L1 Identity

L1: The Hull

Mission: Filter noise. Establish identity. Route trust. No identity providers. No certificate authorities.

L1 provides self-sovereign identity and trust management. Every entity in Libertaria owns its cryptographic identity – derived locally, verified mathematically, revocable by the owner alone. At the core sits the Sovereign Key Helix (SKH) – a lattice-rooted derivation chain that generates unlimited, unlinkable identities from a single mnemonic seed.

The Derivation Chain

SKH implements a complete identity hierarchy – from a human-memorable seed phrase down to hardware-level capability tokens:

Wallpaper Seed (24 words, BIP-39)
  -> Argon2id(entropy, device_salt)
    -> root_seed (32 bytes)
      -> ML-DSA-65.KGen(root_seed)
        -> DNAKey (Tier 0 – Lattice Root)
          -> BLAKE3(ml_dsa_secret || "skh1:persona:" || ctx || idx)
            -> ML-DSA-65.KGen(derived_seed)  [LatticeHD Option C]
              -> Persona (Tier 1 – Context Layer)
                -> SLIP-0010(persona_seed, m/44'/666'/...)
                  -> Ed25519 keypair
                -> HKDF-BLAKE3(persona_seed, app_ctx)
                  -> X25519, ML-KEM-768, ML-DSA-65
                    -> SoulKey (Tier 1.1 – Operational Identity)
                      -> CapabilityManifest (-> Nexus CSpace)
                      -> LibertariaPassport (DID + tier + caps + nullifier)

Every tier is deterministic – the same seed phrase always regenerates the same identity tree. Every tier is quantum-safe – ML-DSA-65 (FIPS 204) lattice signatures protect the root and all derived keys.

The Wallpaper Seed

Your 24-word BIP-39 mnemonic is your nuclear launch code. Write it on paper, tape it to your wall, guard it with your life. From this single phrase, your entire identity tree regenerates deterministically.

Tier 0: DNAKey – Lattice Root

The DNAKey is the cryptographic anchor of your entire identity. It never leaves your device; it never touches a network.

entropy    = BIP-39 mnemonic (24 words, 256-bit)
root_seed  = Argon2id(entropy, device_salt, t=3, m=64MiB, p=4)
(pk, sk)   = ML-DSA-65.KGen(root_seed)

Parameter	Value	Rationale
KDF	Argon2id	Memory-hard, resists GPU/ASIC brute-force
Memory	64 MiB	Deters attacks, runs on phones
Iterations	3	Balanced on ARM Cortex-A53
Signature	ML-DSA-65 (FIPS 204)	Post-quantum lattice, 128-bit security
Public Key	1,952 bytes	ML-DSA-65 standard

Tier 1: Persona – Context Layer

A Persona is a compartmentalized identity context derived from your DNAKey. Work, personal, activist, anonymous – each Persona is cryptographically unlinkable to its siblings.

LatticeHD Option C

Unlike classical HD wallets (BIP-32) that derive child keys via HMAC, SKH uses full ML-DSA-65 re-keygen from a deterministic seed:

rng_seed  = BLAKE3(ml_dsa_secret || "skh1:persona:" || context || u32_le(index))
(cpk, csk) = ML-DSA-65.KGen(rng_seed)    // Deterministic per FIPS 204
persona_seed = BLAKE3(csk[0..64])

Classical HD derivation (multiply parent by scalar) does not exist for lattice-based keys – there is no algebraic structure to exploit. Instead, we generate a fresh ML-DSA-65 keypair from a deterministically derived seed, achieving hierarchical derivation without elliptic curve algebra.

Property	Description
Deterministic	Same (DNAKey, context, index) = same Persona
Compartmentalized	Compromising one Persona reveals nothing about siblings
Quantum-Safe	Each Persona has its own ML-DSA-65 keypair
Unlimited	2^32 Personas per context string

Tier 1.1: SoulKey – Operational Identity

The SoulKey is the key you actually use day-to-day. Derived from a Persona, it holds the full cryptographic toolkit for authentication, encryption, and post-quantum key exchange.

From a single Persona seed, SoulKey derives five key types:

Key Type	Algorithm	Derivation	Purpose
Authentication	Ed25519	SLIP-0010 (m/44'/666'/0'/{ctx}'/0')	DID auth, signatures
Agreement	X25519	HKDF-BLAKE3 ("skh1:x25519")	Diffie-Hellman key exchange
Post-Quantum KEM	ML-KEM-768 (FIPS 203)	HKDF-BLAKE3 ("skh1:mlkem768")	Quantum-resistant encapsulation
Post-Quantum Sig	ML-DSA-65 (FIPS 204)	HKDF-BLAKE3 ("skh1:mldsa65")	Quantum-resistant signing
PQXDH Identity	4x X25519	HKDF-BLAKE3 (indexed)	Post-quantum X3DH handshakes

DID Generation

did:sovereign-skh1:BLAKE3(ed25519_public || ml_dsa_public)

The DID binds both the classical (Ed25519) and post-quantum (ML-DSA-65) public keys into a single identifier. An attacker must break both to forge your identity.

Cross-Context Unlinkability

Given two SoulKeys derived from different Persona contexts, an adversary with access to both public key sets cannot determine whether they originate from the same DNAKey – provided BLAKE3 remains a secure PRF. This is the formal guarantee (Theorem 2, SKH paper v2) behind identity compartmentalization.

