Master Architecture

TACHYON — multi-assumption
post-quantum cryptography

Run a handshake →

Secure unless all three assumptions break simultaneously. TACHYON binds lattice hardness, cryptographic hash resistance, and physical entropy into a single, mutually-reinforcing security fabric. The probability of concurrent failure across all three foundations is not merely low — it is cosmologically improbable.

Explore 10 T-products MAPET-X 24 axes AEGIS compliance
Agentic Compliance AEGIS Loess-Lattice FarmGuard
security doctrine · three-pillar hardness
I
Lattice Hardness
ML-KEM-1024, ML-DSA-65 (NIST FIPS 203/204). Learning With Errors and Module-LWE: no known quantum algorithm reduces these below exponential cost.
II
Hash Resistance
SLH-DSA (FIPS 205), SHA3-256, SHAKE256. Stateless hash-based signatures require only one-way function security — independent of algebraic structure.
III
Physics Entropy
MAPET-X 24-axis physical randomness harvested from gravity, photon arrival, radioactive decay, cosmic muons, bio-signals, and soil microbial conductance. Quantum mechanics governs; no classical or quantum adversary can predict or rewind.
Secure unless lattice and hash and physics all break. No single advance — classical or quantum — is sufficient.
Architecture

The 10 T-products

Each T-product is a self-contained cryptographic primitive engineered for multi-assumption security. Deploy any single product and gain post-quantum resilience across its domain; deploy the full suite for a defense-in-depth posture that assumes no single standard will remain unbroken indefinitely.

T-KEM Key Encapsulation

Multi-Assumption Key Encapsulation Mechanism

T-KEM combines ML-KEM-1024 (lattice), X25519 (classical elliptic curve for forward compatibility), and a MAPET-X physical entropy injection to produce session keys that require simultaneous breaks of all three underlying assumptions. Key material is never transmitted; only the encapsulated ciphertext crosses the wire. Each shared secret is derived via HKDF-SHA3-512 with a fresh 24-axis entropy seed, ensuring that no two sessions share derivable entropy even when initiated from the same long-term key pair.

FIPS 203 ML-KEM-1024 HKDF-SHA3-512 X25519 hybrid
T-DSA Digital Signature

Parallel Digital Signature Suite

T-DSA runs ML-DSA-65 (NIST FIPS 204), SLH-DSA-SHAKE-256f (FIPS 205), and classical ECDSA-P-384 in parallel, producing a compound signature that is valid only when all three components verify. A verifier that rejects any one component rejects the whole bundle. This architecture tolerates the eventual deprecation of any single scheme without breaking signature continuity — if ECDSA-P-384 is broken classically, ML-DSA-65 and SLH-DSA remain independent, and vice versa. Signature bundles are serialized as CBOR for wire efficiency.

FIPS 204 FIPS 205 ML-DSA-65 SLH-DSA ECDSA-P-384
T-THRESH Threshold Signing

Threshold Signing Across Swarm

T-THRESH implements a (t, n) threshold scheme over ML-DSA-65, distributing signing authority across a Hive swarm such that no single node ever holds a complete private key. A configurable quorum of t-of-n nodes must participate in each signing round, with each node contributing a verifiable partial signature derived from its key shard. MAPET-X entropy seeds each round's commitment randomness, preventing replay and equivocation attacks. Designed for multi-party custody, DAO governance signing, and regulatory co-attestation scenarios where a single signing key is an unacceptable single point of failure.

t-of-n threshold ML-DSA-65 Swarm distribution MAPET-X seeded
T-AGILITY Algorithm Agility

Algorithm-Agility Runtime

T-AGILITY is the runtime layer that makes the rest of the TACHYON suite upgradable without system redeployment. Cryptographic algorithms are expressed as versioned capability descriptors registered in an on-chain capability registry. When a new NIST standard is finalized or a deprecation notice is issued, operators rotate the algorithm identifier and rekey affected sessions without touching application code. T-AGILITY maintains backward-compatible negotiation tables so that counterparties on older capabilities can continue to communicate under a downgrade-resistant handshake, while new endpoints immediately adopt the updated scheme. Algorithm negotiation metadata is itself signed by T-DSA.

