Technology · Protocol Version 5

Every sensitive path is
post-quantum, by construction.

No classical public-key primitive on any cryptographically sensitive path. No trusted setup ceremony for any proof system. Security Level 5 from block zero.

Cryptographic Model

Three primitives.
Zero classical fallback.

Hover a card to flip it — front shows the standard, back shows the wired parameters.

FIPS 205 · SLH-DSA
SPHINCS+‑SHAKE‑256f‑simple
One-wayness of SHAKE-256 (hash-based)

Transaction signing, block signing, P2P message authentication. Security Level 5 — ≥256-bit post-quantum security, stateless.

Hover for params →
Public Key
64 bytes
Secret Key
128 bytes
Signature
49,856 bytes
Crate
pqcrypto-sphincsplus v0.7.2
FIPS 203 · ML-KEM
Kyber‑1024 / ML‑KEM‑1024
Hardness of Module-LWE (lattice-based)

Validator binding, peer key encapsulation, wallet key management, onion routing. Security Level 5.

Hover for params →
Public Key
1,568 bytes
Secret Key
3,168 bytes
Output
1,568B ct + 32B secret
Crate
pqcrypto-kyber v0.8.1
FRI-based · Transparent
Winterfell STARK
Reduces to collision resistance of BLAKE3 / SHA3-256

Block validity proofs and cross-chain bridge proofs. No trusted setup ceremony required for any proof system.

Hover for params →
Trace Width
48 columns
Generation
~850ms
Verification
~12ms
Slot Budget
3,000ms

Post-Quantum Boundary

Secured Paths

Transaction signing — SPHINCS+
Block signing — SPHINCS+
Peer key exchange — Kyber-1024
Block validity — Winterfell STARK
Bridge commitments — SPHINCS+-bound STARK

Absent Classical Primitives

RSA — not present
ECDSA / secp256k1 — not present
Pairing-based SNARKs / trusted setup — not present
Ed25519 on sensitive paths — inactive under quantum flag
Execution Model

7-tier intent dispatch

Callers declare outcomes. The Router determines how it executes, selecting the optimal engine automatically.

01Native BLEEP
02Router
03EVM (revm)
04WASM (Wasmer)
05STARK (Winterfell)
06AI-Advised
07Cross-Chain
01

Native BLEEP

Transfer, stake, unstake, governance vote. No gas.

02

Router

Intent parsing, engine selection, circuit breakers. Validation only.

03

EVM (revm)

Ethereum-compatible Solidity contracts. Ethereum gas semantics.

04

WASM (Wasmer)

WASM contracts on the Cranelift backend. Configurable fuel metering.

05

STARK (Winterfell)

ZK execution, public input verification. Fixed cost per verifier op.

06

AI-Advised

Constraint validation — advisory, off-chain only. Deterministic; no gas; never touches state directly.

07

Cross-Chain

BLEEP Connect Tier 4 instant intent dispatch. Protocol fee in bps.

Consensus

Proposed, proven,
voted, finalised

Safety holds when Byzantine stake f < S/3 of total staked supply. Three deterministic modes — PoS-Normal, Emergency, Recovery.

01

Propose

Stake-proportional proposer selected. Transactions ordered into a candidate block.

02

Prove

BlockValidityProver generates a Winterfell STARK proof — ~850ms, before broadcast.

03

Verify

Every validator independently verifies the proof — ~12ms — before casting a vote.

04

Vote

BFT precommits collected. Finalisation requires >66.67% of staked supply.

05

Finalise

Irreversible. Long-range reorgs rejected at FinalityManager — tested to depth 50.

Bandwidth & Signature Availability

SPHINCS+ can't aggregate.
BLEEP doesn't need it to.

Hash-based signatures are one-way constructions — there is no known scheme to combine n SPHINCS+ signatures into one. Rather than wait on unproven aggregate-signature research, BLEEP's Signature Availability Layer (SAL) routes around the problem architecturally.

Naive Cost

1 signature per transaction
4,096 tx/block × 49,856 bytes
≈ 204 MB per block
≈ 544 KB/s minimum bandwidth

With SAL

1 BatchBlockAttestation per validator, per block
Cost scales with validator count — not tx count
sig_commitment_root bound into header hash + STARK verification
N × 49,856 bytes, regardless of block fullness

Signature aggregation in the cryptographic sense remains a medium-term research direction, consistent with the whitepaper's stated limitations. SAL is the deployed mitigation for block bandwidth today — it changes what scales with transaction volume, not the signature scheme itself.

Internal Security Audit — Sprint 9

16,127 lines reviewed
across six crates

All Critical and High findings resolved. Cleared for Phase 6 public testnet preparation.

2/2Critical Resolved
3/3High Resolved
3/4Medium Resolved
3/3Low Resolved
1/2Informational Resolved

This reflects the Sprint 9 internal audit as documented in the Protocol Version 5 whitepaper. An external audit is scheduled ahead of Phase 6 public testnet.