Github
The Trust Fabric for the Capability Frontier
A verifiable, privacy-preserving substrate for identity adjudication, data sovereignty, forensic-grade audit trails, and deterministic finality. EXOCHAIN provides the constitutional infrastructure that high-assurance systems require.
PII/PHI never on-ledger
Deterministic finality (<2s checkpoints)
Provable alignment: invalid transitions rejected
Read the v2.2 Spec
What We're Building
EXOCHAIN is a foundational substrate for trust infrastructure. Our technology addresses the governance, auditability, and verification gaps in contemporary distributed systems through constitutional enforcement and cryptographic proofs.
Identity Fabric
Self-sovereign identity with cryptographic attestation, enabling individuals and organizations to manage credentials without centralized intermediaries.
Consent + Bailment
Explicit, verifiable consent protocols with cryptographic proof chains, ensuring data custody aligns with subject permissions at every access point.
Evidence Bundles
Tamper-evident, portable audit artifacts that maintain forensic integrity across organizational boundaries and temporal scales.
Finality + Proofs
Deterministic consensus with checkpoint-based finality, delivering sub-2-second settlement with mathematically verifiable state transitions.
Why This Matters
Contemporary digital infrastructure faces a trust collapse at scale. Audit trails lack cryptographic grounding. Consent is recorded in mutable databases. Identity verification relies on centralized authorities vulnerable to compromise and coercion.
Regulatory frameworks increasingly demand verifiable compliance, yet existing architectures cannot provide non-repudiable proof of policy adherence. High-consequence domains—healthcare, finance, critical infrastructure, AI safety—require constitutional enforcement: systems that reject invalid state transitions rather than merely logging violations.
EXOCHAIN addresses this gap through event-sourced architecture with BFT consensus, enabling organizations to demonstrate compliance through cryptographic proofs rather than attestations of trust.
Who It's For
Engineers & Builders
Core protocol contributors, fabric developers, and integration engineers building verifiable systems that require constitutional guarantees and deterministic finality.
Security, Compliance & Auditors
Security researchers, formal methods specialists, and compliance auditors evaluating cryptographic integrity, threat models, and regulatory alignment.
Public-Interest Institutions
Healthcare systems, government agencies, and high-risk domain operators requiring forensic-grade audit capabilities with privacy preservation.
AI Safety Researchers
Teams developing governance frameworks for autonomous systems, examining capability boundaries, and implementing verifiable alignment mechanisms.
Proof-First Design: Constitutional Invariants
EXOCHAIN enforces architectural constraints through the CGR Kernel—a verification layer that prevents state transitions violating constitutional rules. These are not aspirational goals but mathematically enforced boundaries.
No raw data on ledger
Personal identifiable information (PII) and protected health information (PHI) remain off-chain. Only cryptographic commitments, consent proofs, and access logs are recorded.
Consent proofs + access logs only
Every data access requires verifiable consent proof and generates an immutable access log entry. Requestors cannot bypass consent verification.
No admin override path
System administrators cannot circumvent consent requirements or modify finalized state. Constitutional rules apply uniformly across all actors.
Verifiable queries
Clients verify query responses through cryptographic proofs. Trust does not depend on indexer honesty—verification is mathematical, not relational.
Get Involved
EXOCHAIN Foundation welcomes contributions from engineers, researchers, validators, and organizations aligned with our mission. Our contributor community spans protocol development, formal verification, infrastructure operation, and domain-specific fabric implementation.
Build
Contribute to core protocol development or build domain-specific fabrics. We maintain rigorous code review standards and comprehensive test coverage requirements.
Audit
Conduct security reviews, formal verification, or threat modeling. We publish all audit findings and maintain transparent vulnerability disclosure processes.
Validate
Operate checkpoint validation infrastructure. Validators participate in BFT consensus and maintain the integrity of finality guarantees.
Partner
Pilot EXOCHAIN in your domain. We collaborate with organizations in healthcare, finance, research, and public infrastructure.
Technology: How EXOCHAIN Works
EXOCHAIN implements event-sourced architecture with DAG-based event ordering, checkpoint-finalized consensus, and client-verifiable query proofs. The system prioritizes deterministic finality, constitutional enforcement, and forensic auditability.
Our architecture separates concerns across three layers: Core (consensus and state management), Fabrics (domain-specific logic), and Adapters (integration boundaries). This separation enables domain specialization without compromising constitutional guarantees.
Events are primary; state is derived. This inversion enables complete audit trails, deterministic replay, and time-travel debugging. Every state transition can be verified against the complete event history.
Architecture at 30,000 Feet
Core Layer
Handles event ingestion, DAG construction, BFT consensus, checkpoint finalization, and state proof generation. The CGR Kernel resides here, enforcing constitutional invariants.
Fabrics Layer
Domain-specific implementations: Identity Fabric, Consent Fabric, Evidence Fabric. Each fabric defines events, queries, and policies within constitutional boundaries.