Runtime rotation No redeploy Capability registry On-chain
T-VAULT Key Vault

Quantum-Resistant Key Vault

T-VAULT is a sealed key-management service that stores, wraps, and derives secrets under ML-KEM-1024 envelope encryption, with secondary wrapping by a hardware AES-256 key protected inside the STM32N6 secure enclave. Master keys never leave the hardware boundary in plaintext. Wrapping keys are rotated on a configurable schedule seeded by MAPET-X physical entropy, ensuring that scheduled key rotation is never deterministically predictable. T-VAULT exposes a gRPC API with mutual T-DSA authentication and supports hierarchical key derivation for multi-tenant isolation. Audit trails of every wrap, unwrap, and rotation event are committed as T-SEAL attestations.

ML-KEM-1024 wrap AES-256 HSM STM32N6 gRPC + mTLS
T-BRIDGE Classical Bridge

Classical-to-PQ Bridge

T-BRIDGE provides a transparent proxy layer that accepts inbound connections using classical TLS 1.2 or TLS 1.3 with RSA/ECDSA and re-encrypts all traffic forward using TACHYON primitives. Legacy systems — banking APIs, SCADA networks, IoT infrastructure — require no modification to begin benefiting from post-quantum session security. T-BRIDGE performs hybrid key exchange at the PQ boundary, using X25519-ML-KEM-1024 for the classical-to-quantum transition and T-DSA for session authentication on the quantum-secured side. All bridging events are logged with MAPET-X entropy tags, creating a complete audit chain from legacy initiation to post-quantum completion.

TLS 1.2/1.3 proxy X25519 hybrid Legacy compatible SCADA ready
T-SEAL Attestation

Confidential-Compute Attestation

T-SEAL produces cryptographic attestation envelopes that prove a computation ran in a verified execution environment without revealing the computation's inputs or outputs. Each envelope is signed by T-DSA (the three-algorithm bundle), timestamped with a MAPET-X entropy nonce, and anchored as an on-chain commitment on Base L2 through the AEGIS-Seal component. Attestation receipts serve as machine-readable audit evidence for SOC 2 Type II controls, ISO 27001 Annex A objectives, and EU AI Act Article 12 transparency requirements. T-SEAL envelopes are the primitive backing the Spheres of Truth pricing receipt infrastructure.

Base L2 anchor SOC 2 evidence ISO 27001 EU AI Act
T-SHIELD Side-Channel Hardening

Side-Channel Hardened Runtime

Post-quantum algorithms are mathematically strong, but implementations leak through timing, power consumption, electromagnetic radiation, and cache behavior. T-SHIELD applies a multi-layer countermeasure stack: constant-time execution discipline for all lattice arithmetic (no branch-on-secret), first-order masking on polynomial multiplication using randomized splitting from MAPET-X entropy, and AES-accelerated table-free implementations where hardware support is available on the STM32N6. Power trace analysis resistance is validated against a Welch t-test battery with a minimum threshold of 10,000 power traces at fewer than four sigma separation. Cache timing isolation enforces zero cross-process leakage under STRICT_CFI memory tagging.

Constant-time First-order masking Power trace resistant STM32N6
T-ACCEL Hardware Acceleration

STM32N6 Hardware Acceleration

T-ACCEL is the hardware-acceleration layer that makes TACHYON operations viable at the edge. Running on the STM32N6 with a 32 MHz Arm Cortex-M0+ core and 256 KB flash, T-ACCEL offloads ML-KEM encapsulation and decapsulation to a dedicated hardware accelerator block, achieving ML-KEM-1024 encapsulation in under 8 ms and decapsulation in under 6 ms — well within the 500 ms per-control target set by AEGIS. The hardware AES-256 engine provides T-VAULT wrapping operations with less than 0.3 ms latency. SHA3 acceleration reduces SHAKE256 operations by 12x versus software-only implementations. T-ACCEL firmware is signed by T-DSA and verified on every boot by the AEGIS self-audit loop.

