Technical Validation
How Cairn's public claims were tested and validated.
Every result on this site was produced with sound, audited tools, on real public data, with the test method below. The results and the method are shown; the design, source, and formal proofs are available under NDA.
FOR TECHNICAL REVIEWERS
Cairn is a research prototype (TRL ~4–5). The purpose of this page is not to ask you to trust the public claims — it is to explain the design, threat model, validation, and current limitations so you can independently assess the evidence behind them. Technical scrutiny is welcome.
One core architecture, three validated applications. Every public claim is backed by a repeatable experiment, a public dataset, an audited primitive, or a running implementation — grouped below by the core foundation and each application it powers.
THE CROSS-CUTTING DEMO
Six failures of the status quo — and the running implementation surviving each
The same six hard situations, side by side. Left — the way it works today. Right — the running Rust implementation surviving each.
These six aren’t arbitrary. They’re the operational failure modes that recur in distributed identity and tactical networking — loss of the control plane, credential forgery, revocation under jamming, key loss, passive interception, and audit tampering. Cairn was designed to survive each; everything below is the validation derived from that threat model.
THE OPERATOR CONSOLE · CHECK IT YOURSELF
Verify a signed decision yourself — in your browser and on the server
A 5-industry operator console driven by one real Rust engine: every decision is a real signed artifact you re-verify in your browser AND again server-side — including a live ML-DSA-65 (FIPS 204) post-quantum signature. The strongest “check it yourself” proof.
Each claim, and how it's validated
One core architecture, validated in two applications. Every public claim maps to a concrete capability and the evidence behind it — grouped by layer, so the foundation and each application stand on their own.
The core architecture
The shared foundation every application inherits.
Works with no server (offline admission)
Live 4-node mesh — Toronto · New York · London — admitting one another over the open internet, independently re-runnable.
Revocation survives jamming and partition
Absence-based revocation — no message to censor; demonstrated under partition on the Anglova traces.
A key survives device loss or capture
Threshold custody — byte-identical recovery from a quorum of survivors; fewer than the threshold learn nothing.
Resists credential forgery by a quantum adversary
Hybrid Ed25519 + ML-DSA-65 (FIPS 204) trust anchor — a forged credential still fails the post-quantum half.
Post-quantum confidential transport
Rosenpass (PQ key exchange) keying a kernel WireGuard data plane; packet-capture-verified, and a revoke tears the tunnel down live.
Tamper-evident audit
Signed hash-chain — editing any record breaks the chain at exactly that point; any decision replays byte-for-byte.
Protocol soundness
Core protocol modeled and machine-checked in ProVerif — injective authentication, and payload secrecy that holds even after a classical key leaks.
Threat-model coverage
180+ automated tests across 13 documented attack classes; real daemons run under attack (16/16 blocked in a live red-team); the full suite and the Lean proof re-run in CI on every push.
Revocation under partition (machine-checked)
Ejecting a flagged node everywhere in ≤ 2 epochs with zero honest false lock-outs, via mission-scoped revocation — 0% false lock-outs on the real Anglova trace at every grace setting (global revocation stays flat at 3.2%), the bound proven in Lean 4 for any network size (no sorry, standard axioms only), and the scoped-revocation path shipped in the break-glass issuer and exercised live over HTTP.
Collusion-robust revocation (machine-checked, dynamic)
A ring of compromised nodes that keep vouching for a flagged device cannot keep it alive: a voucher that persistently backs a flagged node is itself flagged (complicity cascade), and a revoked node’s vouch stops counting (transitive revocation) — live and on by default. Proven in Lean 4 over unbounded network size and epochs (completeness: colluders are always caught; every flag has a real cause), fully constructive with no axioms, and the shipped monitor is checked against the proof exhaustively (every complicity pattern in a 12-epoch window, Windows and Linux). Honest boundary we red-teamed on real data: the naive cascade can briefly false-lock-out an honest voucher that hasn’t heard the revocation yet (~9% on Anglova) — the informedness-gated fix drives that to 0% (proven, uninformed_never_flagged) and is un-gameable, since a node close enough to sustain a flagged peer is close enough to receive the warning; wiring that gate on by default is the current step.
Fast enough that the network is the bottleneck
Admission ~110 µs; PQ key exchange ~0.12 ms per handshake — under 1% of a tactical-radio time budget (detailed numbers below).
Defence / tactical edge
The architecture under the harshest assumptions — disconnected, contested, mobile.
Validated on real military mobility
The NATO IST-124 Anglova battalion scenario (157 nodes, real radio-connectivity traces) — mission-scoped trust removes the friendly-unit false-revocation a naive global scheme suffers (3.2% → 0%).
