ONE WORLD
ONE ECONOMY
ONE LEDGER

Scroll to Explore

Engine

Hyperledger Iroha v3 Core

The engine at the centre of SORA Nexus: one shared state machine for the whole network.

Under the hood SORA Nexus is one big shared state machine. Hyperledger Iroha v3 defines the rules for how that state can change, so that if two honest validators see the same inputs in the same order, they always compute exactly the same result.

The Iroha Virtual Machine (IVM) is the calculator that applies those rules. It runs small programs and turns their effects into simple, well-defined updates to accounts, assets, and other on-chain objects.

Instead of letting programs poke at raw bytes, IVM uses typed pointers for things like accounts, assets, and data spaces. If a program tries to use an invalid pointer, execution stops in a clean, predictable way rather than corrupting state.

The VM avoids sources of disagreement: no floating-point arithmetic, no “read the local clock” syscalls, and no hidden side effects. Optional GPU or SIMD acceleration is allowed, but it must produce exactly the same answer, bit-for-bit, as the scalar CPU path.

Every execution can produce receipts and Merkle hashes that tie it back to the underlying state. This makes it possible to replay and audit what happened long after the fact, which is critical for regulated deployments.

Cryptography choices, allowed syscalls, and admission rules are all driven by configuration that is itself governed on-chain. Upgrades mean changing configuration and binaries in a controlled way, not spinning up a new forked chain.

Pointer ABI

Stable handles for AccountId, AssetId, and DataSpaceId keep cross-domain calls safe.

Norito Envelopes

Structured TLV inputs catch malformed payloads before a single instruction runs.

Audit Receipts

Merkle-backed IVM receipts mirror the whitepaper's "deterministic replay" stance.

The Iroha Virtual Machine (IVM) runs Kotodama programs and updates the blockchain state.

256 x 64-bit

Registers

Zeroed r0 + deterministic trapping on misfetch

16 / 32-bit

Opcode Width

Mixed encoding with strict alignment

Versioned

Syscalls

Explicit gas + UnknownSyscall rejection

Finality

Sumeragi Consensus

How validators agree on one history and never quietly rewrite it.

Consensus is the part of the system that decides which block of transactions becomes the next block in the chain. Sumeragi is a Byzantine-fault-tolerant protocol, meaning it keeps working correctly even if some validators are offline or actively misbehaving.

For each lane there is a small committee of N validators. Sumeragi is designed so that the system stays safe as long as fewer than a third of them are faulty. In simple math, N = 3f + 1 and each block needs at least 2f + 1 signatures, which guarantees that two different blocks cannot both be final.

Leaders take turns proposing blocks using a deterministic rotation. Each proposal must extend the currently “locked” tip of the chain. Validators only vote for blocks that build on their latest lock, which stops the network from accidentally rolling back to an older fork.

In normal conditions a non-empty block in a lane becomes final in about one second, and the commit window is bounded to a couple of slots. For users this feels like an instant payment system, not a probabilistic lottery that might take minutes to settle.

Permissioned deployments can run Sumeragi over a fixed set of known validators. Stake-based networks can instead select committees with a verifiable random function (VRF) so that larger stakers participate more often, while preserving the same safety math.

Fairness is handled by a Start-Time Fair Queuing scheduler. Each data space gets a minimum share of block capacity, and circuit breakers can temporarily tighten those limits if finality or data-availability checks start to fall behind.

Locking Rule

New blocks must extend the most recently confirmed chain tip; ancestry is checked before voting.

Bounded Windows

Commit deadlines are sized so finality stays within a couple of slots even when the network is busy.

PQ Certificates

Signatures are designed to stay secure even in a post-quantum world.

Deterministic leader rotation and orbiting lanes converge into a single canonical chain.

~1 s

Finality

Per-lane with Delta <= 2 slots

3f + 1

Committee

QC needs >= 2f + 1 signatures

VRF-ready

Selection

NPoS sampling with stake thresholds

Primitives

Iroha Special Instructions

The built-in operations that snap together into fast, safe programs.