Adapters Layer
Integration interfaces for external systems. Adapters translate domain protocols into EXOCHAIN events while maintaining proof chains.
This layered approach ensures that constitutional rules remain consistent across all fabrics while allowing domain-specific optimization. The Core layer provides guarantees; Fabrics provide utility; Adapters provide interoperability.
Event-Sourced Ledger
EXOCHAIN stores events as the primary source of truth. State is computed by replaying events through deterministic state machines. This approach provides several critical properties:
  • Complete audit trail: Every state transition is traceable to its causal event chain
  • Temporal queries: State can be reconstructed at any historical checkpoint
  • Deterministic replay: Independent observers can verify state derivation
  • Separation of concerns: Event acceptance (consensus) is separate from state derivation (computation)
Events are organized in a directed acyclic graph (DAG) structure, enabling concurrent event submission while maintaining causal ordering. The DAG structure allows for higher throughput than linear chains while preserving the ability to establish canonical ordering at checkpoint boundaries.
This architecture eliminates the state bloat problem common in account-based ledgers. Historical state can be pruned while maintaining the ability to verify current state against the event log.
Deterministic Finality
EXOCHAIN achieves deterministic finality through Byzantine Fault Tolerant (BFT) consensus over periodic checkpoints. Unlike probabilistic finality systems, EXOCHAIN provides mathematical certainty: finalized state cannot be reverted.
The checkpoint mechanism operates on regular intervals (sub-2-second target). Within each checkpoint window, events are collected into the DAG. At checkpoint boundaries, validators execute BFT consensus to establish canonical event ordering and finalize state.
Split-root detection prevents forking. If validators observe inconsistent state roots, the system halts rather than proceeding with ambiguous state. This "fail-secure" approach prioritizes correctness over availability.

Checkpoint Finality: Once a checkpoint achieves BFT consensus (2f+1 validator signatures), its state is final. No subsequent event can modify finalized state. This property enables legal and regulatory reliance on recorded state.
Verifiable Queries
Clients do not trust query responses—they verify them. Every query response includes a cryptographic proof enabling the client to verify that the response is consistent with the finalized state root.
This architecture eliminates trust in indexers and API servers. Even if a query endpoint is compromised or malicious, clients can detect fabricated responses through proof verification. The system provides trustless reads to complement trustless writes.
Client Query
Client submits query with state root reference
Server Response
Query service returns data plus merkle proof path
Client Verification
Client verifies proof against known state root
Proof structures use Merkle trees and sparse Merkle trees, enabling efficient proofs even for large state spaces. Proof size scales logarithmically with state size, making verification practical for resource-constrained clients.
Evidence Bundles
Evidence Bundles are cryptographically signed, portable audit artifacts. They enable organizations to export verifiable records for regulatory submission, legal proceedings, or cross-organizational audit.
Each bundle contains:
  • Relevant event sequences with causal dependencies
  • State proofs linking events to finalized checkpoints
  • Consent proofs authorizing the recorded actions
  • Validator signatures attesting to event ordering
  • Bundle signature from exporting organization
Recipients can verify bundle integrity without connecting to the live EXOCHAIN network. Bundles are self-contained proof artifacts, maintaining their evidentiary value across organizational and temporal boundaries.
Vault Boundary + Gatekeeper
The Vault Boundary implements Trusted Execution Environment (TEE) based enforcement for data access. Cryptographic keys protecting off-chain data remain within TEE enclaves. Key release requires:
01
Fresh TEE Attestation
Requesting code must provide current attestation proving it executes in a valid TEE with approved code measurement.
02
Valid Consent StateProof
Request must include proof that subject has granted consent for the specific data and purpose being requested.
03
Policy Match Verification
Gatekeeper verifies that the request satisfies all applicable policies defined in the consent proof.
04
Access Logging
Before key release, an immutable access log entry is written to the ledger, recording who accessed what data when.
This architecture ensures that data custody aligns with subject consent at every access point. Keys cannot be extracted from TEEs, and access cannot occur without generating an audit trail.
EXO Credits: Utility-Only Access Tokens

Important: EXO Credits are utility tokens for hosted service access only. They are NOT investment instruments, securities, or speculative assets. No marketplace mechanics or price discovery mechanisms exist.
Organizations deploying EXOCHAIN can optionally implement EXO Credits as an internal accounting mechanism for hosted service usage. Credits represent prepaid computational and storage resources.
Credits are:
  • Non-transferable except as gifts (no sale/trade mechanisms)
  • Consumed proportionally to resource usage
  • Issued by service operators to customers
  • Not redeemable for currency
This optional utility layer enables service operators to implement usage-based billing while maintaining the foundation's non-commercial positioning. Credits are an operational convenience, not a financial instrument.
Governance: Separation of Powers for AI Systems
EXOCHAIN implements a separation-of-powers governance model analogous to constitutional democracies. This structure prevents concentration of authority while maintaining operational efficiency.