Holds at fleet scale under attack
The trust plane ran over the real VeReMi 520-vehicle misbehaviour dataset across 4 attack types: every honest node admitted (0 false denies), every flagged attacker revoked, 0 collateral denials. Honest scope: Cairn acts on the dataset’s ground-truth labels — the trust-plane response at scale, not misbehaviour detection.
Works over a tactical radio
Runs end-to-end over a CORE/EMANE emulation of a narrowband, lossy link: admit → PQ exchange → WireGuard tunnel; tampered-in-flight → deny; jammed → the DDIL partition the design targets.
Custody proven on real daemons
Admission and key custody run together on 4 real meshd processes — admit, deal, and recover the exact key byte-identically, all under a signed replayable ledger.
Identity continuity
The same engine, productized as a standards-based identity issuer — for enterprise break-glass and government / defence continuity of operations.
Identity survives an IdP outage
The IdP Blackout Drill on real Keycloak + Grafana: kill the IdP → a new device still logs into real Grafana (118 ms) → revoke → denied on the next request (12 ms) → 0 false denies. 8/8 steps, every decision in a signed ledger.
Standard OIDC + SAML interoperability
A productized issuer accepted by real relying parties (Grafana, plus PyJWT and Node jose); a standards-complete OIDC authorization-code provider and a native SAML 2.0 IdP, with DPoP-bound tokens.
Survives a cryptographic migration
The same issuer signs EdDSA → hybrid → ML-DSA-65 (RFC 9964) by config; the JWKS publishes both, so relying parties migrate one at a time with no flag day. Post-quantum verification is now demonstrated live in the operator console — a real ML-DSA-65 signature verified in the browser, not merely available.
Holds up at scale
A 1,000-device load test sustains ~6,260 token issuances/sec at p99 33 ms with zero false denies.
OT / IoT & critical infrastructure — in emulation
The same engine fronting industrial control — trust decisions and a byte-replayable audit for OT/IIoT device fleets, demonstrated on real data and against a real third-party ICS. Honest maturity: strong TRL-4 / 5-in-emulation (real silicon + a real site are the pilot).
Integrated end-to-end with a real third-party ICS
Cairn was wired onto a live GRFICS v3 / Tennessee Eastman plant — real physics simulation, real Modbus soft-PLCs, a real HMI, and real Suricata (Digital Bond Quickdraw rules), not our own harness. It ingested the live Modbus fleet, admitted it with no server, revoked a flagged attacker offline and quarantined it off the OT segment, and proved every trust decision offline with an independent verifier.
Holds under load — and stress-testing hardened it
A stress run drove 44,963 signed trust decisions (a ~40k-host fleet + 5,000 revocations) in 9.35 s, rotated into 9 RAM-bounded sealed segments, and the whole series verified PROVEN by cairn-verify offline. The run surfaced and fixed a real verifier segment-ordering edge case — the kind of hardening only a real integration exposes. Honest boundary: enforcement here was a NAC-style quarantine and the detector must be OT-tuned; a real plant + a live detection-vendor feed + a third-party audit are the pilot.
Validated on real ICS / IIoT data
The substrate admits real device fleets and revokes flagged assets offline on WUSTL-IIoT-2021 (1,194,464 real Modbus/IIoT flows), 4sics-151020 (a real Siemens S7 SCADA capture), and LANL (12,027 real enterprise hosts) — a 12,027-decision audit series proven end to end and sustained as one continuous chain across daemon restarts with bounded memory.
Attack → detect → enforce → prove, offline
A real malicious-Modbus attack (pymodbus fn6/fn16/fn5 writes + fn43 enumeration) fires a real Suricata IDS; Cairn takes the alert, revokes the compromised asset with no server in the trust path, denies re-admission, and the whole decision chain verifies offline. Cairn is not a detector — any IDS / attestation / operator alert maps onto the same vendor-agnostic seam.
Adversarially tested at the daemon surfaces
A red-team battery against cairn-otd’s untrusted-input surfaces — pcap parser (OOM-bait, bad magic), alert-feed injection, and persistence tampering (a tampered chain or swapped key makes the daemon refuse to resume) — all held; the harness gates on it (exits non-zero on any hole).
Fast enough that the network is the bottleneck
Measured numbers, reproducible with cargo bench and cargo run --example wire_sizes — not estimates.
Latency — sub-millisecond
Every control-plane operation, single-thread.
- Admission decision110 µs
- Key recovery (from a survivor quorum)0.74 µs
- Post-quantum cert sign (once per cert lifetime)214 µs
On a tactical radio with 100 ms+ round-trips, all of Cairn's cryptography is well under 1% of the time budget — the link dominates, not Cairn.
