INITIALIZING SECURE TERMINAL...
ORTHONODE ASSURANCE PLATFORM — OAP-v1 — EYES ONLY
PROPRIETARY // ORTHONODE SYSTEMS™ // CHAIN-AGNOSTIC

EYES ONLY // CLEARANCE LEVEL 4 // OAP-DOC-001

ORTHONODE
ASSURANCE
PLATFORM

Deterministic hardware attestation across any blockchain. The proof layer that bridges physical silicon to on-chain trust — without revealing device internal state.

4-Gate Verification Chain-Agnostic Deterministic Output Hardware-Anchored
HARDWARE TOP SECRET [REDACTED] OAP ENGINE R H1 H2 PROOF ARBITRUM SOLANA TON POLYGON EVM + ANY CHAIN
✓ PROOF VERIFIED // ATTESTATION COMPLETE

OAP-DOC-002 // DECLASSIFIED SUMMARY

WHAT OAP DOES

FILE: OAP-CAPABILITY-001 DATE: 2026-03 AUTHOR: ORTHONODE SYSTEMS™ PARTIALLY DECLASSIFIED

OAP provides deterministic hardware attestation across any blockchain. The platform proves that a physical device produced a specific cryptographic output — without revealing the device's internal state.

Every device enrolled in OAP produces a deterministic, reproducible proof. The same hardware, the same inputs, the same proof — every time. This is not probabilistic. It is cryptographic certainty anchored to physical silicon.

TOP SECRET // ORTHONODE // OAP-v1

CAPABILITY-01

Deterministic Attestation

Same device. Same inputs. Same proof. Always. OAP outputs are reproducible and verifiable by any third party without access to the device.

CAPABILITY-02

Chain-Agnostic

OAP proofs are blockchain-neutral. Deploy the verifier on Arbitrum, Solana, TON, Polygon, or any EVM chain. The proof format is universal.

CAPABILITY-03

Hardware Binding

Attested hardware targets: ESP32-S3 eFuse, TPM 2.0, REDACTED. The proof binds to the physical device — not a key that can be copied.

3F A7 C1 OK

CAPABILITY-04

ZK-Compatible

OAP proof outputs are structured for zero-knowledge system compatibility. Proofs can be consumed by ZK circuits without access to the source device.

CAPABILITY-05

Non-Extractable Keys

Device identity keys are burned into write-once hardware memory. They cannot be extracted, exported, or cloned. Physical possession does not imply key access.

CAPABILITY-06

Zero Internal Exposure

Attestation proofs are computed such that verifiers confirm device authenticity without learning anything about the device's internal configuration or state.

OAP-DOC-003 // LEVEL 3 ACCESS REQUIRED

ARCHITECTURE [PARTIAL]

SYSTEM BOUNDARY: EXTERNAL INTERFACE ONLY INTERNALS CLASSIFIED

The internal architecture of the OAP Attestation Engine is proprietary and classified. What is published here is the external interface only — inputs accepted, outputs produced, and the verification pathway available to integrators. Internal gate logic, hash construction, and proof compression algorithms are not disclosed.

Input
Hardware
Device
CLASSIFIED
[REDACTED]
Engine
CLASSIFIED
[REDACTED]
Layer
Output
Attestation
Proof
Target
Any
Chain

Interface: Input

What OAP Accepts

01 Device enrollment request + hardware identity claim
02 Challenge nonce (replay-protection)
03 Target chain + verifier contract address
04 REDACTED — internal gate parameters

Interface: Output

What OAP Returns

01 Deterministic attestation proof (bytes32 root)
02 4-gate pass/fail bitmap (public)
03 Chain-ready calldata for verifier deployment
04 Timestamp + nonce binding (replay-proof)

OAP-DOC-004 // PROTOCOL INTEGRATION

WHO USES OAP

OAP sits at the attestation layer of the Orthonode dependency chain. Protocols that require verified hardware identity consume OAP proofs directly. Additional integrations are undisclosed pending NDA execution.