Tier 2: Libertaria Passport

A Passport is a self-issued credential that declares your identity, citizenship tier, and capabilities. Signed by your own SoulKey – no external authority required.

Citizenship Tiers

Tier	Name	Requirement	Trust Level
T0	Anonymous	Self-issued, cryptographic only	Minimal
T1	Vouched	Vouched by existing T1+ citizen	Low
T2	Verified	3-of-5 Chapter member verification	Medium
T3	Witnessed	Physically witnessed ceremony	High

Pre-Rotation

Every Passport contains next_soul_hash – the BLAKE3 hash of the next SoulKey that will replace this one. This enables key rotation without identity loss: publish the next key, prove it matches the committed hash, and your DID survives the transition.

Tier 3: Capability Manifest – Nexus Bridge

The Capability Manifest bridges identity into hardware. It declares what resources a SoulKey may access on Nexus OS – injected directly into a Fiber’s capability space.

Capability	Permission Bitmask	Description
Entity	read, write, spawn	Process/fiber control
Channel	read, write, copy	ION ring access
Memory	read, write, map, execute	Physical frame access
Interrupt	read, write	IRQ mask/unmask
Time	read	Clock/timer access
Entropy	read	Hardware RNG

Each manifest holds up to 64 capability descriptors, is Ed25519-signed, and optionally expires.

STARK Zero-Knowledge Proofs

SKH includes a full STARK proof system for privacy-preserving identity operations – built on the Goldilocks field (p = 2^64 - 2^32 + 1) with BLAKE3 Merkle commitments and FRI commitments. No trusted setup.

Proof Circuits

Nullifier Circuit – “I know a DNAKey whose nullifier equals X”

Proves you own a valid identity without revealing which one. Used for anonymous voting (one person, one vote), Sybil-resistant resource claims, and privacy-preserving authentication.

Membership Circuit – “My SoulKey is in this Merkle set”

Proves set membership without revealing which element. Used for Chapter membership verification, access control without identity disclosure, and anonymous credential presentation.

Verification time: ~5ms. Transparent assumptions – no trusted setup required.

QVL: Quasar Vector Lattice

The QVL is Libertaria’s trust computation engine – a weighted directed graph with temporal decay and Byzantine betrayal detection.

Trust Computation

Trust decays over time: effective_weight = weight * exp(-decay_rate * elapsed_time)

Scores are computed via multi-hop path aggregation – up to 6 hops, using a parallel resistance model. Bellman-Ford detects negative cycles that indicate exploitable trust loops.

Trust Modes

Mode	Glyph	Scope	Verification
Trustless	⚠	Unknown peers	Full crypto verification, entropy proofs mandatory
Verified	⊢	Known trust graph	Trust path ≤ 3 hops, reduced entropy
Sovereign	⚡	Chapter members	Mutual recognition, minimal overhead

Betrayal Response

Level	Action
Warn	Log, notify
Quarantine	Restrict for 24h
Slash	Burn stake, broadcast
Exile	Permanent exclusion

Hybrid Signatures & PQXDH

Hybrid Signatures: Ed25519 + ML-DSA-65 combined. Valid only if both verify – protects against quantum computers breaking Ed25519 and undiscovered flaws in lattice crypto.

PQXDH: Post-quantum variant of Signal’s X3DH protocol for asynchronous key exchange – 4x X25519 ephemeral keypairs, ML-KEM-768 encapsulation, HKDF-BLAKE3 derivation, Noise XX transport.

SBI – Sovereign Binary Interface

The SBI is the formal FFI contract between L1 and the transport layer:

sbi_identity_create(seed)    -> Derive Ed25519 + X25519 from seed
sbi_identity_sign(msg)       -> Ed25519 signature (64 bytes)
sbi_identity_verify(pk, sig) -> Cryptographic verification
sbi_identity_did_ptr()       -> 32-byte DID hash
sbi_cbor_encode_map(N)       -> Start CBOR map (RFC 8949)

Cryptographic Primitives

Primitive	Standard	Usage
ML-DSA-65	FIPS 204	Lattice signatures (Tier 0, Tier 1)
ML-KEM-768	FIPS 203	Post-quantum key encapsulation
Ed25519	RFC 8032	Classical signatures, DID auth
X25519	RFC 7748	Classical key agreement
BLAKE3	–	Hashing, KDF, Merkle commitments
Argon2id	RFC 9106	Memory-hard KDF, entropy stamps
XChaCha20-Poly1305	–	Symmetric encryption
SLIP-0010	SatoshiLabs	Hardened HD derivation for Ed25519

Implementation Status

Component	Tests	Status
DNAKey (Tier 0)	Inline	Complete
Persona (Tier 1)	Inline	Complete
SoulKey (Tier 1.1)	Inline	Complete
Passport (Tier 2)	Inline	Complete
CapManifest (Tier 3)	Inline	Complete
STARK Prover/Verifier	Vectors	Complete
Nullifier Circuit	Vectors	Complete
Membership Circuit	Vectors	Complete
PQXDH	47 tests	Complete
QVL Trust Graph	47 tests	Complete
SSI/DID	47 tests	Complete

Specifications

• SPEC-040 – Sovereign Key Helix v0.1.0
• RFC-0100 – Entropy Stamp Schema
• RFC-0120 – Quasar Vector Lattice
• RFC-0121 – Slash Protocol
• RFC-0140 – Libertaria SSI Stack