Iroha Special Instructions (ISIs) are the verbs of the system: create an account, mint or burn an asset, transfer value between accounts, grant or revoke a permission, and so on.

Every transaction is simply an ordered list of ISIs. Validators check that each instruction is authorised and well-formed, then apply them one by one to update the world state.

Because ISIs are defined once in the protocol and reused everywhere, applications do not need to re-implement the same logic in custom contract code. That removes a whole class of subtle bugs where two teams interpret a rule slightly differently.

From a mathematical point of view, you can think of the instruction set as a small, controlled collection of transformations. All allowed state changes are built by combining these basic moves in different sequences.

For operators and auditors this makes reasoning far easier: instead of reading thousands of lines of ad-hoc smart contract code, they can look at a short list of well-specified instructions and see exactly what a transaction does.

Curated Primitives

Composability

Programs express behavior by chaining clear, reusable instructions instead of touching low-level storage.

Auditable Surface

One shared implementation per instruction, fixed once for the whole network.

Built-in ISIs snapping together like blocks to form higher-level programs.

Finite

Instruction Set

Governed catalog of ledger operations

Instruction sequences

Mutation Style

Every state change is described as a readable list of steps

Additive

Upgrade Path

New powers arrive as new instructions under governance

Codec

Norito Codec

One self-describing codec for encoding, compressing, and streaming ledger data.

Norito is the single serialization format used by SORA Nexus. Transactions, blocks, proofs, governance messages, and even configuration all use the same language on the wire.

Conceptually, a Norito payload is a sequence of type-length-value items. The type says what kind of thing this is (for example an account identifier or an amount), the length tells you how many bytes to read, and the value contains the bytes themselves.

Because the types are explicit, the same Norito definitions can generate both an efficient binary encoding and a human-readable JSON view. Different clients do not have to guess how to interpret a field; they all follow the same schema.

Pointer-ABI types such as AccountId, AssetDefinitionId, and DataSpaceId are built directly on top of Norito. If a payload has the wrong size or checksum, decoding fails before the virtual machine even starts to execute the transaction.

Blocks are stored and distributed as SignedBlockWire structures, which are just Norito objects with a version header and a signature wrapper. Tools can process the ledger as a stream of well-typed messages instead of opaque blobs.

Norito itself evolves under governance. Headers carry version information, and new message types or fields are introduced in a controlled way, with the active schemas anchored on-ledger rather than hidden in client libraries.

Single Codec

Transactions, blocks, proofs, and streams all share Norito.

Binary + JSON

Efficient binary encoding with consistent human readable views.

Streaming Ready

Same framing used for live feeds and snapshot downloads.

Norito codec: one self-describing format for encoding, compression, and streaming of ledger data.

u16

Pointer IDs

Stable AccountId, AssetId, DataSpaceId

TLV

Format

Type-length-value envelopes for inputs and receipts

SignedBlockWire

Transport

Blocks and streams share the same framing

Contracts

Kotodama Programs

Deterministic bytecode that lets policy makers and builders express logic safely.

Kotodama is the high-level language for writing smart contracts on SORA Nexus. Developers write normal, structured code; the Kotodama compiler turns it into IVM bytecode files (.to) that validators can execute.

Each compiled Kotodama artifact carries a header that describes which ABI version it expects, which syscalls it may use, and an upper bound on how many VM cycles it is allowed to consume. Validators check this header before the program ever runs.

Inputs arrive as Norito envelopes and are exposed to programs via typed pointers rather than raw memory. That prevents common bugs such as treating an account ID as an amount, or mis-parsing an arbitrary byte blob as a valid proof.

When a Kotodama program needs to interact with the host, it uses explicit, numbered syscalls. If the program calls a syscall that is not supported in the current runtime, the call simply fails in a deterministic way instead of falling back to legacy or undefined behaviour.

The combination of a high-level language, declarative headers, and a deterministic VM gives both builders and regulators strong guarantees. If needed, execution traces can be tied back to Merkle-backed receipts and examined down to the register level.

Bounded Execution

max_cycles, feature bits, and abi_version baked into headers.