The model addresses the governance challenge in autonomous systems: how to grant operational authority while constraining capability within constitutional bounds. Traditional systems rely on ex-post audit; EXOCHAIN enforces ex-ante constraint.
Legislative Branch: AI-IRB
The AI Institutional Review Board
The AI-IRB establishes policy boundaries and approval workflows for system capabilities. It functions analogously to human subjects research review boards, evaluating proposed capabilities against ethical, legal, and safety criteria.
Responsibilities include:
  • Defining constitutional rules and capability constraints
  • Reviewing and approving new fabric deployments
  • Establishing data handling and consent policies
  • Specifying audit requirements and disclosure thresholds
  • Setting validator selection and rotation criteria
The AI-IRB cannot directly execute capabilities or modify finalized state. It sets boundaries within which the Executive branch (Holons) must operate.
Membership includes domain experts, ethicists, security researchers, and affected community representatives. Term limits and rotation requirements prevent entrenchment. Dissenting opinions are preserved in the governance record.
All AI-IRB proceedings and decisions are recorded on-chain, creating a complete governance audit trail. This transparency enables external review and accountability.
Executive Branch: Holons
Holons are autonomous operational units granted specific capabilities by the AI-IRB. They execute within constitutional boundaries but maintain operational independence.
Capability Grants
Each Holon receives explicit capability grants specifying what actions it may perform, what data it may access, and under what conditions.
Constitutional Constraints
Holons cannot exceed granted capabilities. Attempted violations are rejected by the CGR Kernel before execution.
Operational Autonomy
Within constitutional bounds, Holons make independent decisions without requiring approval for each action.
This structure balances autonomy with accountability. Holons have sufficient authority to operate efficiently while remaining constrained by constitutional rules. The model scales better than approval-per-action systems while maintaining stricter guarantees than trust-based delegation.
Holon actions are logged with sufficient detail to enable post-hoc audit without compromising operational privacy. The event log provides a complete record of what capabilities were exercised when and why.
Judicial Branch: CGR Kernel
The Constitutional Governance Rules (CGR) Kernel is the verification layer that enforces constitutional invariants. It examines every state transition before finalization, rejecting any that violate constitutional rules.
The CGR Kernel provides:
  • Pre-finalization verification: Invalid transitions never reach finalized state
  • Mathematical enforcement: Rules are checked cryptographically, not procedurally
  • No override mechanism: Even validators cannot finalize unconstitutional state
  • Deterministic interpretation: Rule evaluation is consistent across all validators
This judicial function operates automatically and continuously. There is no discretionary judgment—the rules are applied mechanistically to every transition. This eliminates the possibility of selective enforcement or political pressure compromising constitutional guarantees.
What "PROVEN" and "IMMUTABLE" Mean
PROVEN
A statement is proven when it can be verified through cryptographic proofs rather than trusted attestations. Clients verify; they do not trust. Proofs are mathematical, not relational.
Example: A data access consent proof demonstrates mathematically that the subject authorized access. The proof is verifiable without trusting the claiming party.
IMMUTABLE
State is immutable when it cannot be altered after finalization—not through administrative action, not through consensus, not through any mechanism. The mathematical properties of the cryptographic commitment prevent modification.
Example: Once a checkpoint achieves BFT finality, its state root is immutable. No subsequent action can change what was recorded at that checkpoint.

Key distinction: "Proven" addresses verifiability; "Immutable" addresses permanence. Together, they enable trustless verification of permanent records—the foundation of forensic-grade audit trails.
No Exception Path, No Emergency Override
EXOCHAIN contains no administrative override mechanism. System operators cannot bypass consent requirements, modify finalized state, or disable constitutional checks. This constraint is architectural, not procedural.
The rationale: Exception mechanisms, however well-intentioned, create attack surfaces. "Emergency override" capabilities become vectors for coercion, compromise, and abuse. Legal pressure can force activation of override mechanisms.
By eliminating override paths at the architectural level, EXOCHAIN makes it impossible for operators to comply with demands to circumvent constitutional rules. The system cannot do what the system cannot do.
This design choice trades operational flexibility for security guarantees. Systems requiring override capabilities should not use EXOCHAIN. Systems requiring constitutional certainty accept the constraint that rules apply uniformly, always, to everyone.
Governance Commitments
The EXOCHAIN Foundation commits to governance practices that reflect the constitutional principles embedded in the technology. These are commitments of practice, not legally binding obligations.
Transparency
All governance proceedings, decisions, and dissents are published. Meeting minutes, voting records, and policy rationales are publicly accessible. Transparency enables external accountability.
Dissent Preservation
Minority opinions and dissenting views are recorded alongside majority decisions. Dissent is not merely tolerated but actively preserved as part of the governance record.
Rotating Membership
Governance body membership rotates on defined schedules. Term limits prevent entrenchment and ensure fresh perspectives enter governance processes.
