- This project adopts a source-available model rather than a full open source model. The core goal is to maximize value under controlled and trusted conditions.
- Source code will be shared with NDA-signed partners, allowing them to deeply understand internal mechanisms, data flows, and integration points. It will significantly shorten integration cycles.
- Authorized third parties such as auditors and partner teams can independently conduct code audits and security verification. By uniting external experts, it can strengthen reliability and robustness without exposing core IP.
- Selected academic institutions will be granted access to verify theoretical research and foster non-commercial innovation in related technical domains.
We aim to establish the technical cornerstone within a trusted ecosystem, achieving:
- Through continuous third-party audits, the project will serve as a verified reference implementation in its technical field.
- Under a strict NDA framework, build an efficient, low-risk collaboration loop that quickly integrates partner and research feedback into core code, forming a unique competitive point.
Under legal agreements and customized licenses, the project can absorb external optimization and security insights to achieve continuous technical evolution while firmly protecting our core commercial value and intellectual property.
This project uses a Custom Source-Available License (CS-NC License), strictly limiting use to academic and security-related purposes. It is limited in two key dimensions:
It is limited to use the project license. Any commercial use, product integration, redistribution, or creation of derivative works without written authorization from the project owner is prohibited. (See Section 2.2 ) License Selection and Compliance are applicable as the standard license for this account.
-
Permitted Uses:
- Academic Research: Limited to code analysis, algorithm study, or paper publication within non-commercial institutions (e.g., universities, research institutes) with proper source attribution.
- Security Auditing and Risk Analysis: Limited to vulnerability testing, compliance review, or functional safety assessment of the project code.
-
Prohibited Uses:
- Commercial Use or Integration: Prohibited from being directly or indirectly integrated into any commercial product or service.
- Public Disclosure or Redistribution: Prohibited from sharing or distributing the code to any third party without a signed agreement.
Due to the sensitive technology or proprietary information involved in this project, access and use are strictly limited:
- Primary Audience: Only partners under valid NDA or Joint Development Agreements. Access is granted exclusively to authorized entities who commit to full confidentiality.
We commit to strictly adhering to the confidentiality clauses in the NDA regarding code, technology, and project information.
- Excluded Audience: Independent developers, the general public, competitors, or entities not meeting the above criteria have no right to access or use the code.
Selected License: License - CipherSafe Source-Available Non-Commercial License (CS-NC License) V1.0
- To balance technical transparency (for auditing and research) with protection of core trade secrets, the project adopts a highly customized CS-NC License.
- Differentiate from Traditional license: Unlike OSI-defined open-source licenses, this license strictly prohibits commercial use and limits its audience (see Section 2.1 B), ensuring operations remain within a trusted network
- Legal: CS-NC License terms take effect under the company’s NDA agreements, providing dual protection for intellectual property and commercial interests during code access, research, and usage.
- Given the project’s sensitivity, contributors must ensure a single legal source and clear IP ownership.
- CIA Rules: Individuals or partners must sign a Contributor License Agreement (CLA) before submitting any code (Pull Request).
- The CLA grants the company the rights to:
- i. Incorporate submitted code under the CS-NC License;
- ii. Use or commercialize it in the future without additional authorization.
- The project uses necessary third-party components under strict license compliance:
- Audit & Isolation: During Stage 1, all dependencies will undergo license audits to ensure compatibility with the project’s non-commercial objectives (e.g., MIT, Apache 2.0).
- Distribution Restrictions: Although open-source libraries are used, redistribution of the full codebase remains restricted under the CS-NC License. Authorized users may not bypass or violate the original licenses of third-party components.
| Milestones (Stage) | Core Goals and Scope of Open Source Components | Key Tasks List (Compliance and Execution) | Planned Completion Time |
|---|---|---|---|
| Stage 1: Front-end Application and Emergency Units | Goals: validate controlled release; publish frontend code for review; enable review and discussion; prioritize urgent security audits for merchant nodes. |
Complete the secure delivery of the first batch of code. 1. Code Audit: Clean and audit code to remove sensitive data. 2. Configuration Settings: Configure GitHub whitelist and NDA partner access. 3. Publications: Publish CS-NC License with code. |
Late December |
| Stage 2: MPC Core Library | Goal: release MPC (Multi-Party Computation) core libraries for deep security; algorithm review for partners doing audits in depth |
1. Fix critical and major security issues internally, ensuring clear boundaries of “proprietary knowledge” as defined in the CS-NC License. 2. Conduct dependency audit: verify licenses of all third-party components used in the MPC library and include compliance statements in the README. 3. If necessary, prepare technical documentation outlining MPC algorithms and security audit guidelines. |
Late December |
| Stage 3: Blockchain Access Layer & Others | Goal: complete controlled open-sourcing of the core tech stack and build a comprehensive code audit and research environment. |
For critical issues, fix internally and provide an updated system architecture overview to help partners better understand the overall design. | Late January next year |
| CipherBC Flexify App | ||
|---|---|---|
| Link 1: FlexifyApp_stage1 | ||
| Module | Stage | |
| API Reference | 1 | |
| dapp | 1 | |
| MPC Logic Reference | 1 | |
| Related to CipherSafe | 1 | |
| Wallet backup | 1 | |
| CipherCard | 1 | |
| Approval | 2 | |
| Risk Control | 2 | |
| Login and register | 2 | |
| Member/Department/Role Permissions | 2 | |
| Team/Wallet Creation | 2 | |
| Exchange | 2 | |
| CipherBC Flexify Desk | |
|---|---|
| Link 1: FlexifyDesk_stage1 | |
| Module | Stage |
| API Reference | 1 |
| DApp | 1 |
| WaaS | 1 |
| Exchange | 1 |
| Approval | 2 |
| Risk Control | 2 |
| Team | 2 |
| CipherSafe | |
|---|---|
| Link: CipherSafe | |
| Module | Stage |
| Fingerprint SDK Reference | 1 |
| Storage SDK Reference | 1 |
| Bluetooth Interaction | 1 |
| MPC data processing | 1 |
| Wallet Creation | 1 |
| Signature Verification | 1 |
| MPC create/clone/recover/sign | 1 |
| Module | Stage | Link |
|---|---|---|
| Key recovery tool | 1 | Link: RecoveryTool |
| CipherSafe / Flexify | |||
|---|---|---|---|
| Module | Stage | Link | |
| mpc sdk for ios/ andriod api | 1 | ||
| recovery tool | 2 | ||
| WaaS(4/4, 1.0) | |||
|---|---|---|---|
| Module | Stage | Link | |
| Shop Node | 1 | Link: WaaS-ShopNode | |
| Waas(m/n) | |||
|---|---|---|---|
| Module | Stage | Link | |
| Merchant Node | 3 | ||
| Waas | |||
|---|---|---|---|
| Module | Stage | Link | |
| 2019 Signature Machine | 3 | ||
| 2023 Signature Machine | 3 | ||
| JS Signature Machine | 3 | ||
| Merchant payment address contract source code | 3 | ||
| Flexify | |||
|---|---|---|---|
| Module | Stage | Link | |
| Withdrawal (and MPC interaction) service | 3 | ||
| Integration with business wallet tools | 3 | ||
| GemW | |||
|---|---|---|---|
| Module | Stage | Link | |
| Seal machine service | 3 | ||
| Signature machine service | 3 | ||
Designed based on the professional and rigorous Omnibus Wallet architecture, we ensured a clear code structure, facilitating systematic and comprehensive security audits by our partners.
