309 lines
12 KiB
HTML
309 lines
12 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="{{ page.lang | default: site.lang | default: en }}">
|
||
|
||
{%- include head.html -%}
|
||
|
||
<body>
|
||
{%- include header.html -%}
|
||
<div class="vertical-line-container">
|
||
<div class="vertical-line"></div>
|
||
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
<div class="node"></div>
|
||
</div>
|
||
|
||
<div class="container">
|
||
<main>
|
||
<section class="flex-container" style="margin-top: 100px; margin-bottom: 30px">
|
||
<div class="flex-container-inner" style="padding-top: 0px">
|
||
<div class="text-well center">
|
||
<div class="capsule">roadmap</div>
|
||
<br>
|
||
<br>
|
||
<h1 style="height: 310px">building verifiable security without single points of failure</h1>
|
||
<br>
|
||
<br>
|
||
<p class="hero-p center">Most systems today still rely on single individuals or computers, unverifiable software, and opaque processes. We’re redesigning security from the ground up.</p>
|
||
<div class="button-container center">
|
||
<a href="#roadmap" class="mega button">View roadmap</a>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</section>
|
||
|
||
<section style="margin: 200px 0px" class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<h3>creating the building blocks for provable security</h3>
|
||
<p class="hero-p">Modern software systems still rely on trust in individuals—maintainers, IT admins, or third-party providers. But what happens when they are compromised? How do you verify that the software running on your systems hasn’t been tampered with?</p>
|
||
<p class="hero-p">We’ve identified critical missing pieces needed to remove single points of failure at every level. Our approach starts with how source code is managed, how software is built, and the environments in which it runs.</p>
|
||
<p class="hero-p">By combining quorums, applied cryptography, and bit-for-bit reproducibility, we are methodically eliminating trust assumptions, ensuring security isn’t just a claim—it’s provable.</p>
|
||
<a href="#roadmap" class="arrow-link">
|
||
See what we're building
|
||
<span class="arrow">→</span>
|
||
</a>
|
||
</div>
|
||
<div class="flex-container-inner"></div>
|
||
</section>
|
||
<span class="roadmap" id="roadmap">
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://git.distrust.co/public/sourceid" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>SourceId</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-grey">backlog</div>
|
||
</div>
|
||
</div>
|
||
<h5>Problem statement</h5>
|
||
<p>How does one verify that they are building from the source code they intend? What if someone tampered with code that goes into a .tar archive, or pre-compiled a blob of code and included it in the source code (ref to xz backdoor)</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>Standardize code to remove all version control system specific items, leaving only functionality related code and produce a hash based on the tree of all necessary files.</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://git.distrust.co/public/sigrev" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>SigRev</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-grey">backlog</div>
|
||
</div>
|
||
</div>
|
||
|
||
<h5>Problem statement</h5>
|
||
<p>There is a lot of code to review, so instead of manually reviewing all code, we rely on static analysis tools which are prone to missing novel exploits.</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>Create a crowdsourcing framework which makes it easy to publish signed review of code</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://codeberg.org/stagex/stagex" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>StageX</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-green">ready</div>
|
||
</div>
|
||
</div>
|
||
|
||
<h5>Problem statement</h5>
|
||
<p>How does one solve the "Reflections on Trusting Trust" (ref) problem?</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>Bootstrap a compiler in a detrministic manner, then use that compiler to build all packages, reproduce the work on different systems, and cryptoraphically sign resulting hashes.</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://codeberg.org/stagex/repros" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>ReprOS</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-blue">in-progress</div>
|
||
</div>
|
||
</div>
|
||
|
||
<h5>Problem statement</h5>
|
||
<p>How does one create a maximally isolated environment that's ephermeral and allows easy reproduction of software?</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>Create a bare-bones uni-kernel operating system which spins up a new VM for each build, and discards everything afterwards</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://git.distrust.co/public/keyfork" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>Keyfork</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-green">ready</div>
|
||
</div>
|
||
</div>
|
||