Conflict-of-Interest Policy
Governance participants disclose material interests that could influence decisions. Conflicts are managed through recusal or disclosure, not concealment.
Open Source: Open Infrastructure, Safety-First
EXOCHAIN is developed as open-source infrastructure. Source code, specifications, and technical documentation are publicly available. Transparency enables external audit, independent verification, and community contribution.
Open source is not merely a licensing decision—it is a safety requirement. Closed-source systems demand trust in the vendor's implementation. Open-source systems enable verification. For constitutional infrastructure, verifiability is non-negotiable.
Our open-source commitment extends beyond code publication. We maintain active community engagement, responsive issue tracking, transparent roadmap planning, and accessible contribution pathways.
How to Contribute
Code Contributions
We welcome pull requests addressing bugs, implementing features, improving performance, or enhancing documentation. All contributions undergo code review before merge.
Before contributing significant features, file an RFC (Request for Comments) describing the proposal. RFCs enable community discussion before implementation effort begins.
Issue Reporting
Report bugs, request features, or suggest improvements through GitHub Issues. Provide sufficient detail for reproduction and context for evaluation.
Security Disclosure
Report security vulnerabilities privately to security@exochain.foundation. Do not publish security issues publicly until coordinated disclosure.
We maintain a responsible disclosure process:
  1. Private notification to security team
  1. Confirmation and severity assessment
  1. Patch development and testing
  1. Coordinated public disclosure
  1. Public acknowledgment of reporter
Engineering Discipline
EXOCHAIN maintains rigorous engineering standards appropriate for constitutional infrastructure. Code quality, test coverage, and security review are non-negotiable requirements.
Comprehensive Test Coverage
All code paths require automated tests. We maintain unit tests, integration tests, property-based tests, and end-to-end tests. Continuous integration runs the full test suite on every commit.
Threat-to-Test Mapping
Security tests map directly to identified threats in our threat model. Each threat has corresponding tests verifying that mitigations function correctly.
External Audits
We commission independent security audits from qualified firms. Audit reports are published, including identified issues and remediation status.
Formal Review Posture
Critical code paths undergo formal verification where practical. All changes require peer review. Security-sensitive changes require review by designated security engineers.
Roadmap Phases
EXOCHAIN development proceeds through defined phases, each building on the previous while maintaining backward compatibility where feasible. The roadmap balances feature delivery with the stability requirements of production infrastructure.
1
Phase 0: Core
Event-sourced ledger, DAG structure, BFT consensus, checkpoint finality, basic state proofs. Foundation layer providing core guarantees.
2
Phase 1: Fabrics
Identity Fabric, Consent Fabric, Evidence Fabric. Domain-specific implementations built on core infrastructure.
3
Phase 2: Proofs
Enhanced proof systems, efficient verification, proof aggregation, recursive proofs for complex queries.
4
Phase 3: Observability
Advanced monitoring, analytics, governance dashboards, compliance reporting tools.
5
Phase 4: Hardening
Performance optimization, security enhancements, formal verification expansion, production readiness.
6
Phase 5: Optional Credits
Utility credit system for hosted service providers (optional deployment component).
Brand & Trademark Guidelines
The EXOCHAIN Foundation maintains trademark rights in "EXOCHAIN," the EXOCHAIN logo, and associated marks. These marks identify official foundation projects and authorized implementations.
Permitted Use
  • Technical documentation accurately describing EXOCHAIN
  • Compatibility statements ("built on EXOCHAIN")
  • Educational materials and research papers
  • Fork identification with clear distinction ("EXOCHAIN-derived")
Prohibited Use
  • Implying endorsement without authorization
  • Confusing product naming suggesting official status
  • Modifying or distorting official logos
  • Unauthorized domain registration using "EXOCHAIN"
For permission requests or clarification on acceptable use, contact brand@exochain.foundation and legal@exochain.foundation. Detailed brand guidelines and downloadable logo assets are available at exochain.foundation/brand.
Resources: Technical Documentation & Materials
The EXOCHAIN Foundation maintains comprehensive technical documentation, specifications, and supporting materials. All resources are publicly accessible, enabling independent evaluation and implementation.
v2.2 Specification
Complete technical specification of EXOCHAIN architecture, protocols, and interfaces. Authoritative reference for implementers.
Whitepaper
Foundational document describing EXOCHAIN's design rationale, threat model, and constitutional governance approach.
Technical Glossary
Definitions of EXOCHAIN-specific terminology, cryptographic primitives, and architectural concepts.
Frequently Asked Questions
Common questions about EXOCHAIN architecture, governance model, use cases, and implementation.
Media Kit & Brand Assets
The EXOCHAIN media kit contains brand assets for journalists, partners, and community members. All assets adhere to brand guidelines and are provided in formats suitable for print and digital use.