Safe Interop

Typed pointers govern cross-data-space calls.

Hardware Neutral

Scalar/GPU/SIMD paths must match bit-for-bit.

Kotodama bytecode carved for determinism and policy-aware execution.

16/32-bit

Opcodes

Wide formats with strict alignment

Versioned

Syscalls

8-bit IDs with audited gas tables

Merkle-backed

Receipts

Deterministic replay for auditors

Automation

On-Chain Automation

Rules that live in the ledger itself instead of on someone else's server.

Many blockchain applications today depend on off-chain “bots” or cron jobs that watch the ledger and submit follow-up transactions. If those bots fail or are captured, the application quietly stops behaving correctly.

Triggers move that automation into the ledger itself. A trigger is a small on-chain rule that says “when this condition is true, run this action”. The action executes as part of the normal block-processing pipeline.

Conditions can be based on time (for example every 24 hours), block height, specific events (such as an asset mint), or more complex predicates. Actions are sequences of ISIs or Kotodama calls and run under a specific authority account.

Each trigger carries a budget in transfer-equivalent units (TEU) and fees, so that even a misconfigured trigger cannot consume an unbounded amount of resources or spam the network.

Because triggers are stored in world state and replicated across validators, there is no hidden off-chain logic that only some parties control. Governance can inspect, update, or remove triggers just like any other on-chain object.

Deterministic Scheduling

Time, block-height, or event predicates fire under SUMERAGI fairness.

Policy First

Budgets and fee payers are encoded; violators are rejected at admission.

Native UX

No off-chain bots - automation is part of the ledger fabric.

Triggers allow for automated actions executed based on time or events.

TEU + fee caps

Budgeting

Bounded execution per trigger

Kotodama

Handlers

IVM bytecode with pointer ABI inputs

Deterministic

Replay

Triggers replicated across validators

Topology

Sovereign Data Spaces

How one network can host very different kinds of applications without mixing their secrets.

SORA Nexus presents itself as one global ledger, but different organisations and jurisdictions often need to keep their data separate. Data spaces are how the ledger gives each of them their own “room” while still staying on a single network.

A data space is a first-class partition of the ledger with its own policies, validator set, and routing rules. Private data spaces are permissioned: only authorised participants can see the contents, while still sharing the same underlying engine and unified address space.

Public data spaces are open to anyone, but they follow the same deterministic scheduling and data-availability rules. This allows open innovation without sacrificing predictable performance or auditability.

Every data space emits a compact summary each slot: state roots, data-availability commitments, and (for private spaces) attestation certificates. Gateways read a shared directory so they can route user requests to the correct data space without guessing.

When one data space needs to interact with another, the call is explicit and governed. Policies decide what information can cross the boundary, and hashes and proofs let one space trust the outcome of another without seeing raw private transactions.

Space Directory

A registry that maps each data space to its routing rules, governance, and admission policies.

Privacy by Construction

Artifacts are proven without revealing payloads; cross-space calls are explicit.

Governed Parameters

Configuration, not hidden environment toggles, drives production behavior.

Shrine gates between sovereign domains - open where allowed, sealed where required.

Private + Public

Domains

Shared address space with explicit routing

ML-DSA-87

Attestations

DA samples on public DS, bonded certs on private

iroha_config

Policy

Versioned parameter sets + DS creation manifests

Throughput

Lanes + Merge Ledger

Parallel roads for transactions that still lead to one agreed-upon history.

To support many applications at once without letting the busiest ones crowd everyone else out, SORA Nexus processes work in several parallel lanes. Each lane handles a subset of data-space activity in its own sequence of blocks.

Above the lanes sits a very small merge ledger whose only job is to decide in which order lane tips appear in the global history. It never rewrites what happened inside a lane; it only weaves the lane blocks together into one canonical chain.

The mapping from data spaces to lanes is deterministic. A simple hashing rule makes sure that every node always sends work for a given data space to the same lane, before and after any changes in the number of lanes.

When traffic is light, lanes can fuse into a single pipeline. This reduces communication overhead and keeps latency low. As demand grows, the system can split back into multiple lanes, increasing throughput without changing what users see.

