Security

Enterprise-Grade Security

Protecting digital assets with institutional-grade infrastructure. Our security architecture is designed to meet the requirements of regulated financial institutions.

Security Architecture

HSM-Backed Key Management

All private keys generated and stored in FIPS 140-2 Level 3 HSMs (AWS CloudHSM, Azure Dedicated HSM, Thales Luna). Never leaves the module in plaintext.

MPC Threshold Custody

2-of-3 and 3-of-5 threshold signing. Key shares distributed across geographic regions and organizational boundaries — no single party can move funds.

Post-Quantum Cryptography

NIST FIPS 204 (ML-DSA / Dilithium), FIPS 203 (ML-KEM / Kyber), FIPS 205 (SLH-DSA / SPHINCS+). End-to-end quantum-safe — consensus, signing, key exchange, MPC.

Fully Homomorphic Encryption

CKKS-based FHE coprocessor on the Z/A-Chain VM. Orders matched, portfolios analyzed, and compliance checks run on encrypted data — values never decrypted.

Enterprise Identity

OIDC via Hanzo IAM (hanzo.id). SAML 2.0 and OAuth 2.0 for your IdP. Role-based access, fine-grained scopes, and full audit log.

Compliance & Audits

SOC 2 Type II, penetration-tested by independent firms, full audit trail on every transaction. KYC/AML, sanctions, SAR/CTR built into the pipeline.

Certifications & Compliance

SOC 2 Type II

Certified

ISO 27001

In Progress

PCI DSS

Compliant

GDPR

Compliant

Operational Security

Penetration Testing

Annual third-party penetration tests conducted by leading security firms. Continuous vulnerability scanning with automated remediation workflows.

Incident Response

24/7 security operations center (SOC) monitoring. Documented incident response procedures with defined SLAs and communication protocols.

Business Continuity

Multi-region disaster recovery with RPO/RTO targets. Regular DR drills and documented recovery procedures. Encrypted off-site backups.

Vendor Management

Rigorous third-party risk assessment program. All critical vendors undergo security review and contractual security requirements.

Audits & Formal Proofs

Independent Security Audits

Full list of third-party security reviews of the Lux Network, consensus, EVM, bridge, and smart contracts — open for public review at github.com/luxfi/audits.

Formal Verification (Lean4, TLA+, Tamarin)

Machine-checked proofs of Quasar certificate soundness, post-quantum finality without BLS, and protocol safety — github.com/luxfi/proofs.

Master Security Model

Comprehensive security model of the Lux Network: threat model, assumptions, reductions, and defense-in-depth.

HSM Trust Boundary

How keys flow between HSMs, threshold MPC, and on-chain signing — with the attacker model and key-custody proofs.

Smart Contract Auditing Methodology

The review process, tooling (Slither, Halmos, Foundry invariants), and acceptance criteria for contracts shipping to mainnet.

Research Index

Every paper across Lux, Hanzo, and Zoo — consensus, PQ crypto, FHE, threshold signing, DeFi, and AI safety.

Security Research Program

We work with security researchers to identify and address vulnerabilities. If you discover a security issue, please report it responsibly.

security@lux.financial

Questions about our security?

Our security team is available to discuss your specific requirements.