THE ARCHITECTURE

Five primitives.
One uncontested category.

AEREDIUM is the privacy-preserving chain of record for institutional digital-asset settlement. EVM-compatible Layer 1, 50 blocks per second at 250,000 TPS end-to-end, signed entirely by hardware-attested enclaves. Every property institutional finance requires — confidentiality, regulator-defensibility, operator-neutrality, AI-era structural defence — falls out of the same five primitives.

LISTEN · THE THESIS · 3:04

Why AEREDIUM exists.

The architecture, in three minutes · 0:00 / 3:04

NARRATED

END-TO-END TPS

250,000

measured · testnet

BLOCKS / SECOND

20ms block time

EXECUTION LAYER

EVM

Solidity · unchanged

HUMAN VALIDATORS

enclaves only

THE STACK

How the layers compose.

AEREDIUM is built as five stacked layers. The execution layer is unmodified EVM so existing Solidity tooling — Foundry, Hardhat, MetaMask — works without changes. Beneath it, four AEREDIUM-specific layers do the work that public chains and traditional infrastructure cannot do together.

Execution Layer — EVM

Unmodified EVM. Solidity, Foundry, Hardhat, MetaMask work without changes.

Bank Connectivity — AERLink

Bank APIs, ERPs, SWIFT, card networks. Reached only by consensus event.

Privacy Layer — Privacy Mode

Amounts, counterparties, tokens encrypted at protocol level. Visible only to authorised readers.

Threshold Signing — AERKey

TEE-attested threshold ECDSA across multiple clouds. Keys never assembled in any single place.

Consensus & Verifiability

TEE-BFT consensus with hardware attestation. Bitcoin-anchored. No human can sign a block.

Each layer is a primitive on its own terms — useful in isolation, patentable separately. What makes the architecture an uncontested category is how they compose. Threshold signing gives the chain its zero-human-validator property. Bank connectivity gives it composable settlement with traditional finance. Privacy gives it institutional confidentiality. Cross-chain settlement (the Trans Layer) lets value move between ecosystems without bridges. Verifiability ties the whole thing back to attested hardware.

THE FIVE PRIMITIVES

Each one, in depth.

Three are patent-protected by filed USPTO applications. All five are documented in the v3.7 white paper with the engineering measurements that validate their performance under production parameters.

PRIMITIVE 01

AERKey

Threshold trust

USPTO 63/977,868

What it does

AERKey is a threshold ECDSA implementation that splits every signing key across multiple parties running inside Trusted Execution Environments, on three different cloud providers, in three different geographic regions. To produce a signature, a threshold of parties — never all of them, never any one alone — must collaborate. The private key as a single object never exists in memory anywhere, ever, including at the moment of signing.

Why it matters

This is the foundation of the chain's "zero human validators" property. Every block on AEREDIUM is signed by a threshold of TEE-attested signers — not by a person, not by a multi-sig of people, not by a stake-weighted validator who could be coerced. The signing authority is mathematically distributed across hardware-attested code running in mutually-distrusting clouds. To compromise a block signature, an attacker would need to simultaneously compromise hardware attestation across multiple independent cloud providers — a coordinated multi-jurisdictional attack that is not a realistic adversary model.

Measured performance: 13,254 TPM per signing group on the fast path, validated on a live production cluster. Linear scalability across signing groups, with each group operating independently. Documented in §6 and §13 of the v3.7 white paper.

PRIMITIVE 02

Trans Layer

Bridgeless cross-chain

What it does

The Trans Layer settles value between AEREDIUM and external chains — Ethereum, Bitcoin, Solana, Polygon — without a bridge in the classical sense. Cross-chain operations are signed by the same threshold that signs blocks on AEREDIUM itself. No separate verifier set. No multi-sig of human signers. No oracle network attesting to events.

Why it matters

$1.04 billion was stolen from public blockchains in 2026 — the overwhelming majority through bridge attacks (KelpDAO via LayerZero alone: $290M). Every bridge is a verifier set that can be compromised; the attacker who compromises the verifier set drains the assets. The Trans Layer removes this primitive vulnerability by making cross-chain operations a consequence of the same TEE-attested threshold that produces blocks. Finding the bug doesn't drain the keys, because there are no keys to drain — only a threshold of attested signers that must continue agreeing.

Comparison: Where LayerZero, Wormhole, and Axelar rely on additionally-trusted verifier sets, the Trans Layer reuses the chain's own consensus as the cross-chain attestation. One trust assumption, not two. Bitcoin-anchored periodically for additional finality.

