HomeWhitepapersProjeto PSI
Technical WhitepaperResearch in Systems Architecture and Applied Cryptography

Projeto Ψ (PSI): The Event Horizon of Personal Sovereignty and Zero Trust in Silicon

Author: Ulisses FloresAI Strategic Consultant, Software Architect, Hardware Developer, AGTU (USA) Master's Student

Executive Summary

The advent of algorithmic hyper-surveillance on a state scale, coupled with the proliferation of physical coercion vectors and invasive hardware supply chain attacks, necessitates an ontological reformulation in the architectures for critical digital asset custody. Traditional civilian hardware wallets operate under the fundamental premise of a secure environment and a user free from coercion — assumptions that prove catastrophically flawed under hostile threat models. This paper presents an exhaustive scientific analysis of Projeto Ψ (PSI), a sovereign-class custody architecture based on the paradigm of absolute Zero Trust in silicon.

SRAM PUFXMSS (NIST SP 800-208)Cu-W EMP ShieldingTMR AeroespacialFRAM Rad-HardDeniable EncryptionZero Trust in Silicon

1. Introduction: The Collapse of Institutional Trust and the Threat Model

The global economy's transition to decentralized infrastructures based on asymmetric cryptography has shifted the burden of security directly onto the individual. Historically, the protection of patrimonial assets relied on fiduciary institutions, such as central banks and regulated custodians, operating under the armed protection of the State. However, decentralization introduced a paradoxical vulnerability: the private key holder becomes the single point of failure.

Conventional hardware wallets were designed under a set of inherently fragile assumptions. They presume that the operating environment is benign, that the integrity of the microchip supply chain is intact, that manufacturing processes are free from hardware trojans, and, crucially, that the user is operating the device in a calm state, free from physical threats or coercion.

Project Ψ (PSI) emerges from the complete rejection of these premises, based on the diametrically opposed paradigm of “Zero Trust in Silicon”. Under this new ontology, the architecture natively assumes that the environment is invariably hostile, that the original manufacturer may harbor malicious vectors, that communication channels are actively monitored, and that the user themselves may be under duress.

When trust in all human, corporate, and institutional layers is methodically eliminated, security must be anchored solely in the inviolable coldness of the laws of material physics, thermodynamics, and advanced cryptographic mathematics. The threat model addressed by the PSI architecture transcends the civil domain and enters the rigor of military and aerospace standards (C4ISR).

The advent of home invasions aimed at the violent extortion of crypto-assets — colloquially known as “five-dollar wrench attacks” — has rendered sophisticated remote malware attacks statistically secondary. If an aggressor can simply torture the owner to obtain the access PIN, the device's logical resistance becomes irrelevant. Security, therefore, needs to be transmuted from a purely electronic discipline into a psychological, biomechanical, and structural science.

2. Physical Architecture (The Receptacle)

The first line of defense of any cryptographic system does not reside in the mathematical algorithm, but in the physical boundary that separates computational logic from the adversary. The PSI Project's “Receptacle” represents an extreme convergence of materials engineering and solid-state physics, aimed at the absolute neutralization of mechanical intrusions, high-power electromagnetic attacks, and invasive emanometric espionage techniques.

Exploded isometric diagram detailing the four physical defense layers of the Project PSI cryptographic hardware: external Copper-Tungsten shielding, epoxy resin potting, cyan active security mesh (Tamper Mesh), and silicon logic core.
Figure 1: Physical and Logical Defense Layers of the PSI Receptacle (Cu-W → Epoxy → Tamper Mesh → Silicon).

2.1 Copper-Tungsten Alloys and Electromagnetic Pulse (EMP) Mitigation

An Electromagnetic Pulse (EMP), whether originating from a high-altitude nuclear detonation (NEMP) or from intentional electromagnetic interference (IEMI) weaponry, generates devastating induced currents that destroy electronic circuits through overvoltages. To protect the cryptographic core, the PSI chassis abandons traditional aluminum and plastic in favor of a Copper-Tungsten (Cu-W) composite matrix alloy.

Tungsten (W) possesses extremely high density (~19.3 g/cm³) and the highest melting point among all pure metals (3422°C). These properties confer formidable kinetic and thermal inertia to the device, in addition to functioning as a natural shield against high-energy ionizing radiation. However, pure tungsten lacks the optimized electrical conductivity to create a perfect Faraday Cage — it is at this point that Copper (Cu), with its very high conductivity, fills the gap.

The W-Cu system exhibits total immiscibility in both solid and liquid states. Consequently, the chassis is manufactured by advanced powder metallurgymethods: a porous tungsten skeleton is first pressed and sintered at high temperatures, followed by capillary infiltration of molten liquid copper. The resulting composite (70-80% W / 20-30% Cu) exhibits exceptional synergistic behavior.

