The Consensus Mesh ·

Custodia anonyma.

If an interaction can reach a person, it had to cross a network, and that network is where protection lives. The Consensus Mesh is the architecture under every PKnet deployment: a zero-trust, self-proving federation that measures inline at the same hop the threat already used, holds one custody contract behind every record, and develops herd immunity the moment a single node learns.

Lineage paper · Cheraitia · Self-Supervised Meta-Heuristic Mapping · 2024
DOI 10.13140/RG.2.2.30201.48486

runtime
inline
at the hop the threat already crossed
enclave
sealed
remote attestation against the published registry
aggregation
ε-bounded
secure aggregation · distributed differential privacy
immunity
herd
signed protocol updates on an append-only log

Architecture

One instrument, placed where interactions already cross.

DEPLOYMENT SURFACES CONSENSUS · FIDELITY CONTRACT RETURNS · 3 CHANNELS CARRIER · INLINE IMS/SIP · SMS/RCS INSTITUTION · EDGE bank · platform rail CIVIC · LINE safeguarding · public service FEDERATION · MESH coverage compounds The Consensus Mesh F(x) ∈ [0, 1] · published protocol · civic custodian CITIZEN RECEIPT glass-box INTERVENTION SIGNAL authorised actor POPULATION CONSENSUS attribution-resistant live · receiving fidelity contract held routed · with consent

How we deploy

The unit of scale is the node, not the citizen.

PKnet deploys as a single sealed node placed inline at a point interactions already cross, at a carrier’s signalling layer, an institution’s call or transaction rail, a civic safeguarding line. One node protects everyone whose interaction crosses it, without install, enrolment, or any extra step from the citizen.

Coverage scales by network reach, not by sign-up. As nodes federate across operators and borders, an interaction is protected the moment any node on its path is live. There is no centre to saturate and no per-person onboarding to throttle growth.

The immune system

You are protected by being reachable.

People become part of the immune system the way a body does, not by opting into immunity but by being on a protected path. Nothing to download, nothing to switch on.

And protection is reciprocal. When an interaction at any node surfaces a new threat structure, that structure becomes an antibody, a signed protocol update on the shared registry, that immunises every other node. Each protected interaction makes the whole population harder to attack.

Surfaces ·Carrier, inline ·Institution edge ·Civic line ·Federation mesh

Mechanism

Protection rides the rails the threat used.

A zero-trust, self-proving federation. No app on the citizen's phone, no new surveillance scope on the operator's side, and no node, not even the host, trusted on faith. Four properties hold it together, and turn population protection into a herd-immune system rather than a dragnet.

DEPLOYMENT BLUEPRINT · ONE NODE · ONE INTEGRATION POINT PKnet · self-proving federation YOUR EXISTING INFRASTRUCTURE · UNTOUCHED voice · sms · rcs SUBSCRIBER voice · sms · rcs IMS · CSCF session control APPLICATION AI flagging layer SBC · GATEWAY edge interconnect PEER NETWORK inter-operator RECIPIENT voice · sms · rcs inline tap · one drop-in SBC · AS · SMS-C / RCS · by traffic class SGM sealed · blind PKnet · sealed node you host it · you cannot see inside · the network proves what runs F(x) ∈ [0,1] · sealed scalar single value · nothing else leaves CIVIC CUSTODIAN independent · holds the record citizen receipt yours to verify verify ↕ public log SHARED IMMUNE SYSTEM · APPEND-ONLY TRANSPARENCY LOG signed · proven · public OPERATOR · B OPERATOR · C YOU INSTITUTION CIVIC LINE YOU READ ANTIBODIES OTHERS WROTE · YOU WRITE ANTIBODIES OTHERS ADOPT

Principle · 01

Inline runtime

Every scam, coercion, or grooming attempt had to reach the person, and reaching means it crossed a network already carrying it. The instrument sits inline at that same hop. The citizen installs nothing, moves nothing, does nothing.

Principle · 02

Sealed blind enclave

SGM runs inside a sealed confidential-computing enclave. The operator hosts the measurement but cannot see inside it, and the enclave proves, cryptographically, on every run, that it is executing the exact instrument published in the registry, unmodified. You cannot look in; the network can prove what runs.

Principle · 03

Provable non-attribution

Contributions are secret-shared across custodians under secure aggregation, each carrying calibrated noise. What surfaces is a differentially-private population sum with a published privacy budget. Non-attribution stops being a clause in a contract and becomes a bound you can audit.

Principle · 04

Herd immunity, in the open

When one node resolves a new threat structure, the protocol update is signed and published to an append-only transparency log the whole federation reads. One node learns; every node verifiably adopts. A digital immune system for civic and democratic protection, with no central brain and no node trusted on faith.

Stack ·confidential computing ·remote attestation ·secure aggregation ·distributed differential privacy ·append-only transparency log ·zero-trust federation

Legibility

You can read what was read.

The institution can prove what its instrument runs. The citizen should not have to take that on faith. So every protection event mints a receipt: one only you can open, and one anyone can verify against the same public log the operators use.

