Architecture

Policy-bound custody, mapped from intent to evidence.

DVM-MPC turns custody operations — key lifecycle, signing, publication, and recovery — into reviewable runtime paths: policy admission, peer choreography, local secret-kernel execution, controlled publication, and signed evidence. Each sensitive transition maps to its control boundary, state, and artifact. The DVM execution layer proves bounded operations. The DVM governance layer proves authority continuity. The same architecture runs on-prem, as a hosted service, or with a hybrid split; the deployment model is a configuration choice.

authority over milliseconds and monthsDVM execution proves operations. DVM governance proves continuity.
DVM executionmillisecondsexecution_id · score · trace · publish_*

A bounded, replayable proof that one keygen, refresh, reshare, signing, or publication path executed correctly.

DVM governancemonthscluster_id · key_epoch · event log

A long-lived authority record for setup, activation, degradation, rotation, emergency response, and retirement.

DVM execution owns milliseconds. DVM governance owns months.

generated does not mean activatedA key can exist before it becomes signing authority.
  1. DKG sessionThreshold key material is generated under a bounded execution.
  2. publish_pubkeyDVM crosses the publication boundary for the public key fact.
  3. KeyReady + receiptThe cryptographic object exists and has publication evidence.
  4. KeyObjectPublishedGovernance records the public key fact in the cluster log.
  5. GovernanceDecisionA quorum explicitly authorizes authority for the key epoch.
  6. KeyActivatedOnly now can signing sessions use the key as active authority.

Key exists != key is authority.

one operation, end to endEach handoff has an input, control boundary, output, and proof artifact.
01Client intent

typed act, key id, display hash, idempotency key

CanonicalIntent
02Policy admission

policy roots, approvals, limits, epoch, roster

AdmissionDecision
03DVM execution

self_peer, score, facts, CallResult values

TraceRoot
04Secret step

CallContext, permit_handle, step_permit

PermitEvent
05Peer frontier

state-derived egress and validation-first ingress

PendingRemote
06Local result

controlled local_private result reference

ResultHandle
07PublishGate

scope, result_ref, policy context

PublicationReceipt
08Evidence package

events, receipts, reason codes, trace roots

EvidenceBundle
reader glossaryTerms used throughout the architecture have one local meaning.
DVM scoreThe semantic program evaluated by each admitted node. It defines sites, dependencies, locality, phases, slots, and publication boundaries.
FactA typed value admitted into replicated DVM state after transport, session, roster, binding, replay, and payload checks.
ProjectionThe local view of operation state evaluated under one peer identity and active roster binding.
FrontierA boundary where execution emits egress, waits for ingress, calls the local secret kernel, or publishes an artifact.
PublicationThe explicit transition from a local_private result reference to a public artifact and publication receipt.
Executable formal semanticsDVM architecture claims have K rewrite-rule witnesses.

Product workflows lower into L1 semantic sites, L1 sites lower into L0 protocol microcode, and the selected backend semantics defines pending, completion, abort, local witness state, and evidence transitions.

rewrite rulespending frontiersabort evidencepoisoned sessionstrace roots
DKLS23 model snapshot37 evalBackend rules

Pending, done, abort, content-addressed local handles, poison transitions, and microtrace roots.

custody boundary mapExternal orchestration surrounds a local secret boundary.
Execution plane · external orchestration
Client / Product APITyped acts in, receipts out — idempotency keys, status stream, recovery polling.
Admission PlaneAdmissionDecision before any secret step — approvals, SoD, limits, epoch + display binding.
DVM Execution PlaneSans-I/O score over verified facts and call results. Deterministic, replayable, no secret access.
Transport / Validated IngressPeer signatures, sender + session binding, slot/phase and replay checks before facts enter state.
Local secret kernel · narrow boundarySecret Kernel · HSM / isolated node / mobile vaultShares, nonces, presign, permit_handle and one-time artifacts. A step_permit authorizes each transition — nothing leaves the boundary in the clear.
Publication gate

Separates Executed from Published: a computed signature waits at the gate until release policy or approval allows the public effect.