<h5>Problem statement</h5>
|
||
<p>Managing cryptographic material can be unwieldy and TODO</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>Create a tool for using a single source of entropy to derive all cryptographic algorithms required</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://git.distrust.co/public/icepick" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>Icepick</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-green">ready</div>
|
||
</div>
|
||
</div>
|
||
<h5>Problem statement</h5>
|
||
<p>How does one perform cryptographic operations in an agnostic fashion while preserving memory boundaries?</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>A framework for rapidly developing applications to perform transfer and staking cryptocurrency operations.</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://git.distrust.co/public/airgap" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>AirgapOS</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-green">ready</div>
|
||
</div>
|
||
</div>
|
||
<h5>Problem statement</h5>
|
||
<p>How does one minimize the surface area for attacks when performing operations in an air-gapped setting?</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>A minimal deterministic unikernel Linux distribution designed for managing secrets offline.</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://git.distrust.co/public/bootproof" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>Bootproof</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-grey">backlog</div>
|
||
</div>
|
||
</div>
|
||
<h5>Problem statement</h5>
|
||
<p>It's difficult to prove that server is running software it claims to</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>Leverage TPM2 to cryptoraphically attest to software that's running on a server</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
|
||
<section class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<a href="https://git.distrust.co/public/enclaveos" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well">
|
||
<div class="roadmap-header">
|
||
<span><h3>EnclaveOS</h3></span>
|
||
<div class="roadmap-header-capsule">
|
||
<div class="capsule-blue">in-progress</div>
|
||
</div>
|
||
</div>
|
||
<h5>Problem statement</h5>
|
||
<p>Creating immutable, deterministic images for use in secure enclaves is challenging</p>
|
||
<br>
|
||
<h5>Solution</h5>
|
||
<p>A minimal, immutable, and deterministic Linux unikernel build system targeting various Trusted Execution Environments for use cases that require high security and accountability.</p>
|
||
<br>
|
||
<p class="learn-more">Learn more</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
</span>
|
||
|
||
<section>
|
||
<h4 style="filter: brightness(50%)">❝Our mission is to use our knowledge to bring open source solutions to the world that improve the security, privacy and freedom of as many individuals as possible. We believe having verifiable foundations that technologies can be built upon are a fundamental step towards improving the well being of our species, and solving the coordination problem.❞<h4>
|
||
</section>
|
||
|
||
<section style="margin-bottom: 0px;" class="flex-container">
|
||
<div class="flex-container-inner">
|
||
<h2 style="height: 180px" class="gradient-text">powered by distrust</h2>
|
||
<p class="hero-p">Companies are already choosing to adopt our methodologies to help secure their systems.<p>
|
||
</div>
|
||
<div class="flex-container-inner"></div>
|
||
</section>
|
||
|
||
<section style="margin-top: 40px;" class="flex-container powered-by">
|
||
<div class="flex-container-inner">
|
||
<a href="https://whitepaper.turnkey.com/foundations#abstract" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well card">
|
||
<h3>Turnkey</h3><p>Using StageX and ReprOS to improve their supply chain security story.</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
<div class="flex-container-inner">
|
||
<a href="https://github.com/MystenLabs/sui/issues/13476" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well card">
|
||
<h3>Mysten Labs</h3>
|
||
<p>The SUI cryptocurrency is leveraging StageX to build their nodes in a deterministic manner in order to eliminate single points of failure.</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
<div class="flex-container-inner">
|
||
<a href="Talos Linux" target="_blank" rel="noopener noreferrer">
|
||
<div class="text-well card">
|
||
<h3>Sidero</h3>
|
||
<p>Using StageX to build their widely used Linux distribution specialized in delivering kubernetes features</p>
|
||
</div>
|
||
</a>
|
||
</div>
|
||
</section>
|
||
<section>
|
||
<h4 class="gradient-text center" style="line-height: 50px; max-width: 600px; margin: auto;">ready to take your security to the next level?</h4>
|
||
<div class="button-container center">
|
||
<a href="/contact.html" class="mega button">Work with us</a>
|
||
</div>
|
||
</section>
|
||
|
||
</main>
|
||
|
||
{%- include footer.html -%}
|
||
|
||
</div>
|
||
</body>
|
||
|
||
</html>
|