Media kit contents:
  • High-resolution logos (PNG, SVG, EPS formats)
  • Color palette specifications (hex, RGB, CMYK)
  • Typography guidelines and font files
  • Spacing and sizing specifications
  • Usage examples and templates
  • Brand voice and messaging guidance
Security Audits & Vulnerability Reports
EXOCHAIN Foundation commissions regular security audits from independent firms specializing in cryptographic protocol analysis, secure systems design, and blockchain security. All audit reports are published upon completion.

Transparency commitment: We publish both findings and remediation status. Hiding vulnerabilities does not make systems secure—it prevents the community from making informed decisions.
Current audit coverage includes:
  • Core consensus implementation
  • Cryptographic proof systems
  • TEE integration and attestation flows
  • Smart contract execution environment (if applicable)
  • Network protocol security
Vulnerability reports categorize issues by severity (Critical, High, Medium, Low) and include remediation timelines. We maintain a public vulnerability disclosure log tracking all identified issues and their resolution status.
Get Involved: Join the EXOCHAIN Community
EXOCHAIN Foundation welcomes contributions from individuals and organizations aligned with our mission of building verifiable, constitutional infrastructure. Whether you're a developer, researcher, auditor, infrastructure operator, or domain expert, there are multiple pathways for meaningful contribution.
Our contributor community values technical rigor, intellectual honesty, and constructive collaboration. We maintain inclusive participation while upholding high standards for contributed work.
Contributors: Build the Future of Trust Infrastructure
Core Protocol Development
Contribute to consensus mechanisms, cryptographic proof systems, state management, and network protocols. Core development requires deep systems programming expertise and understanding of distributed systems.
Fabric Implementation
Build domain-specific fabrics for identity, healthcare, finance, supply chain, or other verticals. Fabric development combines protocol understanding with domain expertise.
Tooling & DevEx
Develop SDKs, CLI tools, testing frameworks, deployment automation, and monitoring solutions. Improve developer experience for those building on EXOCHAIN.
Documentation
Write technical documentation, tutorials, guides, and examples. Clear documentation lowers adoption barriers and reduces integration friction.
Integration & Adapters
Build adapters connecting EXOCHAIN to external systems, databases, messaging platforms, and existing infrastructure.
To join as a contributor, complete the form below indicating your areas of interest and relevant experience. We'll connect you with the appropriate working groups and provide onboarding resources.
Auditors & Researchers: Verify and Validate
EXOCHAIN's security depends on rigorous external review. We actively seek security researchers, formal methods experts, cryptographers, and audit professionals to examine our systems.
Security Research
Conduct penetration testing, vulnerability research, threat modeling, and attack surface analysis. We welcome responsible disclosure of security issues.
Formal Verification
Apply formal methods to verify critical code paths, consensus correctness, cryptographic protocol properties, and state machine invariants.
Cryptographic Analysis
Review proof systems, signature schemes, commitment structures, and cryptographic primitives for soundness and security properties.
Compliance Review
Evaluate EXOCHAIN's alignment with regulatory frameworks (GDPR, HIPAA, SOC2, etc.) and provide gap analysis for specific domains.
Audit and research engagements can be informal (community review) or formal (commissioned audits). For formal engagements, contact security@exochain.foundation with your qualifications and proposed scope.
Validators: Operate Critical Infrastructure
Validators participate in BFT consensus, maintaining the integrity of checkpoint finality. Operating validator infrastructure requires technical expertise, reliable uptime, and commitment to the network's constitutional principles.
Validator responsibilities:
  • Maintain validator nodes with high availability (target: 99.9% uptime)
  • Participate in consensus rounds, signing checkpoints
  • Monitor for split-root conditions and respond to incidents
  • Maintain current software versions with timely patching
  • Preserve audit logs and validator records
Validator selection considers technical capability, operational track record, geographic distribution, and organizational independence. Term limits and rotation policies prevent centralization.
Partners: Deploy EXOCHAIN in Your Domain
EXOCHAIN Foundation collaborates with organizations piloting constitutional infrastructure in high-assurance domains. Pilot partnerships enable real-world validation, surface integration challenges, and inform roadmap priorities.
Ideal pilot partners operate in domains where:
  • Data privacy and consent are legally or ethically critical
  • Audit trails must meet forensic or regulatory standards
  • Trust relationships are complex or contested
  • Consequences of system failure are severe
  • Constitutional guarantees provide material value
Target domains include healthcare, financial services, government/public sector, research institutions, critical infrastructure, and AI safety implementations.
Pilot engagements typically include technical architecture review, integration planning, deployment support, monitoring and observability setup, and feedback collection for protocol improvement.
Contributor Application Form
Complete the form below to join the EXOCHAIN contributor community. We'll review your application and connect you with appropriate working groups based on your interests and expertise.

All contributions are subject to our code of conduct, which emphasizes respectful collaboration, intellectual honesty, and constructive engagement. Review the full code of conduct at exochain.foundation/conduct.
