2. Threat Model

We defend against the union of all known and expected adversaries in 2025–2030:

Adversary
Capabilities
SerraOS Countermeasure

Chain analysis firms

Full historical UTXO / account-model graph, clustering heuristics, exchange KYC off-ramps

No on-chain interaction originates from a repeatable address cluster; keys never persist

Exchanges (post-transaction freeze)

Subpoena power, retroactive flagging, travel-rule reporting

Transactions executed from keys that are mathematically impossible to link to the operator after shutdown

Nation-state seizure teams

Immediate physical acquisition, refrigerated DDR5, PCIe replay attacks, JTAG, Chip-off forensics

RAM shards zeroed before kernel halt begins; cold-boot attack window < 47 ms on DDR5

ISP / IX / Cloudflare

Deep packet inspection, JA3/S fingerprinting, TLS SNI logging, QUIC CID tracking

All traffic wrapped in seven-to-nine self-destructing relays with randomized TLS fingerprints per circuit

MEV bots & searchers

Real-time mempool scanning, sandwich, arbitrage, frontrunning

Circuit rebuilt every 60–90 s + artificial latency jitter; no two RPC calls ever use the same exit relay

Evil maid / border searches

Boot into forensic distro minutes after use

Boot medium overwritten; RAM zeroed; UEFI variables reset; no BIOS passwords to guess

Compromised firmware (Intel ME, AMD PSP)

Persistent implants below the OS

Bootloader verifies firmware hash on every boot (fails loudly if tampered); optional ME/PSP neutering script

Previous1. IntroductionNext3. Core Principles

Last updated