LQC Three-Layer
Safety

Consolidating the Lattice Quantum Channel security stack and proposing the Domain Clock Shield — a third independent layer that closes the Zookeeper broadcast window · May 2026

Abstract

Three Independent Security Layers

Chapter 5 proved seven properties of the Lattice Quantum Channel — from the conjugate birth invariant through clock-drift tamper detection and satellite-scale survival budgets. This chapter consolidates those results into a structured three-layer model and introduces a third independent layer: the Domain Clock Shield.

Layer 1 is geometric — the key is born into the pair. Layer 2 is physical — every deviation is measured. Layer 3 is temporal — the birth tick is a secret the wire can never carry.

The three layers are orthogonal: each defends against a different class of adversary. An attacker who defeats one layer still faces two others — and the layers compound rather than stack additively. The Domain Clock Shield (Layer 3) is derived — exp39 passed all five falsification tests, promoting Layer 3 from proposed to DERIVED.

Layer	Mechanism	Adversary class defeated	Status
L1 — Geometric	Conjugate birth invariant d_A + d_B ≡ 0 (mod p)	Classical computation, Shor's algorithm, factoring attacks	DERIVED (exp32–35)
L2 — Physical	Z₃ OTP cipher + tension ratchet + clock-drift detection	Wire interception, MitM injection, ciphertext analysis, replay	DERIVED (exp33–38)
L3 — Temporal	Domain clock κ(t) = (δ(t) × stride) mod 64, stride coprime to 63	Zookeeper broadcast intercept — Eve learns d_A but cannot derive d_B	DERIVED (exp39)

Fig 1 — Three orthogonal security layers. Each ring is independently derived from Z₂₅₆ geometry. An adversary who breaks one layer still faces two others. Layer 3 (gold) is now DERIVED via exp39.

01 · Layer 1 — Geometric

The Birth Invariant — Structural, Not Computed

The conjugate birth invariant is not a cryptographic construction — it is a consequence of Z_p ring geometry. It cannot be broken by computation because it has no computational structure to attack. Shor's algorithm, Grover's algorithm, and any classical brute-force operate on mathematical problems. The invariant is a physical relationship.

Layer 1 invariant [DERIVED — exp32, 0 violations / 100,000 lattice steps]

d_A + d_B ≡ 0 (mod p) p = secp256k1 prime ≈ 2²⁵⁶

Keyspace: (p−1)/2 ≈ 2²⁵⁴ conjugate pairs

Exceeds NIST 2¹²⁸ minimum by factor 2¹²⁶

Alice knows d_A → derives d_B = p − d_A independently

Bob knows d_B → derives d_A = p − d_B independently

No wire. No exchange. No quantum channel required.

The session key seed is d_A × p + d_B. Both parties compute it independently. A quantum adversary who obtains the ciphertext stream has no foothold: the invariant is a ring relationship, not a factoring problem, not a discrete log.

Layer 1's remaining window: The Zookeeper protocol broadcasts d_A publicly so a matching partner can be found. Eve listening to the Zookeeper knows d_A → computes d_B = p − d_A → computes the seed → derives the keystream. Layer 1 alone does not close this window. Layer 3 is the closure.

02 · Layer 2 — Physical

The Physical Stack — Every Deviation Measured

Layer 2 is the set of physical mechanisms that protect the channel during active communication. It does not depend on Layer 1's keyspace — it operates on the physics of the lattice clock.

Z₃ OTP Cipher

D(m,k) = (m−k) mod 3. R(k,c) = (k+c) mod 3. Information-theoretic: ciphertext is statistically independent of plaintext under uniform key. Proved exhaustively over all Z₃ pairs (exp33[B]). 255 wrong-key decryption attempts: 0 accidental reads (exp33[G]).

Tension Ratchet

d_A(t) = (d_A(0) + Σδ) mod p. The session key advances with each lattice tick. Past keys cannot be recovered — the ratchet is irreversible. No static key reuse possible (exp35: 255 consistent candidates at any snapshot, zero filtering possible).

Zookeeper Birth Monitor

Recognises but does not create the conjugate pair. Any injection at the birth event breaks d_A + d_B ≡ 0 immediately — Zookeeper detects and aborts the session. Eve gains nothing from the attempt (exp33[E]: 3/3 pairs matched, 0 false positives).