SHA
Arbitrum Stylus
NEXUS
Chain-Agnostic
[REDACTED]
CLASSIFIED
[REDACTED]
CLASSIFIED
OAP PUBLIC INTERFACE // oap-v1.sol — EXTERNAL ONLY 
// OAP public verifier interface — published
// Internal attestation engine: PROPRIETARY, not shown

interface IOAPVerifier {
    /// @notice Verify a hardware attestation proof on-chain
    /// @dev    Internal proof construction: CLASSIFIED
    function verifyAttestation(
        bytes32 deviceId,
        bytes32 proofRoot,   // 0xA3F7C1D9... deterministic
        bytes4  gateBitmap,  // 4-gate result bitmap
        uint256 nonce,
        bytes calldata sig
    ) external view returns (bool valid);

    /// @notice Get canonical proof root for enrolled device
    function getProofRoot(
        bytes32 deviceId
    ) external view returns (bytes32);

    // Gate logic:         ████████████████████ [REDACTED]
    // Hash construction:  ████████████████████ [REDACTED]
    // Proof compression:  ████████████████████ [REDACTED]
}

// SHA usage pattern (Arbitrum Stylus)
contract SHAIdentity {
    IOAPVerifier public immutable oap;

    function enroll(
        bytes32 deviceId,
        bytes32 proof,
        bytes4  gates,
        uint256 nonce,
        bytes calldata sig
    ) external {
        require(
            oap.verifyAttestation(deviceId, proof, gates, nonce, sig),
            "OAP: invalid attestation proof"
        );
        _enrollDevice(deviceId);
    }
}

OAP-DOC-005 // ZERO PROPRIETARY EXPOSURE

SECURITY MODEL

GUARANTEE: PROOF DOES NOT REVEAL DEVICE STATE VERIFIED

The OAP attestation proof is designed around a core structural invariant:

VERIFY(proof, device_id) = TRUE | FALSE
∀ x: EXTRACT(proof, internal_state) = UNDEFINED

A verifier can confirm authenticity but cannot infer eFuse configuration, firmware version, key material, or any internal device parameter from the proof alone. This is a structural property of the proof system — not a policy or configuration option.

Replay Protection
Each proof binds a monotonic nonce. Captured proofs cannot be replayed against a different nonce window.
Non-Extractable Keys
eFuse OTP memory is write-once. Keys burned during manufacturing cannot be read back through any software interface.
Deterministic Outputs
Identical inputs always produce identical proofs. Randomness is excluded by design — verification is purely deterministic.
Chain-Portable Verification
The verifier contract is stateless and chain-portable. The same proof validates on any supported runtime with the OAP verifier deployed.
Clone-Proof
Hardware binding through OTP eFuse means cloned devices cannot produce valid attestation proofs. Physical device authenticity is required.
4-Gate Fail-Closed
All four attestation gates must pass for a valid proof. Partial bypass of any single gate produces an invalid proof — fail-closed by construction.

OAP-DOC-006 // RELEASE STATUS

PLATFORM STATUS

PROPRIETARY
Not Open Source — By Design
OAP is a closed, proprietary system. The attestation engine internals, gate logic, and proof construction algorithms are trade secrets. Open-sourcing them would eliminate the competitive advantage that OAP provides to protocols that integrate it. SHA, NEXUS, and undisclosed partners gain a durable edge precisely because the attestation machinery is not reproducible by adversaries.
ACTIVE
Current Deployment State
OAP is in active use within the Orthonode protocol stack. The public verifier interface is deployed and consumed by SHA on Arbitrum Sepolia. Internal engine: operational on restricted infrastructure. External SDK for integrators: in preparation. Public disclosure of architecture details: no current timeline.
INQUIRIES
Protocol Integration Requests
Protocols seeking to integrate OAP attestation may contact [email protected]. Integration is available under a commercial license. NDA required before technical documentation is shared.