Technology
Hardware-enforced. Post-quantum secured. Sovereignty by architecture.
The Device
bDNA Enclave
A compact, tamper-evident cryptographic conversion device. 180 × 180 × 65 mm. 65W passive cooling. Connects directly to any DNA sequencer.
Secure Enclave
AMD EPYC + SEV-SNP
·16–32 cores · 64–128GB ECC RAM
·Per-VM memory encryption
·Remote attestation · SNP firmware 1.51+
·Enclave VM isolates runtime from host OS
·Per-VM memory encryption
·Remote attestation · SNP firmware 1.51+
·Enclave VM isolates runtime from host OS
Hardware Security Module
HSM — FIPS 140-2 Level 3
·PCI-e module · RSA/ECC up to 4096/521-bit
·10,000 ops/sec throughput
·Key generation, storage, signing
·Quantum-resistant scheme upgrade applied
·10,000 ops/sec throughput
·Key generation, storage, signing
·Quantum-resistant scheme upgrade applied
Application-Specific IC
Custom 7nm ASIC
·1–2GHz clock · Dedicated AES-GCM cores
·SHA-3 hashing · ECC acceleration
·GC-content (Guanine-Cytosine) metadata at 1GB/sec
·STARK proof verification for data availability
·SHA-3 hashing · ECC acceleration
·GC-content (Guanine-Cytosine) metadata at 1GB/sec
·STARK proof verification for data availability
Cryptographic Processor
TPM 2.0
·PKCS#11 interface · Secure + measured boot
·Root-of-trust for entire device
·Chains with SEV-SNP for full attestation
·Hash-based signatures applied
·Root-of-trust for entire device
·Chains with SEV-SNP for full attestation
·Hash-based signatures applied
Processing Pipeline
What happens inside the Enclave
01
Input USB / Ethernet
Raw FASTQ, BAM, or Microarray data streams from the sequencer into an NVMe SSD buffer encrypted with AES-256 via SEV. Ephemeral storage only — no long-term retention.
02
Parse & Analyse ASIC
ASIC parses FASTQ/BAM format, computes GC-content metadata via sliding window analysis at 1GB/sec. BioPython or htslib libraries handle format normalisation.
03
Hash, Sign & Encrypt HSM + ASIC
HSM generates keys and signs. AES-256-GCM encrypts. SHA-3-512 hashes chunks into a Merkle tree. CP-ABE applies policy-based access control (10–50 attributes). Quantum-resistant Dilithium signatures applied throughout.
04
Erase & Output Zero raw data
Plaintext is irreversibly erased. What exits: encrypted blob + Merkle root + signed proof package + attestation report. Zero raw data passthrough. Ever.
05
Chain Anchor Chain-agnostic
The sovereign client anchors the proof hash on their chosen chain — Ethereum, Bitcoin, Solana, or others. Verification: hash match + X.509 (quantum-resistant) + recursive aggregated STARK proof.
Cryptographic Stack
Post-quantum throughout
| Function | Standard | Notes |
|---|---|---|
| Symmetric encryption | AES-256-GCM | Bulk data encryption |
| Hashing | SHA-3-512 | Per-chunk integrity |
| Digital signatures | Dilithium PQ | Replaces ECDSA — quantum-resistant |
| ZK Proofs | Recursive STARKs PQ | Replaces Groth16 — recursive aggregation |
| Access control | CP-ABE | Policy-based · 256-bit · 10–50 attributes |
| PKI / Certificates | X.509 PQ | Quantum-resistant cert chain |
| Key exchange | Post-quantum scheme PQ | Replaces ECC-521 |
PQ
Post-quantum upgrade applied — NIST PQC standards 2024