Each lane has a budget expressed in transfer-equivalent units (TEU) per second — roughly the cost of a simple token transfer. Circuit breakers watch metrics like finality time and data-availability failures and can temporarily tighten these budgets to keep the network healthy.

Deterministic Mapping

A simple, predictable rule sends each piece of work to the same lane on every node.

Must-Serve Slice

Every active data space gets a guaranteed share of block space within a bounded time.

Circuit Breakers

Automatic caps tighten limits when latency or data availability drift from targets.

Whitepaper multilane architecture: lanes converge into a merge ledger without rewriting history.

20k TEU/s

Throughput

Per lane budget in defaults

Fusion mode

Latency

Lower hops when quiet

Split mode

Scaling

Parallel lanes without reordering

Governance

SORA Parliament

On-chain governance that upgrades the network without forking it apart.

The SORA Parliament is the on-chain governance system that steers parameters, data spaces, and runtime upgrades for the network. It is organized into multiple bodies populated by sortition-chosen SORA Citizens.

Proposals originate from the Rules Committee or Monetary Policy Committee (MPC). The Agenda Council filters these proposals to ensure they meet established rules. Accepted proposals are studied by volunteer Interest Panels, whose findings are collated by a Review Panel.

The final decision is made by a Policy Jury—a randomly selected, one-time panel. All rule changes, proposals, and punishments must be ratified by a Policy Jury. The Oversight Council monitors the entire process for violations, while the Financial Markets Authority (FMA) regulates financial markets and Polkaswap.

Votes use zero knowledge to protect the identities of the voters. Once a proposal reaches its quorum and approval threshold, its effect is scheduled for a specific future slot.

Because proposals, votes, and enactment records are all stored in Kura, anyone can replay the full history of governance and answer questions like “when did this parameter change, and how was it voted on?” instead of relying on off-chain minutes or wikis.

Multi-Body Sortition

Randomly selected bodies like Policy Juries and Agenda Councils ensure fair, democratic decision-making.

Staked Proposals

XOR bonds back proposals so governance stays signal-rich instead of spammed.

Deterministic Enactment

Passed decisions become concrete ledger changes with receipts anyone can verify.

A constitutional layer for SORA Nexus: proposals, votes, and enacted changes flowing through one Parliament.

Network-wide

Scope

Parameters, data spaces, and runtime upgrades flow through Parliament.

On-chain

Transparency

Proposals, votes, and enactments are all stored in the ledger.

Rollback guards

Safety

Invalid upgrades are rejected before they can change live state.

010

Network

SoraNet

A private-by-default network layer for apps, sites, and APIs built on SORA Nexus.

SoraNet is the networking subsystem of SORA Nexus: a privacy-preserving overlay that delivers websites, APIs, and ledger traffic over the same infrastructure.

Client traffic flows through multiple encrypted hops, so observers on the public internet cannot easily tell who is talking to whom. At the same time, exit nodes can cache static assets so that pages and dashboards stay fast for users around the world.

Sites and APIs are published as artifacts that live in SoraFS. SoraNet relays fetch and serve these artifacts according to on-chain policies, instead of relying on ad-hoc DNS records or configuration files on individual servers.

Because SoraNet rides on the same infrastructure as SORA Nexus itself, regions and sectors can introduce governed data spaces and compute routes without launching separate chains or bespoke networking stacks for each project.

For end users, the result is simple: they connect once to a SoraNet gateway and gain access to applications and content across a global network that is designed to be private by default and policy-aware by design.

Integrated CDN

Relays and exits cache static assets so SoraNet-hosted sites feel snappy worldwide.

Privacy by Default

Multi-hop encrypted paths hide who is talking to whom while keeping policies enforced.

One Stack

Apps, storage, and networking all live on the same governed infrastructure instead of separate silos.

A global privacy overlay: SoraNet relays delivering applications and content across the same fabric as SORA Nexus.

Sites + APIs

Content

Frontends and services ride the same rails as ledger traffic.

