We believe security claims should be verifiable, not just asserted. This documentation provides the technical detail necessary for independent verification of our cryptographic controls and assumptions. If something here is unclear or you find a flaw, we want to know: [email protected]
How It Works
Each pet record is cryptographically anchored at creation, locked to a non-transferable token, extended through verified attestations, and independently verifiable by anyone.
Implementation Status Patent Pending
| Component | Status |
|---|---|
| Genesis Hash computation | ✅ Implemented |
| Domain-separated field hashing | ✅ Implemented |
| Non-Transferable Digital Record (Token-2022 NonTransferable) | ✅ Implemented |
| On-chain metadata storage | ✅ Implemented |
| Address rotation (BIP44 derivation) | ✅ Implemented |
| Private key encryption (PBKDF2 + XSalsa20) | ✅ Implemented |
| Device-specific key layer | ✅ Implemented |
| Attestation hash chain | ✅ Implemented |
| Canonical JSON serialization | ✅ Implemented |
| Clinic onboarding verification | 🔶 Manual process |
| Ed25519 attestation signing | 📋 Roadmap (v1.0) |
| On-chain key revocation registry | 📋 Roadmap (v1.0) |
✅ Shipped | 🔶 Operational but manual | 📋 Planned
Core Security Properties Patent Pending
Tamper-Evident Record
Every Pet Ledger begins with a Genesis Hash—a cryptographic fingerprint capturing the pet's record at creation. Stored on-chain, any modification produces a completely different hash. Forgery requires breaking SHA-256.
Protected by U.S. Patent App. 19/462,031, Claims 1-7
Non-Transferable
Digital Records use Solana Token-2022 with the NonTransferable extension. Once created, they cannot be transferred to another owner. This materially reduces transfer-based theft, resale, and related fraud vectors by design.
Tamper-Evident History
Veterinary attestations form a tamper-evident chain. Each attestation includes the hash of the previous one. Modifying any record requires re-forging every subsequent attestation and the on-chain anchor.
Protected by U.S. Patent App. 19/462,031, Claims 11-13
Independent Verification
The architecture enables record verification by querying the Solana blockchain directly and recomputing hashes — no API keys, no account required. On-chain anchoring is live; fully trustless verification without our API is in development.
Protected by U.S. Patent App. 19/462,031, Claims 8-10, 17
Technical Specification
Genesis Hash Architecture Patent Pending - Claims 1-7
The Genesis Hash is computed from:
Genesis Hash = SHA-256( protocol_version // "nebula:v1:" - enables algorithm evolution pet_id // Cryptographically random UUID, never reused mint_address // Solana blockchain address species // Categorical (Dog, Cat, etc.) breed // Categorical microchip_hash // SHA-256 with domain separator kennel_hash // SHA-256 of breeder kennel (if attributed) timestamp // ISO-8601 creation time block_slot // Solana blockchain slot number )
Why this matters: The Genesis Hash is stored on-chain. To forge a record, an attacker would need to find a SHA-256 collision (computationally infeasible), achieve sustained supermajority control of Solana validator stake, and match the exact block slot.
pet_id is a cryptographically random, non-reused UUID generated at creation time and never reassigned.
Domain-Separated Hashing Patent Pending
Each sensitive field gets its own domain prefix before hashing:
microchip_hash = SHA-256("nebula:microchip:" + microchip_number)
vet_license_hash = SHA-256("nebula:vet_license:" + license_number)
kennel_hash = SHA-256("nebula:kennel:" + kennel_name)
clinic_hash = SHA-256("nebula:clinic:" + clinic_name)
This prevents rainbow table attacks—pre-computed hashes for one field type are useless against another.
Microchip collision handling: Microchip numbers follow ISO 11784/11785 standards. Edge cases (legacy formats, regional overlaps) are handled through manufacturer context hashing and genesis timestamp precedence.
Non-Transferable Digital Record Implementation
Digital Records use Solana Token-2022 with three extensions:
| Extension | Purpose |
|---|---|
| NonTransferable | Token cannot be transferred after creation (non-transferable) |
| MetadataPointer | Record points to itself for metadata storage (self-contained) |
| TokenMetadata | Critical metadata stored on-chain, not on external servers |
On-chain metadata includes: Species, breed, hashed microchip, genesis hash, "Soulbound: True", "Investment: NO"
Revocation mechanic: The only way to remove a non-transferable digital record is to revoke it—irreversibly deleting the record. Even after revocation, the historical record remains in the public ledger.
