49,000+ Ed25519-signed receipts. Hash-chained. Bitcoin-anchored. Immutable proof for every AI decision DEFONEOS has ever made.
SIGIL is DEFONEOS's cryptographic audit trail. Every time the system makes a decision โ detects a threat, deploys a sensor, votes in the BFT council, queries a data source, or triggers an alert โ it emits a SIGIL receipt. Each receipt contains the full context of the decision, an Ed25519 digital signature proving authenticity, and a hash linking it to the previous receipt, forming an immutable chain.
Unlike Palantir's centralized, vendor-editable logs, SIGIL chains are cryptographically tamper-evident. No party โ not CSOAI, not the MOD, not any future operator โ can alter a SIGIL receipt after emission without breaking the hash chain and invalidating every subsequent receipt.
| Metric | Value |
|---|---|
| Total receipts | 49,000+ |
| Unique agents | 12+ |
| Daily emissions | ~800/day |
| Chain start | 17 Jun 2026 |
| Bitcoin anchors | Every 1,000 receipts |
| Signature algorithm | Ed25519 (RFC 8032) |
| Hash function | SHA-256 |
| Key size | 256-bit public, 256-bit private |
Speed: Ed25519 signatures verify in ~50 microseconds โ 100x faster than RSA-2048. This matters when emitting 800+ receipts/day.
Size: 64-byte signatures and 32-byte keys. RSA-2048 signatures are 256 bytes. SIGIL receipts stay compact.
Security: Ed25519 has no known vulnerability to quantum attacks beyond Grover's algorithm (which halves effective security to 128 bits โ still strong). NIST PQC migration plan: ML-DSA-65 (Dilithium) by Q4 2026.
Standard: RFC 8032. Used by Signal, WireGuard, and Apple iMessage. Battle-tested.
Every SIGIL receipt follows this exact schema. The schema is versioned and backward-compatible.
{
"version": 2,
"ts": 1782620774.443,
"seq": 49182,
"agent_id": "defoneos-sentinel-01",
"action": "threat_detect",
"line": "P|sentinel-01|sigil-chain|Threat detected: anomalous AIS track near Portsmouth",
"params": {
"source": "aisstream-maritime-mcp",
"vessel_mmsi": 235009888,
"latitude": 50.7847,
"longitude": -1.0870,
"anomaly_type": "speed_exceedance",
"confidence": 0.87
},
"result": "alert_raised",
"digest": "sha256:3b975bb1c3ba409e8f...",
"signature": "ed25519:9a3f8e2d1c4b5a6f7e8d9c0b1a2f3e4d5c6b7a8f9e0d1c2b3a4f5e6d7c8b9a0f",
"prev_hash": "sha256:a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"anchor": null,
"access_control": {
"classification": "OFFICIAL",
"caveats": [],
"rel_to": ["UK", "AUS", "USA"]
}
}
Each receipt's digest is the SHA-256 hash of its content. Each receipt's prev_hash references the previous receipt's digest. This creates a chain where modifying any historical receipt invalidates all subsequent hashes.
Receipt 49181: digest=3b975b... โโโโ
โ prev_hash links
Receipt 49182: prev_hash=3b975b... โ
digest=7f2c1a... โ โโโโ
โ โ
Receipt 49183: prev_hash=7f2c1a... โโโ โ prev_hash links
digest=e8d4f2... โ โโโโ
โ โ
Receipt 49184: prev_hash=e8d4f2... โโโโโโโโ โ
digest=1a9b3c... โ
โ
โโ Bitcoin Anchor (every 1000 receipts) โโโโโโโโโ
block_height: 853,442
tx_id: 4a7b...e9f2
op_return: 1a9b3c...
timestamp: 2026-07-05T12:00:00Z
Every 1,000 SIGIL receipts, the latest digest hash is written to the Bitcoin blockchain via an OP_RETURN transaction. This creates a tamper-proof timestamp anchor that proves the entire chain existed at a specific block height. Even if someone managed to forge 1,000 receipts (impossible without the private key), they cannot forge a Bitcoin block.
| Anchor | Block Height | Receipt Range | OP_RETURN Hash |
|---|---|---|---|
| Anchor 49 | ~853,442 | 49,000โ49,999 | 1a9b3c... |
| Anchor 48 | ~852,100 | 48,000โ48,999 | e8d4f2... |
| Anchor 47 | ~850,800 | 47,000โ47,999 | 7f2c1a... |
| Anchor 1 | ~803,000 | 0โ999 | genesis... |
Cost: ~$0.50 per anchor transaction. 49 anchors total = ~$24.50 lifetime. The cheapest audit-grade integrity guarantee available.
SIGIL receipts are legally defensible evidence under UK law:
1. Electronic Communications Act 2000: Ed25519 signatures are valid electronic signatures for legal proceedings.
2. Data Protection Act 2018 / UK GDPR: SIGIL chains demonstrate accountability (Art 5(2)) and provide audit trails for automated decision-making (Art 22).
3. JSP 936 (AI in Defence): SIGIL provides the "meaningful human review" evidence chain required for AI-assisted decisions.
4. Crown Court admissibility: Hash-chained digital evidence is accepted under the Criminal Justice Act 2003 s.59 (business records exception).
Any third party can verify a SIGIL receipt in 4 steps:
Step 1: Retrieve the receipt from the chain API.
Step 2: Verify the Ed25519 signature using the agent's public key (available on-chain).
Step 3: Compute SHA-256 of the receipt content and compare to the stored digest.
Step 4: Walk the hash chain backwards to confirm prev_hash links are unbroken to the last Bitcoin anchor.