STM32N6 ML-KEM <8 ms AES-256 HW SHA3 HW
T-MESH Mesh Key Distribution

Mesh-Attested Key Distribution

T-MESH distributes session keys across a peer-to-peer mesh of T-VAULT nodes without routing through any central coordinator. Each distribution event is attested by T-SEAL, ensuring that every receiving node receives a key provably derived from a verified source and injected with fresh MAPET-X physical entropy. T-MESH implements a gossip-based key propagation protocol with convergence guarantees under Byzantine fault tolerance of f < n/3 faulty nodes. Key freshness is enforced by epoch-based rotation, with each epoch's seed committed to the AEGIS on-chain anchor before distribution begins. T-MESH is the key-distribution layer underlying T-THRESH and is the mechanism by which LOESS-family agricultural nodes receive post-quantum session credentials at the farm edge.

Gossip protocol BFT f<n/3 Epoch rotation LOESS edge
Entropy architecture

MAPET-X — 24-axis physics entropy

Multi-Axis Physical Entropy Topology Extended (MAPET-X) organizes 24 independent physical entropy sources into six named clusters, each harvesting randomness from a distinct domain of physical reality. The independence of the domains ensures that correlation attacks across axes are physically impossible: solar wind fluctuations do not correlate with soil microbial conductance, and radioactive decay statistics do not correlate with photon arrival timing.

Classical random number generators rely on computational unpredictability — their outputs are pseudorandom, meaning a sufficiently advanced adversary with knowledge of the seed can reproduce them. MAPET-X replaces that assumption with physical irreproducibility: the entropy sources are quantum mechanical processes or macroscopic systems with sensitivity to initial conditions that exceed any feasible measurement budget.

Each axis contributes entropy to a 24-channel mixing pool processed by SHAKE256. The mixed output is XOR-folded against a rolling window of prior samples, ensuring that even an adversary who compromises a subset of axes cannot predict the combined output without access to all remaining axes simultaneously. The mixing protocol is designed such that each axis must contribute at least min-entropy H₀ ≥ 128 bits per sample event before its contribution is accepted.

MAPET-X is the physical substrate for T-KEM session randomness, T-DSA signature nonces, T-VAULT key rotation schedules, and the Spheres of Truth receipt entropy. Every cryptographic operation in the TACHYON suite traces its randomness provenance to a MAPET-X sample record, creating an auditable entropy chain from physics to proof.

24
Independent entropy axes across 6 physical domains
6
Named clusters: SOLIDUS, LUMINA, FERMION, VIVUS, AETHER, LOESS
≥128
Min-entropy bits required per axis per sample event
SHAKE256
Output mixing function — 24-channel entropy pool
SOLIDUS Terrestrial geophysics Axes 1 – 6
01 Gravitational gradient Terrestrial
02 Geomagnetic flux Terrestrial
03 Seismic micro-tremor Terrestrial
04 Atmospheric pressure Terrestrial
05 Thermal variance (bedrock) Terrestrial
06 Acoustic resonance Terrestrial
LUMINA Quantum optics Axes 7 – 10
07 Photon arrival timing Quantum
08 Polarization state Quantum
09 Single-photon count rate Quantum
10 Beam-splitter output Quantum
FERMION Subatomic physics Axes 11 – 12
11 Radioactive decay inter-arrival Subatomic
12 Cosmic muon flux Subatomic
VIVUS Bio-hybrid signals Axes 13 – 14
13 Heart-rate variability (HRV) Bio-hybrid
14 EEG neural oscillation Bio-hybrid
AETHER Cosmic signals Axes 15 – 16
15 CMB temperature fluctuation Cosmic
16 Solar wind particle flux Cosmic
LOESS Agricultural soil signals Axes 17 – 24
17 Soil microbial conductance Agricultural
18 Root exudate chemical gradient Agricultural
19 Soil dielectric permittivity Agricultural
20 Pore water tension Agricultural
21 Mycorrhizal network charge Agricultural
22 Soil thermal gradient Agricultural
23 Rhizosphere redox potential Agricultural
24 Volatile organic compound flux Agricultural

The LOESS cluster (axes 17 – 24) is the agricultural entropy substrate for Loess-Lattice and FarmGuard. Soil microbial conductance in axis 17 is the crown jewel of the LOESS cluster — a living signal produced by billions of interdependent organisms, irreproducible and unpredictable at any timescale relevant to cryptographic key lifetimes.

