment, not a payment. Anyone can verify.

Threat Model

Malicious Agent (replay attack)

Every receipt contains an idempotency key: SHA-256(payer + payee + resource_hash + amount + nonce). Duplicate keys are rejected at ingestion. An agent cannot replay a receipt to extract extra value.

Compromised Facilitator

Stratum's Merkle proofs are independently verifiable. If a facilitator claims a receipt does not exist, any party can produce the inclusion proof from the on-chain root. The facilitator cannot deny settlements that Stratum has committed to.

Stratum Node Failure

The write-ahead log (WAL) ensures crash recovery. All mutations are logged before execution. On restart, pending operations replay from the last checkpoint. No funds are at risk because Stratum never holds custody — unfinalized windows simply resume.

Receipt Forgery

Receipts are Ed25519 signed by the Stratum node. Forging a receipt requires the node's private key. Verification requires only the public key, which is published. Canonical encoding ensures signatures cannot be transferred between different receipt data.

Cryptographic Primitives

PrimitiveUsageLibrary
Ed25519Receipt signing, window head signing@noble/ed25519
SHA-256Merkle tree hashing, receipt hashing, idempotency keys@noble/hashes
SHA-512Ed25519 internal hashing@noble/hashes
RFC 6962Merkle tree structure (0x00 leaf, 0x01 node prefixes)Custom implementation
Canonical EncodingDeterministic JSON serialization for signingCustom (sorted keys, BigInt/Uint8Array encoding)

Audit Trail

Any receipt can be independently verified through the following chain:

ReceiptSHA-256 HashMerkle LeafInclusion ProofOn-Chain Root

The on-chain Merkle root is the ultimate source of truth. Given a receipt and its inclusion proof, anyone can recompute the path to the root and verify it matches the on-chain commitment. No trust in Stratum is required for verification.

Verify a receipt now

The Stratum Explorer lets you paste any receipt hash and see the full Merkle proof path, verified against the on-chain anchor.

Open Explorer →