# CLI verification:
curl -X POST https://sovereign.csoai.org/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call",
"params":{"name":"sigil_verify",
"arguments":{"digest":"3b975bb1c3ba409e"}}}'
# Response:
{"valid": true, "verified_at": "2026-07-05T12:34:56Z",
"chain_intact": true, "anchor_confirmed": true}
| Feature | DEFONEOS SIGIL | Palantir Foundry Logs | Anduril Lattice |
|---|---|---|---|
| Cryptographic signing | โ Ed25519 per receipt | โ Centralized, vendor-controlled | โ Closed-source logging |
| Hash chaining | โ SHA-256 chain | โ Editable database | โ No public spec |
| Bitcoin anchoring | โ Every 1K receipts | โ None | โ None |
| Open verification | โ Public API + CLI | โ Palantir support ticket | โ Classified only |
| Tamper evidence | โ Mathematical proof | โ ๏ธ Trust the vendor | โ ๏ธ Trust the vendor |
| Legal admissibility | โ UK ECA 2000 compliant | โ ๏ธ Vendor attestation only | โ ๏ธ Unknown |
| Cost per audit | โ $0 (self-serve API) | โ $50K+ consultant | โ Classified process |
| MOD sovereignty | โ MOD holds private keys | โ Palantir holds keys | โ Anduril holds keys |
Scenario: MOD Inspector General asks "What did DEFONEOS decide at 03:47 on 15 June 2026?"
Solution: Query the SIGIL chain for that timestamp. Return all receipts. Verify each signature. Show the complete decision trail: sensor input โ AI inference โ BFT vote โ action taken. All in under 2 seconds.
Scenario: A sensor triggered a false positive alert. Was it a bug or adversarial input?
Solution: Extract the exact SIGIL receipt for that alert. See the raw input data, the model's confidence score, the BFT vote tally. Determine root cause without ambiguity. The receipt cannot be edited retroactively โ it's the truth.
Scenario: JSP 936 requires quarterly AI decision audits.
Solution: Export all SIGIL receipts for the quarter as JSON. Auto-generate compliance report with chain integrity proof. Include Bitcoin anchor timestamps for each batch. Submit to DSTL for review.
Scenario: AUKUS Pillar II requires trilateral intelligence sharing with provenance.
Solution: Each nation's DEFONEOS instance maintains its own SIGIL chain. Cross-chain references (receipt hashes from other nations) create a federated web of trust. No single nation controls the combined audit trail.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ DEFONEOS SIGIL Chain โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค โ โ โ โโโโโโโโโโโโ emit() โโโโโโโโโโโโโโโโ batch โโโโโโโ โ โ โ Agent โโโโโโโโโโโโโโ SIGIL Engine โโโโโโโโโโโโโ BTC โ โ โ โ (Ed25519)โ โ (hash chain)โ /1K โ ANC โ โ โ โโโโโโโโโโโโ โโโโโโโโฌโโโโโโโโ โโโโโโโ โ โ โ โ โ โ โ agent_id โโโโโโโดโโโโโโโ โ โ โ โ PostgreSQL โ โ โ โโโโโโดโโโโโโโ โ + SQLite โ โ โ โ Keystore โ โ (receipts) โ โ โ โ (HSM/TPM) โ โโโโโโโฌโโโโโโโ โ โ โโโโโโโโโโโโโ โ โ โ โโโโโโโโดโโโโโโโโ โ โ โ REST API โ โ โ โ + MCP tool โ โ โ โ + CLI โ โ โ โโโโโโโโฌโโโโโโโโ โ โ โ โ โ โโโโโโโโโโโโโโผโโโโโโโโโโโโโ โ โ โ โ โ โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโ โ โ โ Auditor โ โ MOD โ โ Public โ โ โ โ Portal โ โ Review โ โ Explorer โ โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโ โ โ โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Endpoint | Method | Description |
|---|---|---|
| /v1/sigil/events | GET | List recent SIGIL events (paginated) |
| /v1/sigil/single/{digest} | GET | Retrieve a single receipt by digest |
| /v1/sigil/stats | GET | Chain statistics (count, agents, daily rate) |
| /v1/sigil/export | GET | Export receipts as CSV/JSON/Parquet |
| /v1/sigil/verify/{digest} | POST | Verify a receipt's signature + chain integrity |
| /v1/sigil/anchors | GET | List all Bitcoin anchor points |
| /v1/sigil/agents | GET | List all registered signing agents + public keys |
| Gate | Why | Owner |
|---|---|---|
| Bitcoin wallet funding | Requires Nick's BTC wallet access | Nick |
| MOD key escrow | Government key management policy TBD | MOD CISO |
| PQC migration (Dilithium) | Requires formal PQC standard adoption | NIST + DSTL |
| Legal opinion on admissibility | Barrister sign-off required for court use | External counsel |
| Phase | Timeline | Deliverable |
|---|---|---|
| v2.0 (current) | Live now | Ed25519 + SHA-256 + Bitcoin anchoring |
| v2.1 | Q3 2026 | Classification-aware receipts (OFFICIAL/SECRET/TS) |
| v3.0 | Q4 2026 | Post-quantum signatures (ML-DSA-65 / Dilithium) |
| v3.1 | Q1 2027 | Cross-chain federation (AUKUS trilateral) |
| v3.2 | Q1 2027 | ZK-SNARK selective disclosure (prove without revealing) |
| v4.0 | Q2 2027 | Full JSP 936 compliance auto-reporter |
49,000+ receipts. Every decision. Immutable proof. This is how defence AI earns trust.