It works the way a safety number works in an encrypted messenger, or an entry on a public ledger: a glyph you can compare, a proof anyone can check. You see your own glyph in the mesh. You are a participant in it, with visibility into it, not a subject of it.

  • Yours to open. Self-custody. Only your key opens your record, and nobody can take that key away.
  • Nobody can withhold it. The log is append-only and mirrored across the federation. No single company is a chokepoint, so a change of ownership cannot lock anyone out.
  • Anyone to verify. The proof is public. The protocol that produced it is open-source in the registry. The instrument that read it stays sealed and proven.
  • Reproducible to the byte. Request and contest the full derivation of any finding about you.
Citizen receipt verified
your glyph 7K2P · A9QF · 3JD1 compare it anywhere it appears
fidelity
F(x) = 0.214
below scam-script threshold
protocol
scam-script 2.1
open registry · versioned
log entry 0x9f3c·a17b·…·e08d
verify
anyone can verify the proof · only you can open the record

How your receipt reaches you

  1. 01 · DERIVE

    Your line becomes a one-way glyph

    Inside the sealed enclave, the line is turned into a glyph that cannot be reversed. The number is discarded on the spot. Identity never leaves the edge.

  2. 02 · CUSTODY

    The receipt is written to a mirrored public log

    Append-only, indexed by your glyph, mirrored across the federation. It carries the reading and the proof. The content, identity and keys stay sealed.

  3. 03 · OPEN

    You prove the line is yours, and open it

    A code to your number, or national eID where you choose it, re-derives the same glyph on your device. Anyone can verify the proof exists. Only you can open what is inside.

Open by design

Open protocol

Audit how every receipt is made

The spec, the verifier, the client, the transparency log and a reference gateway are open-source. Nothing about how a finding is produced is hidden.

Sealed instrument

Glass-box protocol, protected model

SGM ships as a frozen, signed artifact. Its measurement hash is exactly what the network proves is running, so the instrument can be checked without being exposed.

Self-custody, federated

No company holds the power

Keys stay with the citizen; the ledger is mirrored. Recovery is opt-in and pluggable by region: a civic trustee the citizen elects, not a private platform and not by default.

Transparency

The immune system, in the open.

Public append-only log · mirrored

Watch the network learn.

Every receipt lands on one log: readings, protocols and proofs, mirrored across the federation. The content, identity and keys stay sealed. Anyone can read the whole ledger; only you can open what sits behind your own glyph.

readings today
active nodes
protocols live
privacy budget
ε = 1.0
Consensus ledger · live append-only
glyph F(x) protocol age
every row is a proof anyone can verify · only the citizen behind a glyph can open the record

Fidelity

Energy is what we read.

Consensus Mesh · Fidelity contract

One fidelity reading.
One custodian.

Every gateway in the Consensus Mesh runs the same published contract. The architecture defines what is measured. A single fidelity reading, how much of the interaction’s structure the deployment captured, is the only value that leaves the edge.

That reading goes to the custodian. The interaction, the identity, the content, none of it does. SGM is the instrument that produces the reading. The architecture is what enforces the contract.

F(x) · fidelity 0.873
protocol · scam-script 2.x · to custodian
INTERACTION A · B PROTOCOL EIGENSPACE 90 × 30 F(x) single fidelity reading served

Consensus

Insight from the edges. Prevalence at the centre.

EDGES, PRIVATE READINGS N = 32+ contributors PREVALENCE, PUBLIC SIGNAL aggregate · attribution-resistant DRIFT no individual reading survives aggregation

The consensus carries population insight upward.

Each edge contributes a locally randomised signal, its own structural reading, perturbed at the source, and the centre composes those readings into prevalence and drift.

The aggregator’s domain is precisely that: prevalence and drift. The architecture leaves per-person, per-group, and per-region decomposition structurally outside it.

Trust

Four engineered properties of every deployment.

Published protocol registry

Property · 01

Published protocol registry

Citizens, regulators, journalists, and adversaries read what is measured for, and how. Every protocol versioned and contestable.

Per-citizen legibility right

Property · 02

Per-citizen legibility right

Any citizen can request and contest the full derivation of any finding about them, reproducible to the byte.

Civic-society custodian

Property · 03

Civic-society custodian

Records of measurement live with an independent civic body under a published deployment contract.

Independent ombudsperson

Property · 04

Independent ombudsperson

Standing to suspend any deployment that fails its annual attribution-resistance audit.

Deployment

Two shapes, one architecture.

With an existing prevention surface
Mode · 01

Operators · telco · bank · platform

With an existing prevention surface

SGM slots inside the operator’s existing scope; the deterministic, glass-box instrument supplies legibility per case; records leave the operator to the civic custodian.

Native, blank-sheet deployment
Mode · 02

States · regulators · coalitions

Native, blank-sheet deployment

The mesh is deployed natively across consenting ingest points. The reading captures the interaction’s spectral shape; reversed-aggregation consensus carries population insight upward.

References & next

For partners, regulators, and researchers.

If you carry responsibility for a national protective programme, a sector-wide intelligence-sharing coalition, or a regulated industry’s vulnerable-customer mandate, the Consensus Mesh is the conversation.

The Peacekeeper Network Lineage paper · SMM (2024)