Effectiveness is quantified by Shielding Effectiveness (SE), measured in decibels:

SE = 10 · log₁₀(Pi / Pt)

Shielding Effectiveness (SEtotal) = R + A + B

Overall attenuation results from the sum of three mechanisms: reflection loss (R), internal absorption loss (A), and multiple reflection correction (B). Dense structures incorporating copper consistently ensure SE >100 dB, surpassing rigorous military standards (MIL-STD-285).

Table 1: Electromagnetic Shielding Parameters (Cu-W)
MaterialConductivitySE (RF)Structural Advantage
Galvanized SteelLow~90 dBHigh magnetic permeability
Pure Copper (Cu)Very High (100% IACS)>100 dBMaximum EMP pulse reflection
Cu-W Alloy (PSI)High (40-50% IACS)>100 dBRF + gamma shielding; extreme rigidity

2.2 Acoustic, Thermal, and Chemical Isolation against Side-Channel Attacks (SCA)

The execution of cryptographic algorithms changes the state of millions of transistors billions of times per second. These logical transitions consume varying currents that escape into the environment in the form of heat, residual electromagnetic radiation, and acoustic noise. Well-equipped attackers use these emanations to infer the secret key material — a discipline known as Side-Channel Attacks (SCA).

Acoustic Attacks (ASCA): Multilayer ceramic capacitors (MLCC) and inductors exhibit piezoelectric and electrostrictive effects. Voltage fluctuations during cryptographic operations cause microscopic deformations, inducing sound and ultrasonic waves interceptable by directional microphones.

Thermal Attacks (TSCA): Thermal imaging cameras capture variations in the heat profiles of the chip surface, mapping asymmetry when different logic blocks operate keys with distinct bits.

To mitigate both vectors, PSI entirely encapsulates the cryptographic hardwarein thermosetting epoxy resin infused with glass microspheres and ceramic matrix granulations (potting):

  1. Viscoelastic Acoustic Damping: The acoustic impedance mismatch between piezoelectric components and the dense resin forces sound waves to undergo drastic attenuation — converted into very low-amplitude heat.
  2. Thermal Gradient Flattening: The intentionally low thermal conductivity of the epoxy acts as a thermal low-pass filter. The inertia absorbs and linearizes transient heat surges, crushing thermal signature curves.
  3. Symbiotic Chemical Defense: Within the epoxy matrix, a complex mesh of fine wires (tamper mesh) actively energized is interwoven. The chemistry of the insulating layer is designed to be identical to that of the cured resin — solvents that dissolve the resin simultaneously destroy the mesh, triggeringinstantaneous key zeroization before the attacker reaches the target.

2.3 Radical Isolation Architecture (Air-Gapped)

The PSI topology requires a null-interface and radical isolation architecture. The device strictly eliminates USB ports, does not display interactive screens, and lacks traditional mechanical switches. Power supply and strictly structured encrypted data transfer occur solely via flat-faced encrypted magnetic Pogo Pins. By physically excising conventional input/output ports, PSI revokes the contact surface for prevalent logical attacks (BadUSB, firmware injection, fuzzing).

3. The Cryptographic Core (The Wave Function Collapse)

Inspired by quantum mechanics, the concept of “Private Key Wave Function Collapse”stipulates that the key only exists in volatile memory at the exact millisecond a digital signature is requested. In legacy wallets and commercial HSMs, the 256-bit master key is persistently stored in Non-Volatile Memory (Flash EEPROM). Under PSI's hostile model, any statically held data is vulnerable — a Nation-State could use Scanning Electron Microscopy (SEM) or Focused Ion Beams (FIB) to extract the key.

PSI's response is drastic: the private key is not stored on the device at any time.

3.1 SRAM-Based Physical Unclonable Functions (SRAM PUF)

While the device is at rest (de-energized), the memory core is an absolute vacuum of information. Standard SRAM memory cells are formed by cross-coupled bistable latches (6T topology). At power-up, transistors compete to pull the logical state to ‘0’ or ‘1’. Due to Random Dopant Fluctuations (RDF)and nanometer-level irregularities in lithography processes, each cell exhibits physical discrepancies in its Threshold Voltages (Vth).

This atomic asymmetry means that each cell predictably collapses to the same initial state. By scanning thousands of these cells, a high-entropy binary string is extracted — the unquestionable fingerprint of that silicon, impossible to clone, predict, or copy.

Cryptographic quality is modeled by Decidability (d'), which compares the normal distributions of Fractional Hamming Distance (FHD) between intra-device readings (thermal noise) and inter-device readings (randomness between different chips).

To transform the noisy physical state into a cryptographic seed with 100% precision,Fuzzy Extractors — “Secure Sketch” modules that combine the noisy SRAM response with “Helper Data” and error correction algorithms (BCH or Polar codes) — are employed. After signing, the SRAM power is obliterated, charges dissipate, and the key ceases to exist.

