Security Innovation Analysis

Kairos Lab.
Security research laboratory

We investigate emerging attack surfaces in cryptographic protocols, AI agent runtimes, and decentralised finance β€” then build the tooling to close them.

Our work β†’ Request an audit
THE KAIROS STACK

Seven surfaces. One kernel.

Each project isolates a distinct attack surface. They share one research philosophy: every claim must be cryptographically verifiable.

Language Design ALPHA
Covenant Lang
Declarative smart contract language with FHE, ZK proofs, post-quantum signatures, and cryptographic amnesia as first-class language primitives.
Explore Covenant→
L0FORTRESSML-DSA Β· signingERC-8227
L1VEILZK Β· Ο€(witness)ERC-8228
L2PRISMFHE Β· Enc(state)ERC-8229
L3OBLIVIONTTL Β· expires(30d)ERC-8231
TX Β· 0x4a3f
Ethereum Standards EIP AUTHOR
STYX Protocol
Four officially numbered EIPs shipping post-quantum cryptography, fully homomorphic encryption, and cryptographic amnesia to Ethereum.
Explore STYX→
ALICE
βš™
CK:0x4a3f…
β†’
←
Double Ratchet
ML-KEM-768
BOB
βš™
CK:0x8c2e…
Secure Messaging LIVE
AEGIS Protocol
Post-quantum hardened messenger: Double Ratchet algorithm, ML-KEM-768 key encapsulation, and social recovery built into the protocol layer.
Explore AEGIS→
MEMPOOL 0 pending
⟢
BLOCKS #4218441
Block Explorer PRODUCTION
AsterScan
First independent block explorer for Aster Chain. Real-time transaction lookup, validator health monitoring, and a full staking dashboard.
Explore AsterScan→
KIP Β· stealth middleware LIVE
β€” BANNED 30:00
Stealth Middleware OPEN SOURCE
Kairos Invisible
Express security middleware that makes APIs invisible to attackers. Indistinguishable 404s with timing jitter, honeypot traps, anti-enumeration, IP banning after 3 strikes β€” scanners can't find what they can't see.
Explore KIP→
Kairos Shield Β· runtime ACTIVE
Runtime Firewall PRODUCTION
Kairos Shield
Application-layer firewall with rate-shield, circuit-breaker, and anomaly detector. Enforces invariants at runtime before execution.
Explore Shield→
πŸ“±
Device
bound
🎲
Challenge
nonce
πŸ”‘
WebAuthn
sign
πŸ”’
ZK
attest
⚑
ML-DSA
sign
βœ“
Session
bound
waiting for device...
Identity TESTNET
KairosAuth
Passwordless authentication combining WebAuthn hardware binding, zero-knowledge proofs, and post-quantum signature schemes. Every login produces a portable cryptographic receipt.
Explore KairosAuth→
RESEARCH

STYX. Four EIPs. One standard.

Kairos Lab authored four official Ethereum Improvement Proposals to ship post-quantum cryptography, FHE, and cryptographic amnesia to the Ethereum protocol. Rare for a solo researcher.

ERC-8227 Β· STYX L0
FORTRESS
Post-Quantum Base Layer
ML-KEM-768, ML-DSA-87, SLH-DSA integration at the Ethereum account model level. Quantum-resistant key derivation and signature verification as native opcodes.
OFFICIALLY NUMBERED
ERC-8228 Β· STYX L1
VEIL
Zero-Knowledge Proof Layer
Native ZK proof verification in EVM. Circuits run inside the protocol without external verifier contracts β€” reducing gas cost by 40-60x for typical use cases.
OFFICIALLY NUMBERED
ERC-8229 Β· STYX L2
PRISM
Fully Homomorphic Encryption
FHE computation layer for Ethereum: execute functions on encrypted state. Privacy-preserving smart contracts without trusted execution environments.
OFFICIALLY NUMBERED
ERC-8231 Β· STYX L3
OBLIVION
Cryptographic Amnesia
Protocol-level data expiry. State commitments that automatically become inaccessible after a TTL β€” enabling GDPR compliance at the EVM layer.
OFFICIALLY NUMBERED
ASTER ECOSYSTEM

Deep expertise
in the Aster chain.

Kairos Lab is one of the most active independent contributors to the Aster ecosystem β€” from building its first block explorer and validator dashboards to shipping open-source developer tooling and continuous security research.

Block explorer Staking dashboard MCP toolkit Validator monitoring Security research
⬑
AsterScan
First independent block explorer for Aster Chain. Live transaction lookup, validator health grid, and a full staking dashboard β€” built from scratch by Kairos Lab.
PRODUCTION Β· LIVE
⌘
Open Source Toolkit
Public tooling shipped for the Aster ecosystem β€” connectors, MCP servers, validator dashboards, and developer skills hubs. Every line of infrastructure built in the open, fully auditable.
OPEN SOURCE Β· MAINTAINED
AUDIT SERVICES

We audit because
we attack.

Security audits at Kairos Lab are an extension of our research practice β€” not a separate service line. We engage as adversaries first, auditors second.

Smart Contract Audit Solidity Β· Vyper Β· EVM
Protocol Security Review DeFi Β· Bridges Β· L2
Application Pentest API Β· OIDC Β· Web
Cryptographic Review ZK Β· PQ Β· Key management
Engagement playbook 10-day cycle
01ReconThreat model + attack surface mappingDay 1-2
02ReviewManual code review + adversarial walkthroughDay 3-5
03FuzzInvariant testing + property-based fuzzingDay 6-7
04PoCReproducible exploits for every issueDay 8
05ReportExecutive summary + remediation playbookDay 9-10
06Free30-day re-audit window after patchesIncluded
Smart contracts Β· Protocols Β· Apps Β· Cryptography Request engagement β†’
PHILOSOPHY

Seven invariants.

Every Kairos project is evaluated against these seven properties. They are not guidelines β€” they are hard requirements. Violation halts execution.

INV-1
Input-bound
Every action is cryptographically bound to an explicit, auditable input set.
INV-2
Signed execution
No code path executes without a verifiable signature from an authorised key.
INV-3
Replay-proof
Each proof carries a unique nonce. Replayed proofs are rejected at the verifier layer.
INV-4
Time-bound
Proofs expire. No credential is valid indefinitely β€” TTL is a first-class primitive.
INV-5
Quorum-witnessed
Critical operations require independent witness signatures from multiple validators.
INV-6
Append-only log
All state transitions are logged to an immutable, publicly verifiable Merkle structure.
INV-7
PQ-safe
All cryptographic primitives are post-quantum safe: ML-KEM, ML-DSA, SLH-DSA.

Let's talk.

Whether you need a security audit, want to collaborate on research, or are building something where the stakes are high β€” reach out directly.

Email
admin@kairos-lab.org
β†’
X / Twitter
@Valisthea
β†’
Security engagement
Request an audit β†’
β†’
Tweaks Γ—
Hero accent
Cyan
Purple
Red
Green
Density
Comfortable
Compact