← SAMLLC
Engineering Briefing · v1.0 · April 2026

Lattice Network.

Architecture, Consensus, Cryptography.

ML-DSA-87 · ML-KEM-768 · 5-of-7 BFT · Chain-Breaking · NIST ACVTS validated

Space Automation Machines LLC · Ron Peterson, Founder

01 — Architecture

A layered system.
BFT consensus is the trust root.

Each layer inherits trust from the layer below. Compromise the bottom = collapse the top.

02 — Cryptographic Foundation

NIST-standardized
post-quantum primitives.

ML-KEM-768 · FIPS 203

ReplacesRSA, ECDH
FamilyModule Learning With Errors
SecurityNIST Category 3 (≈ AES-192)
Public key1184 bytes
Secret key2400 bytes
Ciphertext1088 bytes

Transport encryption, .Lattice content encryption, Coop validator session keys.

ML-DSA-87 · FIPS 204

ReplacesECDSA, RSA signatures
FamilyMLWE + SIS
SecurityNIST Category 5 (≈ AES-256)
Public key2592 bytes
Secret key4896 bytes
Signature4627 bytes

BFT validator votes, identity proofs, agent action attribution, git commit signing.

03 — NIST ACVTS Validation

April 4, 2026 —
130 of 130 test cases passed.

AlgorithmModeTest CasesResult
ML-DSA-87keyGen25All passed
ML-DSA-87sigGen (det)15All passed
ML-DSA-87sigGen (rand)15All passed
ML-DSA-87sigVer15All passed
ML-KEM-768keyGen25All passed
ML-KEM-768encapsulation25All passed
ML-KEM-768decapsulation10All passed
Total130130 / 130

Sessions 718269, 718294, 718304, 718305 · liboqs v0.15.0 · oqs-python v0.14.1

04 — BFT Consensus

5-of-7 quorum, single-round protocol,
instant finality.

Validator Topology

NYC · rasputin-01/02/03 London · rasputin-04/05 Singapore · rasputin-06/07

BFT safety: n = 3f + 1, f = 2, n = 7

Operations: issue · verify · rotate · revoke · certify

Consensus Protocol

  1. Client submits operation
  2. All 7 validators independently validate, sign vote (ML-DSA-87), broadcast
  3. Coordinator collects votes — any validator can coordinate the round
  4. 5+ agreeing votes → COMMIT, operation final and irreversible
05 — Consensus Performance

Production benchmarks —
DigitalOcean s-2vcpu-4gb.

~250
ms BFT median
latency
~480
ms BFT p99
latency
~50
ms local verify
latency
<500
ms revocation
propagation
Uptime
99.7% over 60-day production load period.
Failure detection
113 seconds. Auto-remediation: 47 seconds. No human intervention.
06 — Chain-Breaking

Consensus-level rule synchronization.
Patent-pending.

Validators running outdated rules cannot produce valid blocks. The consensus engine rejects them. Compliance is physics, not policy.

Normal Update

  • previousHash = SHA-256(old)
  • Grace period: ~4 hours
  • 5-of-7 validators approve update
  • Hash recorded on chain (linked)
  • Validators download, verify hash
  • Old version deactivated, products re-scrubbed

Emergency Chain-Break

  • previousHash = NULL
  • Grace period: 2.5 minutes
  • Zero-day detected, 5-of-7 emergency vote
  • All validators must update or auto-kill
  • Failed update = 100% stake slashed
  • All certified products immediately re-scrubbed
07 — Identity Lifecycle

LatticeIdentity NFT operations.

OperationDescriptionBFT ConsensusRevocable
IssueMint identity NFT for wallet + ML-DSA-87 pubkeyRequired
VerifyProve ownership via challenge-responseNot required
RotateReplace keypair, preserve identityRequired
RevokePermanently invalidate identityRequiredNo
TransferMove identity to new walletRequired

Revocation reaches all 7 validators within one BFT round (<500ms) — CRL staleness is architecturally eliminated.

08 — Hardware Binding

The Coop is the credential.

Coop edge device
Jetson Orin Nano Super. 67 TOPS, ARM64, 7–25W. Personal AI node + HSM. ML-DSA-87 private key never leaves device.
Coop HSM binding
Every identity operation is signed on-device. Network theft of a credential is architecturally prevented — physical access to the Coop is required.
SIM-NFT (ICCID/IMSI)
Carrier-verified at provisioning — carrier-grade KYC. SIM present = identity proven. Resolves credential theft by design, not policy.
Hardware kill
Chain-breaking enforces consensus-level kill. Validator running stale rules cannot produce valid blocks — auto-ejected, no manual intervention.
09 — The Harness

Content verification pipeline.
Carwash for the internet.

