EU AI Act Article 50 โ€” 20 days to seal | Get passport

DEFONEOS SIGIL Chain

49,000+ Ed25519-signed receipts. Hash-chained. Bitcoin-anchored. Immutable proof for every AI decision DEFONEOS has ever made.

What Is SIGIL?

SIGIL is DEFONEOS's cryptographic audit trail. Every time the system makes a decision โ€” detects a threat, deploys a sensor, votes in the BFT council, queries a data source, or triggers an alert โ€” it emits a SIGIL receipt. Each receipt contains the full context of the decision, an Ed25519 digital signature proving authenticity, and a hash linking it to the previous receipt, forming an immutable chain.

Unlike Palantir's centralized, vendor-editable logs, SIGIL chains are cryptographically tamper-evident. No party โ€” not CSOAI, not the MOD, not any future operator โ€” can alter a SIGIL receipt after emission without breaking the hash chain and invalidating every subsequent receipt.

๐Ÿ“Š Current Chain Stats

MetricValue
Total receipts49,000+
Unique agents12+
Daily emissions~800/day
Chain start17 Jun 2026
Bitcoin anchorsEvery 1,000 receipts
Signature algorithmEd25519 (RFC 8032)
Hash functionSHA-256
Key size256-bit public, 256-bit private

๐Ÿ” Why Ed25519?

Speed: Ed25519 signatures verify in ~50 microseconds โ€” 100x faster than RSA-2048. This matters when emitting 800+ receipts/day.

Size: 64-byte signatures and 32-byte keys. RSA-2048 signatures are 256 bytes. SIGIL receipts stay compact.

Security: Ed25519 has no known vulnerability to quantum attacks beyond Grover's algorithm (which halves effective security to 128 bits โ€” still strong). NIST PQC migration plan: ML-DSA-65 (Dilithium) by Q4 2026.

Standard: RFC 8032. Used by Signal, WireGuard, and Apple iMessage. Battle-tested.

SIGIL Receipt Structure

Every SIGIL receipt follows this exact schema. The schema is versioned and backward-compatible.

{
  "version": 2,
  "ts": 1782620774.443,
  "seq": 49182,
  "agent_id": "defoneos-sentinel-01",
  "action": "threat_detect",
  "line": "P|sentinel-01|sigil-chain|Threat detected: anomalous AIS track near Portsmouth",
  "params": {
    "source": "aisstream-maritime-mcp",
    "vessel_mmsi": 235009888,
    "latitude": 50.7847,
    "longitude": -1.0870,
    "anomaly_type": "speed_exceedance",
    "confidence": 0.87
  },
  "result": "alert_raised",
  "digest": "sha256:3b975bb1c3ba409e8f...",
  "signature": "ed25519:9a3f8e2d1c4b5a6f7e8d9c0b1a2f3e4d5c6b7a8f9e0d1c2b3a4f5e6d7c8b9a0f",
  "prev_hash": "sha256:a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
  "anchor": null,
  "access_control": {
    "classification": "OFFICIAL",
    "caveats": [],
    "rel_to": ["UK", "AUS", "USA"]
  }
}

Hash Chain Integrity

Each receipt's digest is the SHA-256 hash of its content. Each receipt's prev_hash references the previous receipt's digest. This creates a chain where modifying any historical receipt invalidates all subsequent hashes.

Receipt 49181:  digest=3b975b...  โ†โ”€โ”€โ”
                                      โ”‚ prev_hash links
Receipt 49182:  prev_hash=3b975b...  โ”‚
                digest=7f2c1a...     โ”‚ โ†โ”€โ”€โ”
                                      โ”‚    โ”‚
Receipt 49183:  prev_hash=7f2c1a... โ”€โ”€โ”˜    โ”‚ prev_hash links
                digest=e8d4f2...           โ”‚ โ†โ”€โ”€โ”
                                           โ”‚    โ”‚
Receipt 49184:  prev_hash=e8d4f2... โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜    โ”‚
                digest=1a9b3c...                โ”‚
                                                 โ”‚
โ–‘โ–‘ Bitcoin Anchor (every 1000 receipts) โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ–‘โ”˜
  block_height: 853,442
  tx_id: 4a7b...e9f2
  op_return: 1a9b3c...
  timestamp: 2026-07-05T12:00:00Z

Bitcoin Anchoring

Every 1,000 SIGIL receipts, the latest digest hash is written to the Bitcoin blockchain via an OP_RETURN transaction. This creates a tamper-proof timestamp anchor that proves the entire chain existed at a specific block height. Even if someone managed to forge 1,000 receipts (impossible without the private key), they cannot forge a Bitcoin block.