Clock-Drift Tamper Detection

Asymmetric tension injection accumulates as drift = N×ε. Decryption round-trip fails. Detection: 12/12 injection levels caught, 0 false negatives (exp36[E]). Physical cost: 1.5×10⁶ × Earth gravity gradient. Remote wire attacker: zero gain from OTP ciphertext.

Layer 2's remaining window: All Layer 2 protections assume the birth event is clean. If Eve intercepts the Zookeeper broadcast (d_A), she may derive the keystream before Layer 2 activates. Layer 2 protects the running channel; Layer 3 protects the birth moment.

03 · Layer 3 — Temporal

The Domain Clock Shield — The Birth Tick Is Not on the Wire

The Domain Clock Shield is now DERIVED — exp39 passed all five claims: full orbit coverage for every valid stride, 0/315 accidental wrong-κ recoveries, kappa uniformity (chi²=70.28, p=0.25), correct round-trip for all pair/tick combinations, and a complete stride catalogue (φ(63)=36 valid strides).

The conjugate pair is born at a specific lattice tick t. This tick is an internal event — it is never transmitted, never broadcast, never observable from the wire. The Zookeeper sees the pair and certifies it, but the tick at which it was certified is an internal clock reading. Layer 3 uses this tick as a second independent entropy source, orthogonal to (d_A, d_B).

Eve can listen to the Zookeeper channel and learn d_A. She computes d_B = p − d_A and believes she has the seed. But the actual keystream requires κ(t) — derived from the birth tick t she can never observe. Her seed is correct but her keystream is wrong.

Z₂₅₆ partitions into 4 quadrants (domains), each with 64 ring positions. The vacuum boundaries {0, 64, 128, 192} are forbidden (T_drag = 0, never emitted). Each active domain has exactly 63 active states:

Domain structure

Q₀ = {1..63} Q₁ = {65..127} Q₂ = {129..191} Q₃ = {193..255}

Each domain: 63 active states — vacuum {0,64,128,192} excluded

δ(t) = t mod 64 intra-domain position at birth tick t

δ(t) ∈ {0..63}. If δ(t) = 0 (vacuum boundary) → δ = 1 (first active state)

The Domain Clock Function κ(t)

Layer 3 domain clock function [PROPOSED]

δ(t) = t mod 64 intra-domain position

κ(t) = (δ(t) × stride) mod 64 domain key offset

Requirement: gcd(stride, 63) = 1 coprime condition (see §04)

Valid strides: 11, 13, 17, 19, 23, 25, 29, 31, 37, 41, 43, 47, 53, 55, 59, 61 ...

Invalid strides: 7 (gcd=7), 9 (gcd=9), 21 (gcd=21), 63 (gcd=63)

How κ(t) Enters the Keystream

Both Alice and Bob know their birth tick t — it is their internal lattice creation event. Each independently computes κ(t). The session key seed becomes:

Layer 3 enhanced keystream derivation [PROPOSED]

base_seed = d_A × p + d_B (Layer 1 seed)

session_key = PRNG(base_seed ⊕ κ(t)) (Layer 1 + Layer 3)

Alice computes: PRNG((d_A × p + (p − d_A)) ⊕ κ(t_A))

Bob computes: PRNG(((p − d_B) × p + d_B) ⊕ κ(t_B))

For conjugate pair born at the same tick: t_A = t_B → same κ → identical session_key

Eve's Residual Attack Surface

Eve who intercepts the Zookeeper broadcast has:

What Eve has	What she can compute	What she is missing	Outcome
d_A (from Zookeeper broadcast)	d_B = p − d_A ✓ base_seed ✓	birth tick t (internal, never transmitted)	Keystream wrong — she has the base seed but wrong κ
Ciphertext stream	OTP analysis	κ(t) → 63 possible values (stride coprime to 63 → full domain coverage)	63 candidates — ~6 bits brute force per session, with no plaintext oracle
Multiple sessions	Correlate κ across sessions	t advances with every new session → κ(t) changes → independent per session	No correlation — coprime walk has period 63 over independent ticks
Physical access to Alice's node	Read internal clock t	This is exp36 territory — physical access breaks L2 independently	L2 detects and aborts — Layer 2 is the correct defense here

04 · The Coprime Condition

Why stride must satisfy gcd(stride, 63) = 1

The 63 active domain states form a cyclic group Z₆₃. The domain clock walk visits states as κ_k = (k × stride) mod 63. The orbit length of this walk is 63 / gcd(stride, 63). A stride that is not coprime to 63 produces a short orbit — Eve's search space collapses:

