*note: this is intended as an overview for readers unfamiliar with the problem space. Technical readers will feel as if we are leaving out all the important bits.
Sovereign is a public-goods program to build a secure, open, and verifiable chip for confidential computation.
Today's secure hardware requires trust in opaque systems controlled by a handful of corporations. Sovereign addresses this by making computation verifiable at the hardware level, enabling security properties to be independently examined, tested, and falsified rather than assumed.
Openness Sovereign will achieve an radical and unprecedented level of openness for performant silicon. Enabled by access to a custom cell library, IP developed under Sovereign can be made public down to abstracted physical and timing artifacts. In so doing, Sovereign allows for new degrees of verification.
Architecture. Sovereign targets a differentially hardened architecture that occupies multiple points in the security/performance tradeoff space. This allows physical protections to be applied for high-security workloads while preserving performance for workloads that do not require the same level of hardening.
Where we are now. Sovereign is about to begin a feasibility study that will partially implement core IP, map the tradeoff space across performance, security, and cost dimensions, and establish a path forward with concrete timelines, budgets, and performance targets. This study is designed to produce valuable open-source artifacts regardless of subsequent decisions.
How the program de-risks. Sovereign is structured for progressive de-risking: discrete funding tranches are tied to specific deliverables, each independently valuable. Feasibility work, empirical security evaluation, reusable IP blocks, and test chips each represent meaningful contributions to the field whether or not later phases proceed.
The full program is estimated to span approximately 3 years with a total budget of $20–30M. The first phase of funding will deploy $5m (Feasibility study + one research prototype project, “SignOra”). We have received partial funding and will initiate SignOra ($1.5M) once this is processed.
Modern computing infrastructure underpins systems whose failure modes have increasingly severe consequences: large-scale AI deployment, cryptographic financial systems, safety-critical cyber-physical devices, and globally networked services.
Worryingly, the world of secure hardware is built upon heavy trust assumptions. A small number of firms have control over opaque silicon and firmware that underlie vast portions of our compute infrastructure, while a long tail of subcontractors, tooling vendors, and intermediaries introduces additional attack surface along the supply chain. Subtle modifications can be widely impactful and extraordinarily difficult to detect after the fact.
Meanwhile, access to sophisticated physical and microarchitectural attack techniques is no longer limited to niche actors. Well-resourced adversaries can bypass many defenses that rely implicitly on obscurity, while broader communities lack the ability to verify security measures at all. In other cases, hyperscalars become the trusted actors who have physical access to vulnerable machines. This asymmetry embeds a few powerful actors as trusted by default.
Sovereign is motivated by the view that secure hardware must be verifiable by design. Security should not depend on secrecy of implementation or institutional trust, but on openness, evidence, and the ability for independent parties to evaluate whether systems behave as advertised.
This section provides an at-a-glance technical overview. A more detailed architectural description appears in Section 6.