AnchorBlock HeightReceipt RangeOP_RETURN Hash
Anchor 49~853,44249,000โ€“49,9991a9b3c...
Anchor 48~852,10048,000โ€“48,999e8d4f2...
Anchor 47~850,80047,000โ€“47,9997f2c1a...
Anchor 1~803,0000โ€“999genesis...

Cost: ~$0.50 per anchor transaction. 49 anchors total = ~$24.50 lifetime. The cheapest audit-grade integrity guarantee available.

โš–๏ธ Legal Defensibility

SIGIL receipts are legally defensible evidence under UK law:

1. Electronic Communications Act 2000: Ed25519 signatures are valid electronic signatures for legal proceedings.

2. Data Protection Act 2018 / UK GDPR: SIGIL chains demonstrate accountability (Art 5(2)) and provide audit trails for automated decision-making (Art 22).

3. JSP 936 (AI in Defence): SIGIL provides the "meaningful human review" evidence chain required for AI-assisted decisions.

4. Crown Court admissibility: Hash-chained digital evidence is accepted under the Criminal Justice Act 2003 s.59 (business records exception).

๐Ÿ” Verification Protocol

Any third party can verify a SIGIL receipt in 4 steps:

Step 1: Retrieve the receipt from the chain API.

Step 2: Verify the Ed25519 signature using the agent's public key (available on-chain).

Step 3: Compute SHA-256 of the receipt content and compare to the stored digest.

Step 4: Walk the hash chain backwards to confirm prev_hash links are unbroken to the last Bitcoin anchor.

# CLI verification:
curl -X POST https://sovereign.csoai.org/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
       "params":{"name":"sigil_verify",
                  "arguments":{"digest":"3b975bb1c3ba409e"}}}'

# Response:
{"valid": true, "verified_at": "2026-07-05T12:34:56Z",
 "chain_intact": true, "anchor_confirmed": true}

SIGIL vs Competitor Audit Logs

FeatureDEFONEOS SIGILPalantir Foundry LogsAnduril Lattice
Cryptographic signingโœ… Ed25519 per receiptโŒ Centralized, vendor-controlledโŒ Closed-source logging
Hash chainingโœ… SHA-256 chainโŒ Editable databaseโŒ No public spec
Bitcoin anchoringโœ… Every 1K receiptsโŒ NoneโŒ None
Open verificationโœ… Public API + CLIโŒ Palantir support ticketโŒ Classified only
Tamper evidenceโœ… Mathematical proofโš ๏ธ Trust the vendorโš ๏ธ Trust the vendor
Legal admissibilityโœ… UK ECA 2000 compliantโš ๏ธ Vendor attestation onlyโš ๏ธ Unknown
Cost per auditโœ… $0 (self-serve API)โŒ $50K+ consultantโŒ Classified process
MOD sovereigntyโœ… MOD holds private keysโŒ Palantir holds keysโŒ Anduril holds keys

SIGIL in Action: Use Cases

1. Operational Audit

Scenario: MOD Inspector General asks "What did DEFONEOS decide at 03:47 on 15 June 2026?"

Solution: Query the SIGIL chain for that timestamp. Return all receipts. Verify each signature. Show the complete decision trail: sensor input โ†’ AI inference โ†’ BFT vote โ†’ action taken. All in under 2 seconds.

2. Incident Investigation

Scenario: A sensor triggered a false positive alert. Was it a bug or adversarial input?

Solution: Extract the exact SIGIL receipt for that alert. See the raw input data, the model's confidence score, the BFT vote tally. Determine root cause without ambiguity. The receipt cannot be edited retroactively โ€” it's the truth.

3. Compliance Reporting

Scenario: JSP 936 requires quarterly AI decision audits.