Address Rotation (Privacy)
Each pet gets its own unique address to prevent linking in the public ledger:
Master Seed (12-word BIP39 mnemonic)
↓
BIP44 Derivation: m/44'/501'/0'/0' → Wallet for Pet #1
BIP44 Derivation: m/44'/501'/1'/0' → Wallet for Pet #2
BIP44 Derivation: m/44'/501'/2'/0' → Wallet for Pet #3
What this achieves:
- Unlinkability: No public connection between pets on the blockchain
- Single Recovery: One seed phrase recovers all derived addresses
- Standard Compliance: BIP39/BIP44 compatible with standard recovery tools
- Mandatory Enforcement: The app forces address rotation—users cannot accidentally link pets
Private Key Encryption
Private keys never exist unencrypted outside of active use:
User Password
↓
PBKDF2-SHA256 (100,000 iterations, 32-byte random salt)
↓
256-bit Encryption Key
↓
XSalsa20-Poly1305 (NaCl secretbox, 24-byte random nonce)
↓
Stored: "v2:" + base64(salt + nonce + ciphertext)
Why these choices:
- PBKDF2 100K iterations: Each password guess costs ~2-3 seconds of compute time
- XSalsa20-Poly1305: Authenticated encryption detects tampering and wrong passwords
- Device-specific key layer: iOS Keychain / Android Keystore provides hardware-backed protection
Attestation Chain Patent Pending - Claims 11-13
Veterinary attestations form a hash chain:
Genesis → Attestation #1 → Attestation #2 → Attestation #3
↑ ↑ ↑
previous=genesis previous=#1 previous=#2
Each attestation includes:
type: health_exam, vaccination, microchip_verificationprovider_id_hash: SHA-256 of vet license with domain separatorcontent_hash: SHA-256 of canonical JSON attestation contentprevious_hash: Links to prior attestationemergency_visible: Unhashed fields for emergency access
Emergency-visible fields are intentionally stored unhashed. These are low-sensitivity data (vaccine names, rabies tags—not owner PII), optimized for emergency response, and user-consented at creation time.
Attestation Authorization
A license hash is an identifier, not proof of authority. The system distinguishes:
| Layer | Purpose | Mechanism |
|---|---|---|
| Identification | Who claims to be attesting | License number → hash |
| Authentication | Proof they control that identity | Ed25519 signature with registered key |
| Authorization | Permission to create attestations | Clinic onboarding + out-of-band verification |
Key revocation: Revoked clinic keys are recorded on-chain with a revocation timestamp. Verifiers must reject any attestation signed after that timestamp. Attestations created before revocation remain valid.
Canonical JSON Specification Patent Pending - Claims 3-6
All content hashing uses deterministic JSON serialization:
- Key ordering: Alphabetically sorted at all nesting levels
- Whitespace: No spaces or newlines (minified)
- Numbers: No trailing zeros, no leading zeros except for values < 1
- Nulls: Explicit
null, never omitted - Unicode: UTF-8, no BOM, NFC normalization
This follows the principles of RFC 8785 (JSON Canonicalization Scheme) adapted for our use case.
Cryptographic Standards
| Purpose | Algorithm | Standard |
|---|---|---|
| Hashing | SHA-256 | FIPS 180-4 |
| Key Derivation | PBKDF2-SHA256 | RFC 8018 |
| Encryption | XSalsa20-Poly1305 | NaCl |
| Mnemonic | BIP39 | Bitcoin standard |
| Key Derivation Path | BIP44 | Bitcoin standard |
| Signing | Ed25519 | RFC 8032 |
| Parameter | Value |
|---|---|
| PBKDF2 iterations | 100,000 |
| Salt size | 32 bytes |
| Nonce size | 24 bytes |
| Mnemonic entropy | 128 bits (12 words) |
| Hash prefix | nebula:v1: |
Threat Model
What we defend against, and what we explicitly don't.
🛡 In-Scope Threats (We Defend)
- Record forgery: Genesis hash on-chain
- Attestation forgery: Onboarding verification (Ed25519 signing on roadmap)
- Record theft: NonTransferable extension
- Pet linkage: Mandatory address rotation
- Key extraction: PBKDF2 + device keys
- Vet impersonation: Onboarding + signing
- Replay attacks: Timestamps + hash chain
- Data tampering: Content hash on-chain
⚠ Out-of-Scope (Explicit Non-Goals)
- 51% Solana attack: Economic infeasibility
- Quantum computing: Migration path exists via protocol versioning
- Physical coercion: Cannot defend
- Lost seed phrase: User responsibility
- Malicious clinic post-onboarding: Audit trail + liability
- Nation-state adversary: Beyond scope
Verification Architecture
A critical design goal: verification should not require trusting Nebula Genesis. The architecture enables independent verification at multiple levels:
What you can verify today:
- Record exists → Query Solana directly by mint address
- Record is non-transferable → Check NonTransferable extension on-chain
- Genesis hash matches → Recompute SHA-256 from metadata
- Attestation chain valid → Walk previous_hash links
- Microchip belongs to pet → Hash microchip, compare to on-chain attribute
Current trust model: On-chain data is independently verifiable. The trust root for attestation data is currently our API. Fully trustless attestation verification via Oracle anchoring is in active development.
The system is designed to be computationally infeasible to spoof under current cryptographic assumptions. Users see a simple app. Attackers see a cryptographic fortress.
Verify It Yourself
Don't trust us—verify the public ledger directly. These external tools let you independently verify any Pet Ledger record.
Solana Explorer
Look up any mint address to see on-chain metadata, non-transferable status, and transaction history.
Solscan
Alternative explorer with detailed token account info and Token-2022 extension visibility.
SHA-256 Calculator
Recompute any hash yourself. Use our domain prefixes (e.g., "nebula:microchip:") to verify field hashes.
RFC 8785 (JSON Canonicalization)
The standard our canonical JSON follows. Use it to verify content hash reproducibility.