Security
Security Overview Comprehensive security architecture for LX - threat models, defense layers, and security principles
LX implements defense-in-depth security across all layers, combining classical cryptography with post-quantum algorithms to protect against both current and future threats.
LX security follows three core principles:
Defense in Depth : Multiple independent security layersZero Trust : Verify everything, trust nothingQuantum Readiness : Post-quantum cryptography throughout
Adversary Class Capabilities Mitigation Script Kiddie Public exploits, automated tools Rate limiting, input validation Sophisticated Hacker Zero-days, targeted attacks Bug bounty, security audits Nation State Quantum computers, unlimited resources Post-quantum cryptography Malicious Insider Physical access, credentials MPC, HSM, audit logging Colluding Validators Up to t-1 of n validators Threshold signatures (t-of-n)
┌─────────────────────────────────────────────────────────────────┐ │ ATTACK SURFACE MAP │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ Network Layer │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ DDoS │ MITM │ Replay │ Sybil │ Eclipse │ │ │ │ ──────────────────────────────────────────────────────│ │ │ │ Mitigations: Rate limiting, TLS 1.3, Nonces, PoS │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ │ Application Layer │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ Injection │ XSS │ CSRF │ Auth Bypass │ Logic Bugs │ │ │ │ ──────────────────────────────────────────────────────│ │ │ │ Mitigations: Input validation, CSP, HMAC, Audits │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ │ Smart Contract Layer │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ Reentrancy │ Overflow │ Flash Loans │ Oracle Manip │ │ │ │ ──────────────────────────────────────────────────────│ │ │ │ Mitigations: CEI, SafeMath, TWAP, Chainlink │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ │ Cryptographic Layer │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ Key Extraction │ Side Channel │ Quantum Attack │ │ │ │ ──────────────────────────────────────────────────────│ │ │ │ Mitigations: HSM, Constant-time, Dilithium/Kyber │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────┘
TLS 1.3 mandatory for all connectionsQZMQ post-quantum secure messaging between nodesRate limiting per IP, per API key, per accountDDoS protection via Cloudflare and in-house mitigationFirewall rules with default-deny policy
API Keys with HMAC-SHA512 signaturesJWT tokens with short expiry and refresh rotationEd25519/Dilithium signatures for trading operationsRole-based access control (RBAC) with least privilegeMulti-factor authentication for sensitive operations
Hybrid signatures : Ed25519 (classical) + Dilithium (post-quantum)Hybrid encryption : X25519 (classical) + Kyber (post-quantum)Threshold signatures : t-of-n MPC for hot walletsHardware Security Modules for cold storage
Formal verification of critical contractsMultiple audits from top security firmsTimelock governance for upgradesCircuit breakers for anomaly detectionBug bounty up to $1M for critical vulnerabilities
Immutable audit logs on-chain24/7 monitoring with anomaly detectionIncident response with defined playbooksRegular penetration testing Employee security training
Algorithm Type Security Level Use Case Ed25519 Classical 128-bit Fast verification Dilithium-3 Post-Quantum 192-bit (NIST Level 3) Quantum resistance BLS12-381 Pairing 128-bit Aggregate signatures Ringtail Lattice 128-256 bit Threshold signatures
Algorithm Type Security Level Use Case AES-256-GCM Symmetric 256-bit Data at rest ChaCha20-Poly1305 Symmetric 256-bit Data in transit X25519 Classical KEM 128-bit Key exchange Kyber-768 Post-Quantum KEM 192-bit Quantum-safe exchange
Algorithm Output Size Use Case SHA3-256 256 bits General hashing BLAKE3 256 bits High-performance Keccak-256 256 bits EVM compatibility SHAKE256 Variable Extendable output
┌─────────────────────────────────────────────────────────────────┐ │ SECURITY ZONES │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ Zone 0: Air-Gapped (Cold Storage) │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ HSM │ Cold Wallets │ Recovery Keys │ MPC Key Shares │ │ │ │ Access: Physical only, multi-party authorization │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ │ Zone 1: Restricted (Hot Wallets) │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ Threshold Wallets │ Signing Servers │ Key Management │ │ │ │ Access: MPC only, no single party can sign │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ │ Zone 2: Internal (Backend Services) │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ Matching Engine │ Database │ Settlement │ Risk Engine │ │ │ │ Access: Service accounts, mutual TLS │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ │ Zone 3: DMZ (Public APIs) │ │ ┌─────────────────────────────────────────────────────────┐ │ │ │ REST API │ WebSocket │ gRPC │ Rate Limiters │ │ │ │ Access: Authenticated users, rate limited │ │ │ └─────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────┘ Metric Value Target Security Audits 4 completed Quarterly Bug Bounty Payouts $125K total Ongoing Critical Vulnerabilities 0 open 0 Mean Time to Patch 4 hours < 24 hours Uptime 99.97% 99.9% Failed Login Attempts Blocked 2.3M/day N/A DDoS Attacks Mitigated 47 YTD N/A
Real-time security metrics available at:
Internal: https: //security.internal.lux.network
Public status: https: //status.lux.network