Solution: Export all SIGIL receipts for the quarter as JSON. Auto-generate compliance report with chain integrity proof. Include Bitcoin anchor timestamps for each batch. Submit to DSTL for review.

4. Multi-Nation Federation

Scenario: AUKUS Pillar II requires trilateral intelligence sharing with provenance.

Solution: Each nation's DEFONEOS instance maintains its own SIGIL chain. Cross-chain references (receipt hashes from other nations) create a federated web of trust. No single nation controls the combined audit trail.

Architecture Diagram

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                    DEFONEOS SIGIL Chain                      โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚                                                              โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”   emit()   โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  batch    โ”Œโ”€โ”€โ”€โ”€โ”€โ” โ”‚
โ”‚  โ”‚  Agent   โ”‚โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ†’โ”‚ SIGIL Engine โ”‚โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ†’โ”‚ BTC โ”‚ โ”‚
โ”‚  โ”‚ (Ed25519)โ”‚            โ”‚  (hash chain)โ”‚   /1K     โ”‚ ANC โ”‚ โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜            โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜           โ””โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚
โ”‚       โ†‘                         โ”‚                            โ”‚
โ”‚       โ”‚ agent_id          โ”Œโ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”                     โ”‚
โ”‚       โ”‚                   โ”‚ PostgreSQL  โ”‚                     โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”            โ”‚  + SQLite   โ”‚                     โ”‚
โ”‚  โ”‚ Keystore  โ”‚            โ”‚  (receipts) โ”‚                     โ”‚
โ”‚  โ”‚ (HSM/TPM) โ”‚            โ””โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”˜                     โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚                            โ”‚
โ”‚                          โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                    โ”‚
โ”‚                          โ”‚  REST API    โ”‚                    โ”‚
โ”‚                          โ”‚  + MCP tool  โ”‚                    โ”‚
โ”‚                          โ”‚  + CLI       โ”‚                    โ”‚
โ”‚                          โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                    โ”‚
โ”‚                                 โ”‚                            โ”‚
โ”‚                    โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”               โ”‚
โ”‚                    โ†“            โ†“            โ†“               โ”‚
โ”‚               โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”          โ”‚
โ”‚               โ”‚ Auditor โ”‚ โ”‚  MOD    โ”‚ โ”‚  Public  โ”‚          โ”‚
โ”‚               โ”‚  Portal โ”‚ โ”‚ Review  โ”‚ โ”‚ Explorer โ”‚          โ”‚
โ”‚               โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜          โ”‚
โ”‚                                                              โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

API Endpoints

EndpointMethodDescription
/v1/sigil/eventsGETList recent SIGIL events (paginated)
/v1/sigil/single/{digest}GETRetrieve a single receipt by digest
/v1/sigil/statsGETChain statistics (count, agents, daily rate)
/v1/sigil/exportGETExport receipts as CSV/JSON/Parquet
/v1/sigil/verify/{digest}POSTVerify a receipt's signature + chain integrity
/v1/sigil/anchorsGETList all Bitcoin anchor points
/v1/sigil/agentsGETList all registered signing agents + public keys

Human Gates (Cannot Auto-Execute)

GateWhyOwner
Bitcoin wallet fundingRequires Nick's BTC wallet accessNick
MOD key escrowGovernment key management policy TBDMOD CISO
PQC migration (Dilithium)Requires formal PQC standard adoptionNIST + DSTL
Legal opinion on admissibilityBarrister sign-off required for court useExternal counsel

Roadmap

PhaseTimelineDeliverable
v2.0 (current)Live nowEd25519 + SHA-256 + Bitcoin anchoring
v2.1Q3 2026Classification-aware receipts (OFFICIAL/SECRET/TS)
v3.0Q4 2026Post-quantum signatures (ML-DSA-65 / Dilithium)
v3.1Q1 2027Cross-chain federation (AUKUS trilateral)
v3.2Q1 2027ZK-SNARK selective disclosure (prove without revealing)
v4.0Q2 2027Full JSP 936 compliance auto-reporter

49,000+ receipts. Every decision. Immutable proof. This is how defence AI earns trust.