Security Properties

This section summarizes the security properties provided by KnoxNet under the assumptions described in previous sections. These guarantees arise from the combination of offline execution, encrypted settlement, and deterministic reconciliation, rather than from any single cryptographic primitive.

9.1 Supply Safety

KnoxNet guarantees global supply safety of the native asset $KNX.

At all times, the total value of circulating $KNX across both offline notes and on-chain balances is bounded by authorized issuance and escrowed value on the KnoxNet Layer 1 ledger. Offline execution cannot introduce inflation, as all offline notes are cryptographically authorized by the ledger and reconciliation enforces conservation constraints.

Any attempt to exceed issuance limits or redeem unauthorized value is deterministically rejected during settlement.

9.2 Authorization and Ownership Safety

Only the legitimate owner of an offline note can authorize its transfer.

This guarantee follows from the unforgeability of digital signatures and the binding of note ownership to user public keys. Unauthorized transfers, note forgery, or reassignment without the corresponding private key are rejected during offline execution or reconciliation.

9.3 Double-Spend Detectability

KnoxNet guarantees eventual detection of all double-spends.

Because offline note identifiers are globally unique and enforced during reconciliation, any attempt to consume the same note in multiple conflicting histories results in a deterministic contradiction. Such contradictions are exposed through fraud proofs and do not rely on probabilistic detection, timing assumptions, or honest majority assumptions.

9.4 Bounded Economic Risk

Offline execution introduces bounded risk rather than systemic vulnerability.

The maximum value that can be misused by a participant is strictly limited by the amount of $KNX they have escrowed on the Layer 1 ledger. Upon detection of misbehavior, penalties are applied by slashing the associated escrow. This ensures that adversarial actions cannot cause unbounded loss or compromise the system's integrity.

9.5 Privacy Guarantees

KnoxNet provides privacy guarantees at both the execution and settlement layers.

During execution, transactions occur locally without global broadcast, preventing continuous network-level observability and metadata leakage. During settlement, encrypted enforcement ensures that transaction amounts, balances, and detailed accounting flows are not revealed to validators or observers.

While KnoxNet does not claim absolute anonymity, it significantly reduces observability compared to always-online systems by eliminating real-time exposure and minimizing settlement disclosure.

9.6 Eventual Correctness and Finality

KnoxNet guarantees eventual correctness.

All valid offline executions are eventually reflected in global state through reconciliation. All invalid or conflicting executions are inevitably detected and penalized. Finality is deferred rather than immediate, but correctness is guaranteed under the protocol's assumptions.

9.7 Assumptions and Scope

These guarantees hold under standard cryptographic assumptions, including secure digital signatures and encryption schemes, and assume that participants eventually reconnect for reconciliation.

KnoxNet does not assume trusted hardware, continuous connectivity, or honest-majority behavior during offline execution. Security derives from economic containment and deterministic verification rather than from real-time consensus.