Abstract

NØNOS is a sovereign operating system engineered for provable, decentralized computation at the physical edge of the network. Its design rejects the prevailing model of “privacy-first” platforms that merely wrap traditional OS kernels with encryption layers or sandboxed environments while retaining reliance on centralized trust anchors such as vendor-controlled firmware, registry authorities, or fixed bootstrap nodes.

At its core, NØN-OS redefines the OS as a cryptographically-verifiable, network-synchronous runtime. The operating system’s execution model is capsule-based: the .mod capsule format encapsulates binary payloads, zero-knowledge proof attestations, runtime constraints, and dependency manifests into a single verifiable object. Every .mod capsule is:

Mesh-native — distributable without a central registry

ZK-bound — verified without revealing private build data

Runtime-isolated — executed in a sandbox with enforced memory, file, and network boundaries

Trust-scored — continuously evaluated by peer feedback in the gossip layer

Beyond application execution, NØNOS functions as a DePIN (Decentralized Physical Infrastructure Network) node. Each node autonomously measures compute capacity, bandwidth availability, and storage throughput, generates a Proof-of-Infrastructure (PoI) snapshot, signs it with a local ed25519 node key (created and stored entirely offline if not already present), and broadcasts it to the onion-mesh network. Proof records are integrated with a micro-fee accounting model — .mod executions and mesh services are priced in per-operation units, allowing operator nodes to monetize directly from network contribution without depending on external intermediaries.

Whereas most so-called decentralized platforms operate at the application or middleware layer, NØN-OS is root-level sovereignty: bootloader to network stack, package system to proof-of-execution, all implemented in memory-safe Rust with zero tolerance for upstream control points.