Bandwidth — tens of bytes per epoch
Real encoded wire sizes.
- A vouch99 B
- Revocation0 B (an absence)
- Post-quantum HELLO (once per cert lifetime)~3.4 KB
No continuous control-plane chatter. The only large message — the post-quantum HELLO — is sent once per cert lifetime (months), not per epoch.
The data — real and public
NATO IST-124 “Anglova”
The community-standard, public-domain tactical scenario — a battalion with real radio-connectivity traces as the force moves. Used to test partition-tolerance and the mobile-adversary case.
Bitcoin-OTC / Bitcoin-Alpha
Public signed who-trusts-whom graphs — used to test the trust model against real adversarial structure (not synthetic).
Testing & red team
green on Windows and Linux, clippy-clean — re-run with the Lean proof in CI on every push.
a documented threat model, each class mapped to its own test.
admission and key custody proven on real processes — admit, deal, and recover the exact key.
Adversarial red-teaming has surfaced and fixed multiple genuine flaws in the system itself — from a timing side-channel and a denial-of-service to a broadcast-admission bug — most caught by running the real daemons under attack, not just unit tests. The most recent pass was a four-dimension review of the whole stack (gossip, key custody, admission core, and daemon/transport): the cryptographic core held — no memory-safety, forgery, or Sybil-key holes — and every finding on a live path is fixed. Hardening is continuous.
The software stack
For completeness — the building blocks underneath the results above. All sound, well-known primitives.
Rust
The whole control plane — memory-safe, constant-time, ~zero-dependency core.
Rosenpass
Post-quantum key exchange (NLnet-funded, formally verified) — keys the data plane.
WireGuard
The encrypted data-plane tunnel the PQ key exchange feeds.
ML-DSA-65 (FIPS 204)
Post-quantum signatures (RustCrypto) — hybrid with Ed25519 for the trust anchor.
Standard threshold cryptography
The secret-sharing / verifiable-sharing family — decades-old, audited primitives. No hand-rolled crypto.
swtpm + tpm2-tools
Software TPM 2.0 — validates hardware key-binding before real silicon.
CORE / EMANE
Tactical-network emulation — where the NATO Anglova scenario runs.
Sound, well-known building blocks — the contribution is the systems integration on top: how these are composed into a serverless trust plane, which is proprietary.
Current status
- Research prototype (TRL ~4–5)
- Real, running implementation — not a paper design
- Validated on public datasets (Anglova, Bitcoin-OTC)
- Machine-checked (Lean 4) + ProVerif models
- Built from established, audited cryptographic primitives
- Complements existing PKI — not a replacement
- Not yet independently audited
- Mechanism under NDA — results are public
Actively seeking independent audit, design-partner pilots, and a certification path — see What remains below.
Reproducible — and what stays under NDA
Shown publicly
The results, the public datasets, the software stack, and the test method — everything needed to judge that the results are real, not staged.
Under NDA
The integration and protocols, the source, the machine-checked proofs (Lean 4), the protocol models (ProVerif), and the full validation set — available to evaluating partners under a confidentiality agreement.
What remains
Cairn is a prototype, not a finished product — and that's the point. These are the next milestones, and what a partnership or grant would fund.
Independent security audit
Third-party review of the protocol and implementation.
Certification path (CMVP)
Toward validated cryptography for regulated and defence use.
Design-partner pilots
Real deployments with defence and critical-infrastructure partners.
Longer soak & harsher networks
A 1,000-device issuer scale test is done (~6,260 tokens/s, p99 33 ms); a multi-day soak and harsher-network mesh runs remain.
OT/IoT hardware validation
A real OT attack→detect (Suricata)→enforce→prove loop on real data (4sics S7comm + WUSTL-IIoT), Docker and Docker-free — strong TRL-4 / 5-in-emulation (real silicon + a real site remain the gate).
Hardware key-binding on real silicon
Moving from swtpm validation to fielded TPM/secure elements.
References
Datasets
- • NATO STO IST-124 “Anglova” tactical scenario. anglova.net
- • Bitcoin-OTC / Bitcoin-Alpha signed trust graphs (Stanford SNAP). snap.stanford.edu
Standards & research
- • US Army ATP 6-02.75, Techniques for Communications Security. armypubs.army.mil
- • Defence R&D Canada (DRDC) — threshold cryptography for tactical-MANET key management. dtic.mil
- • Canadian Centre for Cyber Security (CSE) — Roadmap for migration to post-quantum cryptography (ITSM.40.001), 2025. cyber.gc.ca
Want the full validation set?
Source, formal proofs, and the complete test/red-team record are available under NDA.