Orbit length = 63 / gcd(stride, 63)

stride = 7: gcd(7, 63) = 7 → orbit length = 9 → 3.2 bits entropy

stride = 9: gcd(9, 63) = 9 → orbit length = 7 → 2.8 bits entropy

stride = 21: gcd(21,63) = 21 → orbit length = 3 → 1.6 bits entropy

stride = 11: gcd(11,63) = 1 → orbit length = 63 → 5.98 bits entropy

stride = 13: gcd(13,63) = 1 → orbit length = 63 → 5.98 bits entropy

stride = 17: gcd(17,63) = 1 → orbit length = 63 → 5.98 bits entropy

63 = 7 × 9 = 3² × 7. Valid strides: all numbers not divisible by 3 or 7.

Fig 2 — Domain walk orbit comparison. stride=7: gcd(7,63)=7, only 9 of 63 positions visited — Eve's search space collapses to 9. stride=11: gcd(11,63)=1, all 63 positions visited — full ~6 bits of entropy.

The 63-position domain is not arbitrary — it is the ring's own active-state count per quadrant. The coprime walk uses the same principle as the MPRC coprime walk (183 = 7⁻¹ mod 256) in the audio layer: a single multiplicative inverse generates a non-repeating traversal of the entire active-state space.

The recommended default: stride = 11. Verification: 63 × 11 = 693 ≡ 0 (mod 63). First return at step 63 → full orbit confirmed.

05 · Key Derivation Flow

How the Three Layers Compose

Fig 3 — Key derivation flow with three layers. Eve (★) intercepts d_A from the Zookeeper broadcast and correctly computes d_B = p − d_A and base_seed. But she cannot compute κ(t) because t (the birth tick) is never transmitted. Her derived session key is wrong.

Combined entropy budget [DERIVED, exp39 — chi²=70.28 p=0.25, 0/315 wrong-κ hits]

L1 alone: ~2²⁵⁴ pairs — computationally infeasible for quantum adversary

L1 + L3: 2²⁵⁴ pairs × 63 domain positions — adds ~6 bits of physical entropy

Critical difference: L3's 6 bits are PHYSICAL — not computational

A quantum computer that factors 2²⁵⁴ (if such exists) still cannot recover t without physical access to the birth event.

L2 tamper detection (exp36) catches any physical access attempt before it completes.

06 · Open Items

What Remains to Be Proved — Honest Boundary

#	Item	Status
1	exp39 — Domain clock falsification. Passed all five claims: full orbit for all 36 valid strides, 0/315 wrong-κ accidental recoveries, kappa uniform (chi²=70.28 p=0.25), correct round-trip 5/5 pairs, stride catalogue φ(63)=36 confirmed.	DERIVED
2	Stride selection rule. gcd(stride, 63) = 1 is necessary but is the recommended stride 11 also optimal against other adversary models (e.g., lattice basis reduction attacks on Z₆₃)? A formal proof of optimality is missing.	OPEN
3	t synchronisation across the pair. The Layer 3 derivation assumes t_A = t_B (same birth tick). For a conjugate pair born at the same lattice event this is true by definition. For pairs born at slightly different ticks (e.g., from two nodes booting at the same physical moment but different clock readings), a tick-alignment protocol is needed.	OPEN
4	Carried forward from Ch. 5. Message authentication (MAC), full session handshake protocol, lattice spacing a pinning, entanglement maintenance engineering — all open items from exp32–38 carry forward unchanged to the three-layer model.	OPEN (inherit from Ch. 5)

Layer 3 strengthens the model against a specific and realistic adversary — passive Zookeeper broadcast interception — without touching the existing proofs in exp32–38. It is additive and orthogonal. exp39 passed all five falsification tests. Layer 3 status: DERIVED.

References

Sources

Chapter 5 — Lattice Quantum Channel (this book, exp32–exp38 verified)
Chapter 1 — Discrete Lattice Mechanics (f(r) = 1/(1+GM/rc²) derived here)
NIST SP 800-57 Part 1 Rev. 5 — Recommendation for Key Management (2020)
Yin J. et al. — Satellite-Based Entanglement Distribution over 1200 km, Science 356 (2017) [Micius constraint, exp38]
Standards for Efficient Cryptography Group — secp256k1 specification