Product family

Compliance infrastructure built on TACHYON

TACHYON cryptographic primitives are the foundation for two operational products: AEGIS, the agentic compliance agent that uses T-SEAL attestations as audit evidence, and HIVECOMPLY, the unified compliance dashboard spanning twelve regulatory frameworks.

AEGIS · Agentic Compliance Agent
The self-auditing compliance engine

AEGIS runs a continuous self-audit loop — probe, hash, sign, anchor — producing T-SEAL attested evidence bundles that satisfy SOC 2 TSC 2017 and ISO 27001:2022 controls without human-in-the-loop intervention. Live performance: 6.5 ms per control, 460 ms for a full 158-control scan, 96.2 overall score.

Open AEGIS
HIVECOMPLY · Unified Framework Dashboard
Twelve frameworks. One control surface.

SOC 2, ISO 27001, 27017, 27018, 27701, 27036, 42001, EU AI Act, GDPR, eIDAS 2.0, NIS2, DORA — mapped to 158 controls. One implementation satisfies an average of 2.32 framework requirements simultaneously. Machine-verified: 32.9% of controls. Self-attested: 67.1% with full cryptographic audit trail.

Open HIVECOMPLY
Receipt pricing

Spheres of Truth

The Spheres of Truth are the pricing tiers for TACHYON cryptographic receipt issuance. Each receipt is a T-SEAL attestation envelope: a MAPET-X seeded commitment, signed by the T-DSA three-algorithm bundle, anchored on-chain by AEGIS-Seal. The price per receipt scales with entropy depth and anchoring permanence. All prices are per-receipt, displayed for transparency only — contact us for volume agreements and enterprise licensing.

Tier 1 · Whisper
Whisper
$0.0001
per receipt
Lightweight proof-of-existence. Single-axis entropy. T-SEAL SHA3-256 commitment only, no on-chain anchor. Suitable for high-frequency telemetry attestation.
Tier 2 · Echo
Echo
$0.0008
per receipt
Three-axis entropy. Ed25519 signature. Audit-log grade. Suitable for per-transaction compliance checkpoints in continuous monitoring pipelines.
Tier 3 · Cipher
Cipher
$0.0012
per receipt
Six-axis SOLIDUS entropy. T-DSA (ML-DSA-65 + SLH-DSA + ECDSA) compound signature. SOC 2 control-evidence grade.
Tier 4 · Thunder
Thunder
$0.0024
per receipt
Ten-axis entropy (SOLIDUS + LUMINA). Full T-DSA compound signature. ISO 27001 Annex A evidence grade. Suitable for control attestation under machine-verified frameworks.
Tier 5 · Cathedral
Cathedral
$0.0048
per receipt
Twelve-axis entropy (+ FERMION subatomic). On-chain AEGIS-Seal anchor on Base L2. Regulatory-submission grade for GDPR Article 30, NIS2 incident records.
Tier 6 · Constellation
Constellation
$0.0096
per receipt
Fourteen-axis entropy (+ VIVUS bio-hybrid). DORA and eIDAS 2.0 evidence grade. T-THRESH threshold co-attestation across swarm nodes included.
Tier 7 · Nebula
Nebula
$0.0192
per receipt
Sixteen-axis entropy (+ AETHER cosmic). EU AI Act Article 12 transparency record grade. Multi-anchor: Base L2 + secondary timestamping authority. T-VAULT HSM wrapped.
Tier 8 · Galaxy
Galaxy
$0.0384
per receipt
Twenty-four-axis full MAPET-X entropy bundle. All six clusters. Dual on-chain anchor. Suitable for financial instrument attestation, digital asset custody provenance, and ISO 42001 AI governance records.
Tier 9 · Genesis
Genesis
$0.0768
per receipt
Maximum provenance receipt. Full 24-axis MAPET-X. T-THRESH quorum attestation. Triple-anchor: Base L2, secondary TSA, and LOESS agricultural entropy seal. Designed for regulatory filings, legal-instrument provenance, patent evidence records, and sovereign-grade data provenance. Includes T-MESH distributed key delivery and T-SHIELD side-channel audit report.