PRIMITIVE 03

AERLink

Bank-rail connectivity

NEW IN v3.7

USPTO 09857-P0001A

What it does

AERLink is threshold-governed access to traditional bank rails — bank APIs, ERPs, SWIFT, card networks. The bank's existing API stays exactly as it is. The credentials needed to call it live inside an attested enclave called DACA. The only thing in the universe that can invoke those credentials is a consensus event on AEREDIUM.

Why it matters

Every previous attempt to connect blockchains to banks required one of three concessions: the bank rebuilds around blockchain infrastructure, an oracle network attests to off-chain events, or a custodial intermediary holds the credentials. AERLink requires none of them. The bank changes nothing. No oracle network exists between the chain and the bank API — one in-band call, no LINK, no DON, no separately-trusted layer. And the bank-rail payment is composable as one leg of a multi-leg AEREDIUM transaction, atomic with the rest.

Five-step flow: Transaction submitted on AEREDIUM → AERKey threshold signs → DACA enclave verifies the consensus event and calls the bank API → Bank API executes unchanged → Response returns TEE-signed. The bank never sees blockchain logic; AEREDIUM never sees bare credentials.

PRIMITIVE 04

Privacy Mode

Encrypted by default

What it does

Transaction amounts, counterparties, and token identities are encrypted at the protocol level. The chain still produces a tamper-evident ledger of every transaction, but the content of those transactions is readable only by authorised parties — the counterparties themselves, designated auditors, and regulators with appropriate keys. Validators see encrypted blobs they cannot decrypt.

Why it matters

Institutional finance cannot operate on transparent public chains. A bank's settlement flows are not for public view; a corporate treasury's counterparty relationships are not competitive intelligence to give away; a fund's positions are not public data. Privacy is not optional for institutional adoption — it's the precondition. AEREDIUM provides confidentiality by default while preserving the verifiability properties of a public ledger for the parties who need to see in.

Selective disclosure: Authorised readers receive cryptographic capabilities — not bulk database dumps. An auditor can verify a counterparty's exposure without seeing their counterparty's other transactions. A regulator can verify a sanctions check passed without seeing the underlying details. Read access is granular, revocable, and auditable.

PRIMITIVE 05

Verifiable Infrastructure

Zero human validators

What it does

The consensus mechanism is TEE-BFT: Byzantine Fault Tolerant agreement among Trusted Execution Environment-attested validators. Each validator runs as code inside an enclave on one of multiple independent cloud providers that produces a cryptographic attestation of what code it is running. Validators are not people running software; they are attested instances of a specific binary, identified by the hash of their code.

Why it matters

Public chains delegate trust to stake-weighted validators — people, ultimately. AEREDIUM delegates it to attested code, verifiable against a public list of approved code hashes. No human can sign a block. No validator can be bribed, coerced, or socially engineered into a malicious signature, because the signing role is held by attested binaries, not by accounts. A validator that diverges from the canonical binary fails attestation; its signature is invalid; consensus rejects it.

Bitcoin-anchored finality: Block hashes are periodically committed to the Bitcoin blockchain, giving AEREDIUM blocks the additional finality of the most-attacked chain in history. Even if AEREDIUM's own consensus were somehow subverted, rewriting history would also require rewriting Bitcoin's. The cost is the cost of attacking Bitcoin.

The properties of the chain are the properties of the composition.

None of these primitives, alone, would be enough. Threshold signing without privacy is more secure but still publicly transparent. Privacy without verifiability is just encryption on top of a chain you can't trust. Bank connectivity without threshold signing is a custodian by another name. The category — privacy-preserving chain of record for institutional digital-asset settlement — exists only when all five are present at once.

This is the architectural thesis of AEREDIUM, documented across §1 through §13 of the v3.7 white paper and protected by three filed patents.

AERKEY + TRANS LAYER + AERLINK + PRIVACY + VERIFIABLE = THE TRUST LAYER

Go deeper.

The v3.7 white paper is the authoritative document — 41 pages, sixteen sections, the complete technical specification.

Download v3.7 PDF Read on web Build on it ↗ Talk to us

Five primitives.One uncontested category.

How the layers compose.

Each one, in depth.

What it does

Why it matters

What it does

Why it matters

What it does

Why it matters

What it does

Why it matters

What it does

Why it matters

The properties of the chain are the properties of the composition.

Go deeper.

Five primitives.
One uncontested category.