Convergence, not stacking. Seven realities, bound.

The seven layers below are the protocol AION binds itself to. Layers I–IV are formalized in open-source code as unaudited primitives, running locally in the demonstration. Their bindings — sovereign custody, trustee panel, sanctuaries, sky — sequence into Phases 1 through 5+.

AION names what it cannot yet do with the same care as what it can. Doctrine first. Deployment follows it — not the other way around.

The plaintext is encrypted with AES-256-GCM on the user’s device. The 256-bit key is split by Shamir’s Secret Sharing into seven shards. Any four reconstruct the key; any three reveal nothing.

The math layer falls only to a quantum-relevant adversary, and only after a decade of credible quantum capability. AION’s migration plan to CRYSTALS-Kyber is locked for end of 2026.

Falls to:Quantum-relevant computePrimitive:v0.2 · unaudited

In shipped v0.5 no shard is AION-hosted; the seven-sovereign distribution is the Phase 3 target. By design, each shard would live in a different sovereign jurisdiction across five continents — chosen for legal diversity, not friendship. Loss of any three is harmless. To open a vault by force, an attacker would need a coalition of four governments to act together, in writing, in public.

Falls to:Coalition of 4+ sovereignsPrimitive:v0.2 · unaudited

A sequential hash chain has no parallel shortcut: recomputing it forces wall-clock work, and faster ASICs compress that wait but cannot eliminate it. A ten-year-calibrated lock might compress to one to three years on next-decade silicon.

In shipped v0.5 the time layer is not yet a gate. It is a soft VDF that is not bound to the encryption key: the chain is verified, not enforced, so an adversary who already holds the threshold of shards opens the vault without waiting. The “one to three years” figure describes the VDF-bound target below — not today’s behavior. We disclose this rather than overstate it (audit CRYPTO-2).

The premium tier migrates to a true VDF (Wesolowski / Pietrzak squaring in groups of unknown order), where verification is logarithmic and the binding is mathematical rather than empirical — at which point the wait becomes cryptographically enforced rather than advisory.

Falls to:Shard capture — not key-bound in v0.5Primitive:soft VDF · unaudited

The holder defines a question whose answer existed only in their lived experience. The answer is never sent to AION. Argon2id over the normalized answer plus a per-vault salt produces a key that wraps an additional encryption layer. Without the answer, no shard combination is enough.

Memory defeats the AI deepfake heir, the corpus-trained impersonator, and the social engineer who never sat at the family table.

Falls to:The lived past — no corpusPrimitive:v0.4 · unaudited

A small panel of named trustees, each with a hardware-backed Ed25519 keypair, must produce m-of-n signatures over the unseal request. Their signatures gate the math, geography, and time layers. Diversification across family, work, faith, and profession is enforced as a score.

Falls to:Decade-long deepfake of N humansPhase:v0.5

Premium tier. The heir presents in person at an AION sanctuary. Biometric, DNA, and trustee-panel signals converge on physical co-presence. The vault releases only to a session bound to that physical attestation. An AI agent cannot inherit by mail.

Falls to:BilocationPhase:4+

Sealing certificates are bound to public astronomical data at the moment of sealing — pulsar timing, GPS satellite triangulation, NOAA solar indices. Forging a sealing time means forging the position of the stars at that instant.

Falls to:Forging the skyPhase:5+

Convergence is not more security through more features. Each new layer must defeat a different reality, not the same one twice. A new layer that thickens an already-bound reality is not added.

Before any “security” feature is merged into AION, four questions must answer cleanly: which reality does it bind, can a future AI bypass it through one path, does its failure cause the entire vault to fail closed, and is it auditable in under two hundred lines of code.

Architecture without verification is performance art. AION publishes what we have not seen, what we have not received, and what would have to be true for the vault to fall — alongside what we can do. The links below are the receipts.

• Open-source code · every primitive auditable in under two hundred lines.
• Threat model · the failures we name openly.
• Audit reports · public when they land, in full.
• Warrant canary · what we have not received, signed.
• Transparency report · what was asked, what was given, what was refused.
• Charter · the rules we cannot change quietly.