Form fields include:
  • Full name and professional affiliation
  • Email address and preferred contact method
  • Area(s) of interest: Core development, Fabrics, Tooling, Documentation, Research, Audit, Validation, Other
  • Relevant experience and expertise
  • GitHub username (if applicable)
  • Brief statement of interest (why you want to contribute to EXOCHAIN)
  • Time commitment availability (hours per week/month)
Auditor & Researcher Application
Security researchers and auditors play a critical role in maintaining EXOCHAIN's security posture. Apply below to join our security research community or propose a formal audit engagement.
Application details:
  • Full name and organizational affiliation
  • Professional background (security research, formal verification, cryptography, etc.)
  • Relevant certifications (OSCP, CEH, etc.) and publications
  • Proposed focus areas (consensus, cryptography, network security, TEE, etc.)
  • Engagement type: Informal community review or Formal commissioned audit
  • Timeline and availability
  • Compensation expectations (for formal audits)
Validator Registration
Register your interest in operating EXOCHAIN validator infrastructure. Validator onboarding is selective, prioritizing technical capability, operational maturity, and network decentralization.
Registration requirements:
  • Organization name and technical point of contact
  • Infrastructure specifications (compute, storage, network capacity)
  • Geographic location and hosting environment
  • Operational experience (uptime history, incident response capability)
  • Security posture (HSM usage, access controls, monitoring)
  • Organizational independence and conflict-of-interest disclosure
Pilot Partnership Request
Organizations interested in piloting EXOCHAIN should provide information about their use case, technical requirements, timeline, and organizational context. We prioritize pilots in high-impact domains where constitutional guarantees provide material value.
Organization Information
  • Organization name, size, and industry/domain
  • Primary contact name, title, email
  • Technical contact (if different from primary)
Use Case Description
  • Domain and application context
  • Current challenges or gaps EXOCHAIN addresses
  • Key requirements (privacy, auditability, compliance, etc.)
  • Scale expectations (transaction volume, data volume, users)
Technical Environment
  • Existing infrastructure and systems
  • Integration requirements
  • Deployment preferences (cloud, on-premise, hybrid)
Timeline & Resources
  • Desired pilot start date
  • Pilot duration and success criteria
  • Technical resources available for pilot
  • Budget considerations
Support EXOCHAIN Foundation: Philanthropic Investment
EXOCHAIN Foundation operates as a non-profit organization dedicated to developing and maintaining constitutional infrastructure for the public benefit. Financial support enables sustained development, security audits, research grants, and community programs.
Donations fund mission-critical activities that cannot be supported through commercial mechanisms while maintaining the foundation's independence and public-interest orientation.
What Your Support Funds
Security Audits
Independent security reviews from qualified firms, formal verification projects, penetration testing, and vulnerability research programs.
Core Development
Salaries for core protocol engineers, infrastructure costs for development and testing environments, and tooling for development workflows.
Research Grants
Funding for academic research on cryptographic protocols, formal verification methods, governance models, and domain-specific applications.
Community Programs
Documentation development, educational workshops, conference participation, and community building activities that expand EXOCHAIN adoption.
Financial Transparency & Accountability
EXOCHAIN Foundation commits to financial transparency. We publish periodic financial reports detailing revenue sources, expenditure categories, and fund allocation decisions.
Financial reports include:
  • Total donations received by source category
  • Expenditures by functional area
  • Reserve balances and sustainability runway
  • Major grants and contracts
  • Compensation ranges for key personnel
These reports do not disclose individual donor identities without explicit consent, but provide aggregate transparency enabling donors to assess fund utilization and organizational sustainability.
Financial governance includes:
  • Independent audit of annual financial statements
  • Board review and approval of budgets
  • Conflict-of-interest policies for financial decisions
  • Whistleblower protection for financial concerns
Donation Options
EXOCHAIN Foundation accepts philanthropic support through multiple mechanisms. All donations directly support the foundation's mission and are used exclusively for charitable purposes.
Direct Financial Contributions
One-time or recurring donations via bank transfer, check, or wire transfer. Contact donate@exochain.foundation for wire instructions.
Cryptocurrency Donations
We accept donations in Bitcoin, Ethereum, and other major cryptocurrencies. Cryptocurrency donations may provide tax advantages for donors.
Appreciated Securities
Donate appreciated stocks or securities, potentially avoiding capital gains tax while supporting EXOCHAIN's mission.
Planned Giving
Include EXOCHAIN Foundation in estate planning through bequests, charitable trusts, or beneficiary designations.
Sustainable Hosting via Utility Credits (Optional)

Reminder: This section describes an optional operational model for service providers. EXO Credits are utility tokens for resource access, not investment instruments or speculative assets.
Organizations deploying EXOCHAIN for hosted services may optionally implement EXO Credits as an internal accounting mechanism. This utility-credit model enables sustainable service operation without requiring foundation subsidy.