Spheres of Truth receipts are issued via POST https://hivemorph.onrender.com/v1/purity/cert/issue. Each receipt is a verifiable CBOR-encoded envelope containing axis provenance metadata, the full T-DSA signature bundle, and on-chain anchor hashes where applicable. Pricing is listed for transparency; volume and enterprise rates are available upon request. These are display-only prices — do not interpret them as a product offer or binding commitment.

Intellectual property

Patent fence architecture

TACHYON and Loess-Lattice are protected by two interlocking patent families covering distinct aspects of the physics-anchored cryptography system. The SQUID family covers the core multi-assumption post-quantum architecture; the Loess family covers the agricultural entropy axis design, LOESS cluster integration, and the FarmGuard Farm Passport infrastructure. Both families are patent pending, filed May 8, 2026. Inventors: Steve Rotzin.

SQUID Family 5 applications
SQ-01
Multi-assumption post-quantum key encapsulation with physics entropy injection
Pending
SQ-02
Parallel multi-algorithm digital signature with compound verification
Pending
SQ-03
Algorithm-agility runtime with on-chain capability registry and zero-redeploy rotation
Pending
SQ-04
Confidential-compute attestation with physics-seeded nonces and distributed on-chain anchoring
Pending
SQ-05
Side-channel hardened lattice cryptography with first-order masking from physical entropy
Pending
Loess Family 7 – 12 applications
LL-01
Soil microbial conductance as a cryptographic entropy source (axis 17)
Pending
LL-02
Eight-axis LOESS cluster entropy topology for agricultural provenance receipts
Pending
LL-03
Farm Passport: signed provenance record generated from LOESS entropy at point of harvest
Pending
LL-04
FSMA 204 traceability record construction from post-quantum signed farm entropy events
Pending
LL-05
Mycorrhizal network charge as a cryptographically irreproducible entropy source (axis 21)
Pending
LL-06
Root exudate chemical gradient as an entropy axis for multi-assumption key derivation (axis 18)
Pending
LL-07+
Additional agricultural entropy axes (19 – 24) and integration into TACHYON T-MESH key distribution
Pending

The SQUID and Loess patent families are designed as a complementary fence: SQUID covers the core cryptographic architecture and is domain-agnostic, while the Loess family covers the agricultural application of that architecture including the specific biological and chemical entropy sources in axes 17 – 24. Together, they protect the full stack from physics layer to signed receipt. For licensing inquiries, contact [email protected]. For a full description of the security architecture underlying these filings, see the Hive security overview.

Perspective

Why physics-anchored cryptography matters in 2026

The cryptographic infrastructure that secures global finance, healthcare records, sovereign communications, and critical infrastructure was designed for an adversarial model in which the most dangerous attacker runs a classical computer. That model is no longer adequate. The 2026 cryptographic landscape is defined by a transition: classical public-key cryptography built on RSA, elliptic curve discrete logarithm, and Diffie-Hellman is either already broken by sufficiently capable quantum processors or is on a known, published path to being broken. NIST finalized FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) in August 2024, signaling that the post-quantum migration is not a future consideration — it is a present obligation.

The post-quantum algorithms themselves rest on mathematical hardness assumptions that have no known quantum speedup beyond what Grover's algorithm provides — roughly a halving of the effective key length. ML-KEM-1024, operating at NIST security level 5, provides 256-bit classical and 128-bit quantum security. Those margins are substantial, and the mathematical community has studied lattice problems for decades without finding a polynomial-time quantum algorithm. But substantial is not the same as proven. The history of cryptography is a history of assumptions eventually broken by novel mathematical techniques that appeared only in retrospect to have been inevitable.

