01 — Why a new protocol
Modern AI workloads are JSON over HTTPS. That stack was designed for humans clicking on links. It carries an enormous amount of accidental overhead — verbose framing, expensive parsing, certificates rooted in centralized authorities, no native concept of an autonomous agent.
Lattice replaces that with a binary frame format anchored in CCSDS 133.0-B-2, the same protocol family that keeps spacecraft talking. Eleven times faster than JSON in measured workloads. Sixty percent less bandwidth at the edge. Eight priority levels for compliance routing. And — critically — every byte on the wire is signed by hardware whose identity lives on a public chain.
02 — Encrypted identity
The fundamental unit of trust in Lattice is the device NFT. Every Coop device — and every software validator — gets minted a soulbound NFT at activation. The NFT binds:
- The device's MAC address and serial
- A TPM-derived attestation key
- The hash of the agent binary it runs
- An ML-DSA-87 signing key for post-quantum signatures
- An ML-KEM-768 encapsulation key for PQC encryption
These are hashed together into a single device identifier. If any one of them changes — a swapped network card, a tampered binary, a violated TPM seal — the chain detects the mismatch and the NFT is burned. A burned device cannot validate, cannot communicate, cannot participate. Recovery requires a network consensus vote.
This is what hardware-rooted identity means here. Not a certificate from a centralized CA, but a cryptographic commitment to a specific physical thing, witnessed by a network that has no off switch.
03 — Authentication
When two Lattice devices communicate, the handshake is a four-step dance:
- 01 / Discover
- Device A queries the chain for Device B's NFT. Public.
- 02 / Verify
- NFT status checked. Burned? No conversation. Valid? Continue.
- 03 / Encapsulate
- ML-KEM-768 session key. Forward-secret per session.
- 04 / Sign & send
- Every frame signed ML-DSA-87. Verified frame-by-frame.
No passwords. No bearer tokens. No long-lived secrets that can be extracted from a database breach. Authentication is something the hardware does, every time, at line rate.
04 — Consensus & chain-breaking
Validators run a Byzantine-tolerant consensus to agree on what counts as a malicious request, a compromised device, or an updated rule set. Five-of-seven quorum, sub-100ms failover, hardware attestation required to vote.
The novel mechanism is chain-breaking: when the network publishes a new rule set with a previousHash of NULL, every validator running the old rules is automatically killed. Not "marked stale" — actually killed. They cannot vote, cannot sign, cannot participate until they update.
This is the protocol-level enforcement of "you must be running current rules to belong to this network." There is no graceful degradation, no lingering old version, no way for a stale node to quietly pass bad traffic. Either you are current or you are gone.
05 — Topology & observability
Because every device on Lattice has an on-chain identity, the expected communication graph is small and enumerable. A given Coop device legitimately talks to perhaps five or six known destinations: its registered gateway, the validator pool, the attestation chain. That is all.
The Topology Sentinel watches actual traffic against expected topology. Any device making an outbound connection to an unregistered destination, or talking at a time-of-day inconsistent with its history, is flagged. The validator quorum votes on whether the deviation is real, and if confirmed, the device is quarantined — same mechanism as a chain break.
The result is anomaly detection with cryptographic ground truth. Most networks guess what normal looks like. On Lattice, normal is signed and on-chain.
06 — Reference specs
- Frame format
- CCSDS 133.0-B-2 (6-byte primary header) + 7-byte Lattice secondary
- Signature
- ML-DSA-87 (NIST FIPS 204)
- Key encapsulation
- ML-KEM-768 (NIST FIPS 203)
- Symmetric
- AES-256-GCM, domain-separated AAD
- Time authority
- Chain-time, CCSDS Unsegmented Time Code
- Consensus
- 5-of-7 BFT, <100ms failover, ~12s block target
- Throughput (ref. hw)
- ~10k validations/sec per Coop, <20ms p99 latency
- Patent families
- Chain-breaking · X.509+NFT auth · Priority routing · Hardware identity · BEMA steganography
The reference implementation is open source under a permissive license. The hardware specifications, the validator software, the integration kits — all available to anyone building on the substrate.