In this model:
  • Service operators issue credits to customers in exchange for service fees
  • Credits are consumed proportionally to computational and storage resource usage
  • Credit mechanics are internal to each service operator (no inter-operator marketplace)
  • Credits are non-transferable except as gifts (no secondary markets)
This approach enables usage-based billing while maintaining non-commercial foundation positioning. Credits fund infrastructure operation, not foundation activities.
Contact EXOCHAIN Foundation
EXOCHAIN Foundation maintains dedicated contact channels for different inquiry types. Using the appropriate contact ensures your message reaches the right team and receives timely response.
Primary Contact Channels
General Inquiries
Questions about EXOCHAIN, partnership opportunities, media requests, and general information.
Security Disclosures
Report security vulnerabilities, responsible disclosure, and security research coordination.
Brand & Trademark
Brand usage permissions, logo requests, trademark questions, and media kit access.
Legal & Compliance
Legal questions, compliance matters, licensing inquiries, and contractual discussions.
Social & Developer Channels
GitHub
Source code, issue tracking, pull requests, and technical discussions occur on GitHub. This is the primary venue for engineering collaboration.
Developer Forum
Technical discussions, architecture questions, integration support, and RFC discussions happen in our developer forum.
Research Blog
In-depth technical articles, research findings, security advisories, and protocol updates published on our research blog.
Twitter/X
Project updates, community announcements, and ecosystem news. Follow @exochain for official communications.
Regional & Specialized Contacts
For region-specific inquiries or specialized topics, we maintain focused contact channels:
  • Research collaborations: research@exochain.foundation
  • Academic partnerships: academic@exochain.foundation
  • Government & public sector: gov@exochain.foundation
  • Healthcare domain: healthcare@exochain.foundation
  • Press & media: press@exochain.foundation
Response times vary by inquiry type and complexity. Security disclosures receive priority response (typically within 24 hours). General inquiries are addressed within 3-5 business days.
Technology Deep Dive: Advanced Capabilities
Beyond the core architecture, EXOCHAIN implements several advanced capabilities that enable sophisticated use cases while maintaining constitutional guarantees. These capabilities address real-world requirements in high-assurance domains.
Zero-Knowledge Proof Integration
EXOCHAIN supports zero-knowledge proofs (ZKPs) for privacy-preserving verification. ZKPs enable proving statements about data without revealing the underlying data itself.
Example applications:
  • Credential verification: Prove age > 21 without disclosing birthdate
  • Compliance verification: Prove data handling meets policy without exposing data
  • Computation verification: Prove correct execution without revealing inputs
ZKP integration maintains the verifiability requirement while enhancing privacy. Proofs are verified on-chain; private data never leaves the subject's control.
Multi-Party Computation Support
Secure Multi-Party Computation (MPC) enables multiple parties to jointly compute functions over their private inputs without revealing those inputs to each other. EXOCHAIN provides attestation and coordination for MPC protocols.
Input Commitment
Parties commit to private inputs on-chain without revealing them
MPC Execution
Off-chain MPC protocol computes function over committed inputs
Result Verification
Computation result is published with proof of correct execution
This enables collaborative data analysis, aggregated statistics, and joint decision-making without requiring data sharing or centralized processing.
Time-Bound Consent & Automated Expiration
Consent in EXOCHAIN can include temporal constraints. Subject consent may be granted for specific time periods, after which access automatically revokes without requiring explicit revocation action.
Implementation mechanisms:
  • Consent proofs include expiration timestamps
  • Gatekeeper enforces expiration during key release
  • Expired consent cannot be refreshed without new subject authorization
  • Access attempts post-expiration are logged as violations
This addresses real-world consent management challenges where subjects intend temporary access but forget to explicitly revoke. Time-bounds provide a safety mechanism ensuring consent doesn't persist indefinitely.
Time-bound consent combines with purpose-bound consent (access granted for specific stated purposes) to implement fine-grained authorization models required by privacy regulations.
Cross-Chain Interoperability
EXOCHAIN can interoperate with other blockchain systems through cryptographic bridging. Cross-chain bridges enable EXOCHAIN to provide constitutional guarantees for assets and state originating on external chains.
Bridge architecture includes:
  • Relay contracts: Smart contracts on external chains managing locked assets
  • State proofs: Cryptographic proofs of external chain state submitted to EXOCHAIN
  • Validator verification: EXOCHAIN validators verify external chain proofs before minting representative assets
  • Bidirectional transfer: Assets can move from external chain to EXOCHAIN and back
This enables organizations to leverage EXOCHAIN's constitutional guarantees while maintaining interoperability with broader blockchain ecosystems.
Confidential Computing Integration
EXOCHAIN's TEE-based Vault Boundary integrates with confidential computing platforms (Intel SGX, AMD SEV, ARM TrustZone). This integration provides hardware-enforced isolation for sensitive data processing.