Global overlay

Delivery

Relays form a worldwide mesh for low-latency access.

On-ledger

Governance

Publishing and routing are controlled through SORA Nexus governance.

011

Proofs

FASTPQ zk-STARK

Proofs that show whole data spaces followed the rules, without revealing their transactions.

FASTPQ is the zero-knowledge STARK proof system used by SORA Nexus. A FASTPQ proof is a small piece of data that convinces everyone that a whole data space followed its rules correctly, without them having to re-run the computation or see the underlying transactions.

To build a proof, a data space encodes its rules as a large table of numbers called a trace. Each row describes one tiny step of the state transition. The prover shows that all rows in this table satisfy the rules indirectly, by committing to a collection of polynomials derived from that table.

Instead of sending the entire table, FASTPQ sends Merkle commitments to these polynomials and then answers a handful of randomly chosen spot checks from the verifier. If any rule was broken, the chance that all of these random checks still pass is extremely small.

In numbers: with the parameter choices in the whitepaper, the probability that a dishonest prover can cheat without being caught is about 2⁻¹²⁸. Even if an attacker tried billions of times per second, they would be vanishingly unlikely to succeed within the lifetime of the universe.

Each data space produces its own FASTPQ proof. Lane committees aggregate these into at most two proofs per slot — one for public data spaces and one for private ones — so that verification work per lane stays within a tightly-bounded time budget.

FASTPQ uses standard STARK ingredients such as hash-based commitments and the DEEP-FRI protocol, but all parameters are fixed and published through governance. Anyone can verify proofs using only public information and the same Norito-encoded envelopes that consensus already understands.

Per-DS Proofs

Each data space proves its own state transition; lanes aggregate the proofs.

Low Cheat Probability

Random checks make undetected errors as unlikely as 2^-128.

No Trusted Setup

Anyone can verify proofs using only public parameters.

FASTPQ proofs weaving data spaces together without exposing payloads.

10k/s

Proof Gen

Whitepaper performance target

< 100 ms

Verify

Per-lane budget

Poseidon2

Hash

Goldilocks field for traces

012

Proofs

Data Availability & Proofs

Making sure that the data behind each block can be reconstructed, even years later.

Cryptographic proofs are only meaningful if the underlying data remains available. Data availability is the part of the system that ensures the contents of a block can be reconstructed, even long after it was produced.

SORA Nexus stores both block history (Kura) and the current world state (WSV) using erasure-coded shards. Instead of keeping a single full copy in one place, the data is split into many smaller pieces with additional parity pieces that let you rebuild the whole thing if some pieces are lost.

In a typical configuration an 8 MB block envelope might be split into 32 data shards and 16 parity shards, for a total of 48 pieces. Any 32 of these pieces are enough to reconstruct the original data, so nodes can safely discard or lose some shards without endangering the ledger.

For public data spaces, validators also perform in-slot sampling. They randomly download and check a small number of shards from each block and sign data-availability certificates only if those checks pass. Private data spaces can rely on their own ML-DSA-based attestations while using the same coding scheme underneath.

Governance sets budgets for how many samples can be checked per slot, how large shards may be, and how much time verification may take. This keeps data availability robust while ensuring that all checks still fit inside the one-second finality window.

2D Erasure Coding

Rows and columns of shards let nodes recover data even if some pieces go missing.

DA Certificates

Sampled shards and signatures bundled into certificates for auditors.

ZK DA Proofs

Zero knowledge checks bind shards to Merkle roots without revealing contents.

Galactic scrolls of data shards, proofs, and DA certificates orbiting the merge ledger.

48 shards

Shard Plan

32 data + 16 parity for 8 MB envelope

<= 300 ms

DA Window

q_in_slot_total = 2048 samples across lanes

100-200 ms

Verify

Lane proofs stay within slot budgets

Enter the Nexus

Built on SORA Nexus/Hyperledger Iroha 3. The ultimate infrastructure for the new world economic order is ready.

Download Whitepaper

Follow on X Join Telegram

ONE WORLDONE ECONOMYONE LEDGER