  1. .com URL submitted
    User submits unverified product URL
  2. Web scraper
    Crawl content; extract HTML, scripts, metadata, links
  3. 7 threat detectors run in parallel
    Code injection · Prompt injection · Malware · Credentials · Exfiltration · Phishing · Time attacks
  4. Rules engine aggregates
    CRITICAL finding = automatic fail
  5. 5-of-7 BFT consensus
    Independent validators confirm content is clean
  6. .Lattice product issued
    ML-KEM encrypted · hash on chain · PIS score · receipt
10 — Threat Detection

Rasputin rules engine —
7 categories, hash-anchored.

CategoryExamplesSeverity
Code Injectioneval(), exec(), SQL injection, XSS, shell commandsCRITICAL
Malware/RansomwareExecutable payloads, obfuscated binaries, YARA signaturesCRITICAL
Prompt InjectionInstruction overrides, role hijacking, base64 obfuscationHIGH
Data ExfiltrationSuspicious outbound domains, encoded payloads, webhooksHIGH
Credential HarvestingAPI keys, private keys, AWS creds, plaintext passwordsHIGH
PhishingUrgency language, typosquatting, impersonation, financial scamsMEDIUM
Time AttacksTiming side-channels, replay attacks, race conditionsMEDIUM

Rules updates: 5-of-7 vote, ~4hr grace (normal) or 2.5min grace (chain-break, slashing on miss).

11 — .Lattice Certification

Cryptographic proof of validation.
Continuously re-scrubbed.

Content verified
Scraped and cleaned by the harness. No malware, injections, or credential harvesting.
Consensus confirmed
5-of-7 independent validators confirmed clean — unanimous within round.
Quantum-safe encryption
Content encrypted with ML-KEM-768. Immutable integrity hash stored on chain.
Page Integrity Score
0–1000 deterministic. Security 60% · Content quality 25% · Stability 15%. PIS 85+ → Tier 2 eligible, 90+ → featured.

Issued against a specific Rasputin rules version. Not a one-time badge — re-scrubbed on every rule update.

12 — Lattice Chain · M42

Cosmos SDK + CometBFT —
PQC-native from genesis.

Eliminates Polygon (ECDSA) dependency. Chain-breaking moves from contract call to consensus primitive.

Identity
Agent DNA — every participant's identity, capabilities, trust
Rasputin
Threat rules storage + chain-breaking primitive
Registry
.lattice namespace + content hashes + PIS scores
Staking
LAT economics, validator rewards, slashing
Harness
On-chain scrub job tracking and completion receipts
Governance
Tier 3 vote on protocol upgrades
13 — Scaling Architecture

Hierarchical BFT.
Trust inherits down the tree.

M44 simulation target: 50 validator VMs · 7 geographic regions · 100 Coop simulators · 10 load generators · 20K ops/sec · 6 scenarios.

14 — Security Properties

What's guaranteed, what it costs to break.

What Lattice Guarantees

  • Identity authenticityML-DSA-87 challenge
  • Identity uniquenessSIM-NFT + BFT quorum
  • Revocation integrity<500ms BFT finality
  • Content integritySHA-256 + BFT receipt
  • Rule synchronizationChain-break + auto-kill
  • Quantum resistanceML-KEM-768 + ML-DSA-87
  • No single point of failure5-of-7 BFT quorum

Attack Surface

  • vs. BFT consensus3 of 7 separate machines across 3 continents
  • vs. identitySteal Coop AND break ML-DSA-87
  • vs. harnessEvade all 7 detectors AND convince 5-of-7
  • vs. chain-breakingSame surface as BFT attack
15 — Engineering Roadmap

Technical milestones —
Q2 2026 forward.

Q2 2026 — Validation & Sim
  • M44 Phase 1 — 50-node load
  • NCCoE delivery — ACVTS + benchmarks
  • NSF SBIR Phase I
  • Genesis creators — first 100 products
Q3–Q4 2026 — Ecosystem
  • Harness v2 + FastAPI
  • M8 Pigeon OS session + tool cards
  • M24 Shannon HTTP — queryable LTM API
  • M17 Marketplace v1
  • Tier 2 — first 50 home node Coops
2027+ — Native Chain
  • M42 Mainnet — Cosmos SDK + LAT
  • Regional hubs, 90%+ cache
  • M29 Agent Provenance
  • Tier 3 backbone