01
Attestation
TEE generates cryptographic attestation proving code identity and platform security
02
Key Provisioning
Gatekeeper releases decryption keys only to attested TEE instances
03
Confidential Processing
Sensitive data is decrypted and processed within TEE boundary
04
Encrypted Output
Results are encrypted before leaving TEE boundary
This architecture ensures that even privileged system operators (root, hypervisor) cannot access plaintext sensitive data during processing. The TEE provides a hardware-backed trusted execution environment.
Use Cases: EXOCHAIN in Practice
EXOCHAIN's constitutional architecture enables novel applications in domains where trust, privacy, and auditability are paramount. The following use cases illustrate EXOCHAIN's value proposition across different sectors.
Healthcare: Consent-Driven Medical Records
Healthcare organizations face complex consent requirements under HIPAA and state privacy laws. EXOCHAIN enables patient-controlled medical records with cryptographically enforced consent.
Implementation:
  • Medical records stored encrypted off-chain
  • Consent proofs recorded on-chain specifying authorized providers and purposes
  • Provider access requires valid consent proof + TEE attestation
  • Every access generates immutable audit log
  • Patients can revoke consent, immediately terminating provider access
This architecture gives patients genuine control while enabling efficient provider access. Forensic audit trails satisfy regulatory requirements and enable investigation of unauthorized access.
Financial Services: Auditable Compliance
Financial institutions must demonstrate compliance with anti-money laundering (AML), know-your-customer (KYC), and transaction monitoring requirements. EXOCHAIN provides cryptographic proof of compliance procedures.
Identity Verification
Customer identity verification processes recorded as signed events, creating non-repudiable audit trail of KYC procedures
Transaction Screening
Every transaction includes proof that it was screened against sanctions lists and risk rules, demonstrating compliance
Suspicious Activity Reporting
SAR filing decisions recorded with supporting evidence, enabling auditor verification of detection processes
Regulatory Reporting
Evidence bundles exported for regulatory submission contain verifiable proof of reported activity
AI Safety: Capability Boundaries
As AI systems gain autonomy, establishing verifiable capability boundaries becomes critical. EXOCHAIN's governance model provides a framework for constraining AI system capabilities.
AI-IRB defines allowed capabilities for AI agents. CGR Kernel rejects actions outside granted capabilities. This creates a verifiable safety boundary: the AI cannot exceed its constitutional permissions.
Example constraints:
  • Data access limited to specific datasets
  • API calls restricted to approved endpoints
  • Resource consumption capped at defined limits
  • Human approval required for high-consequence actions
Complete action logs enable post-hoc analysis of AI decision-making. Researchers can audit what capabilities were exercised when and why.
This approach addresses the "AI alignment" problem through architectural constraint rather than behavioral training. The system cannot violate constitutional rules regardless of model weights or optimization objectives.
Supply Chain: Provenance Verification
Supply chains require verifiable provenance for high-value or regulated goods. EXOCHAIN enables cryptographic proof of custody and handling throughout supply chain stages.
1
Origin
Manufacturer records product creation with cryptographic seal
2
Transport
Custody transfers recorded with both parties signing handoff
3
Storage
Environmental conditions monitored and recorded on-chain
4
Verification
End customer verifies complete provenance chain before acceptance
This addresses counterfeit goods, temperature excursion for pharmaceuticals, and regulatory compliance for controlled substances. Every stage produces verifiable proof usable in enforcement or litigation.
The Path Forward: Building Trust Infrastructure
EXOCHAIN Foundation's mission extends beyond technology development. We are building the institutional and social infrastructure required for trustworthy autonomous systems at scale.
This work requires contributions from technologists, policymakers, domain experts, ethicists, and affected communities. Constitutional infrastructure succeeds only when it reflects diverse perspectives and serves broad public interest.
The challenges ahead include:
  • Scaling performance while maintaining constitutional guarantees
  • Expanding formal verification coverage across the protocol stack
  • Developing domain-specific fabrics for healthcare, finance, government, and other verticals
  • Building institutional adoption through pilot deployments and proven reliability
  • Advancing cryptographic techniques enabling greater privacy with maintained verifiability
  • Establishing governance norms that balance stakeholder interests while preventing capture
Join Us in Building the Trust Fabric
The future of digital infrastructure depends on systems that enforce constitutional rules rather than merely aspiring to them. EXOCHAIN provides the technical foundation; realizing its potential requires a community committed to rigorous engineering, intellectual honesty, and public benefit.
Whether you're an engineer, researcher, auditor, validator, or domain expert—there is a place for your contribution. The work ahead is substantial, the standards are high, and the impact is profound.
Read the specification. Review the code. Join the discussions. Deploy a pilot. Contribute an audit. Operate a validator. Support the foundation.
Help us build infrastructure worthy of trust.
© 2026 EXOCHAIN Foundation • Privacy PolicyTerms of Use Brand & MarksSecurity
hello@exochain.foundation