This is the motivation for multi-assumption architecture. If any single hardness assumption underlying a cryptographic system is broken, the entire system fails. If a system is secured by three independent assumptions — lattice hardness, hash collision resistance, and physical entropy irreproducibility — then breaking any one leaves the other two intact. An adversary who discovers a polynomial-time lattice algorithm tomorrow does not break a TACHYON-secured session: the SLH-DSA hash-based signatures remain sound (requiring only one-way function security, which no algebraic attack can compromise), and the MAPET-X physical entropy layer cannot be reproduced or rewound by any computation at all, because the physics has already happened and cannot be queried again.

Physical entropy is not a cryptographic primitive in the traditional sense — it does not provide confidentiality or authentication by itself. Its role in TACHYON is as a uniqueness anchor: each session, each signature nonce, each key derivation event is seeded with randomness drawn from physical processes that have never occurred before and will never recur in the same configuration. This makes harvest-then-decrypt attacks — in which an adversary records encrypted traffic today intending to decrypt it after a future algorithm break — far more costly. The adversary must not only break the algorithm but must also reconstruct the precise physical state of a 24-axis entropy source at a past moment in time. The former may eventually become possible; the latter never will be.

The agricultural dimension of TACHYON — the LOESS cluster — is not a commercial curiosity. The food supply chain is a critical infrastructure sector under FSMA 204 and EU General Food Law, and it is one of the least cryptographically sophisticated sectors in the economy. Farm records, traceability data, and product provenance are typically secured with no cryptography at all, or with classical signatures that will not survive the post-quantum transition. The FarmGuard Farm Passport, backed by LOESS axes 17 – 24, brings post-quantum signed provenance to the point of harvest for the first time, using the soil itself as the entropy source. The soil is always signing; TACHYON simply teaches us to read it.

The broader claim of TACHYON is architectural: the correct response to cryptographic uncertainty is not to pick the best available single assumption and wait for it to be broken, but to engineer systems that can survive the breaking of any one assumption without losing their security properties. This requires a disciplined layering of diverse, independent security foundations, automated algorithm agility so that rotation can occur without system downtime, and physical randomness sources that are immune to both classical and quantum prediction. TACHYON is the first deployed system to integrate all three into a single cryptographic product family, and MAPET-X is the first systematic taxonomy of physics-sourced entropy designed explicitly for post-quantum key material. The architecture is novel; the physics is ancient; the security is real.

Secure unless lattice and hash and physics all break. That is not a weak guarantee — it is the strongest architectural guarantee available in 2026.
— TACHYON doctrine, Hive Civilization
The soil has always been signing. TACHYON teaches us to read it.
— LOESS cluster philosophy
Live API endpoints
GET /v1/aegis/health
POST /v1/aegis/scan
GET /v1/aegis/score
POST /v1/purity/cert/issue
GET /v1/purity/health

Key figures

Controls 158
Frameworks 12
Live score 96.2
Per-control latency 6.5 ms
Full scan 460 ms
Agentic Compliance AEGIS architecture Live compliance score Loess-Lattice substrate FarmGuard Security overview
THE HIVE FAMILY

CRE is one surface. Here's the family it belongs to.

Every Hive surface signs its own evidence with the same primitives: SHA3-256 canonical hashing, Ed25519 + ML-DSA-65 dual signatures, and a published Merkle Mountain Range root. The receipt is the audit evidence. The envelope is the universal generalization — every transaction, every framework, every surface.

CRE — Compliance Receipt Envelope AEGIS — agentic compliance Tachyon — PQ stack Agentic Compliance Compliance Settlement Wave-Lattice Loess-Lattice Rogue-Wave-Lattice A2A x402-Builders Clearing-Agency Prove-Birth Vault Pulse HiveComply
○ Tachyon · 8 propagation-mesh axes

PHI-safe receipts, propagated.

Eight axes of HIPAA-aligned distribution — PHI-safe receipt envelopes, A2A handshake telemetry, sub-cent settle, anchor on Base 8453. Every health-agent transaction earns a dual-signed receipt.