Evidence plane · external rail

Hash-linked AdmissionReceipt → PermitReceipt → PublicationReceipt, SIEM export, and rail continuation.

layer stackClient APIs sit above explicit runtime control layers.
Client APITyped acts, receipts, idempotency, recovery handles.
Admission PlaneApprovals, display binding, limits, policy roots.
DVM ExecutionSans-I/O interpreter over facts and call results.
Protocol PlaneEnvelope, session, lane, phase, slot, and roster checks.
TransportValidated ingress, peer delivery, equivocation evidence.
Local Secret KernelShares, permits, nonces, opaque local handles.
Evidence PlaneReason codes, event hashes, evidence export.
network admissionPeer traffic becomes state only after binding checks.
EnvelopeBindingexecution / lane / sitebinding_hashBINDING_MISMATCH
NetFramepayload root / recipientSignedEnvelopeWRONG_RECIPIENT
SessionBindingroster / originadmitted frameSESSION_MISMATCH
Payloaddecrypt / materializetyped graph factsPAYLOAD_REJECTED
CommitInbox / SigmaDVM factREPLAY_OR_CONFLICT
L2 to L1 to L0 BytecodeProduct workflows lower through stable semantics.
L2 surface workflowsignDigestpresign_batch[AFF3]rotate_keypublish_sig
L1 semantic scoreshare_randshare_mulshare_ec_mulopen_tofinalize_sig
L0 Bytecode profileDKLS23 share_mulFROST partial_sigCGGMP24 pail_affine_evalconsume_or_poison
L0 Bytecode ProfilesDKLS23, FROST, and CGGMP24 name concrete backend witness paths.
DKLS23 / AFF3ShareMulBackendOtOT details stay in witness trace; L1 share_mul remains stable.
FROST / FROST1Nonce / partial / aggregateSchnorr transcript micro-ops preserve nonce and publish boundaries.
CGGMP24 / KD1Paillier-MtA / ZKPaillier details remain backend-local; L1 observation remains stable.
Lifecycle guardconsume / witness handlesOne-time material closes through consumed markers and local witness state.
Data splitpublic witness / local secretReplicated state carries roots and traces; local store keeps witness and secret material.
double lifecycleExecuted and Published are different states.
Cryptographic lifecycle
DraftSubmittedAdmittedPendingRemoteExecutedPublished
External effect lifecycle
PublishedSubmittedToRailAcceptedByRailSettledReconciled
operational invariant boardAssurance claims name detector, reason, evidence, and retry policy.
Validated ingress before a DVM factNetwork planeBINDING_MISMATCH / REPLAY_OR_CONFLICTsigned envelope + binding hashnew frame only
Secret state stays localSecret planeno observable type carries a secretopaque handles + secret logdesign invariant
One-shot step permitSecret planeSTEP_PERMIT_REUSEDpermit event + poisoned artifact refabort or quarantine
Single active node bindingConfig & epochsSPLIT_BRAIN_FENCEDfencing record + node passportrebind after fence
Conflict yields durable ForkEvidenceDVM executionEQUIVOCATIONequivocation evidence + Abortoperator review
PendingRemote is an explicit stateNetwork planeREMOTE_TIMEOUTpending event + deadlinepoll, resume, or retry transport
Publication requires a gatePublication planePUBLICATION_DENIEDPublicationReceipt / denial evidenceafter policy change
Epoch / roster / profile change is gatedConfig & epochsSTALE_EPOCHDomainManifest + epoch evidencerebind operation
Inter-node exchange is observableNetwork planeexplicit ingress / egress eventsevent trace + statusn/a
Lifecycle transitions require GovernanceDecisionGovernance planeno TransitionAuthorized without threshold-signed GovernanceDecisionGovernanceDecision CID in cluster eventceremony + quorum re-sign
Key activation requires published artifactGovernance planeKeyActivated requires prior KeyObjectPublished with key_ready_cidartifact_refs binding in ClusterEventDKG must complete and publish before activation
PolicyReceipt stays on secret boundarySecret planePolicyReceipt never appears in cluster event logGovernanceDecision used externally; PolicyReceipt stays localdesign invariant