Logical flowchart of the private key lifecycle in Project PSI via SRAM PUF. The flow converts physical silicon noise into pure entropy, processes it through the Fuzzy Extractor to generate the seed (structured crystal), culminating in instant zeroization and digital disintegration.
Figure 2: Ephemeral Key Derivation Flow via SRAM PUF (Power-up → RDF → Fuzzy Extractor → Seed → Zeroization).

3.2 The Post-Quantum Standard XMSS (NIST SP 800-208)

If a quantum computer with stable logical qubits is built, Shor's Algorithmwill destroy all infrastructure based on elliptic curves (ECDSA, EdDSA). Preparing for “Q-Day,” PSI incorporates the eXtended Merkle Signature Scheme (XMSS), standardized by NIST (SP 800-208) and RFC 8391.

XMSS does not rely on prime factorization or algebraic mappings. Its security rests on the computational infeasibility of creating collisions in hash functions(SHA-256, SHAKE256) — a premise proven by decades of cryptanalysis and irreducible against Grover's algorithms.

The complexity lies in its stateful nature: XMSS constructs a Merkle Tree where each leaf node carries material for a Winternitz One-Time Signature (WOTS+). Each OTS key can only sign a single message in the system's lifetime. State reuse causes catastrophic security collapse.

“This recommendation requires that key generation and signatures be performed strictly in dedicated hardware cryptographic modules that do not allow secret key material to be exported.” — NIST SP 800-208

PSI's microcontroller manages the XMSS pointer entirely within the silicon epoxy barriers, refusing all export of root keys via external buses.

3.3 Hybrid Entropy: Closing the Loop

The Master Seed that feeds the WOTS+ leaves demands “Redundant Hybrid Entropy”:

  1. Intrinsic Dynamic Entropy: extracted from the SRAM PUF — exclusively linked to the physical hardware.
  2. Extrinsic Static Entropy: provided by the human via temporal proximity NFC smartcard combined with live holder biometrics.

A Key Derivation Function (KDF) based on hashes absorbs the microchip's randomness merged with organic credentials. This algorithmic Gordian knot shields custody at both ends: the stolen device is useless (missing human entropy); the kidnapped individual without the chip is equally powerless (lost silicon stochastic portion).

4. Active Defensive Heuristics (Phantom Input and Evil Maid)

Cyber-physical security invariably collapses in the face of direct kinetic coercion. If the legitimate holder is tortured to reveal passwords, the force of the extortion vector will suppress all cryptography. PSI's revolutionary innovation consists of transposing silicon security into the realm of neuropsychology and active biometrics.

4.1 Behavioral Biometrics and Physiological Coercion Detection

In the face of torture, the sympathetic portion of the Autonomic Nervous System precipitates the “fight or flight” reaction, resulting in cascades of catecholamines and cortisol. PSI integrates sensors that continuously mapBehavioral Biometrics:

  1. Pressing and Pressure Dynamics: Magnetoelastic sensors and strain gauges track pressure variations (~0.25 kPa), Flight Time, and Hold Time. Under stress, the grip petrifies, the dynamics become brutal and arrhythmic.
  2. Neuromuscular Micro-tremors: Triaxial accelerometers and gyroscopes (IMU) quantify millimeter-level agitation. Physiological tremor (8-12 Hz) is violently modulated during coercion — amplified amplitude, suppressed relaxation frequencies.
  3. Heart Rate and PPG: Photoplethysmographs and bioimpedance sensors measure peripheral vasoconstriction, tachycardia, and reduced Heart Rate Variability (HRV) — a stress biomarker detectable by neural networks.

These data flow into Edge AI modules — Capsule Networks (CapsNets) and Random Forest for physiological time series, with F1 scores between 96.97% and 99.82% on clinical stress datasets.

Table 2: Physiological Coercion Detection Biomarkers
BiomarkerHardwarePattern Under Coercion
Contact Force and DynamicsMagnetoelastic Sensors + Strain GaugesArrhythmic latency; pressure peaks; retention stiffness
Muscle TremorIMU (Accelerometers/Gyroscopes)Disruption of 8-12 Hz frequency; high variability spasms
Cardiovascular SignalsBioimpedance / Optical / PPGVasoconstriction; HRV drop; tachycardia

4.2 Deniable Encryption (Phantom Input Protocol)

When neuromuscular buses positively flag coercion, PSI opts for a counterintuitive path: it does not block operations. In normative ecosystems, locking would provoke the physical annihilation of the holder by ruthless kidnappers. The device assumes the preservation of the owner's biological integrity.

The hardware couples to the topology of Plausible Deniability, realized through Deniable Encryption based on Coercion-Resistant CP-ABE(Ciphertext-Policy Attribute-Based Encryption). A single seed derives two paths:

  • Real Secret Key (RSK): reveals the true central wallet.
  • Fake Secret Key (FSK): opens a plausible illusory environment, with credible operational funds and network-validated transactions.

Functions based on composite order bilinear group maps and Chameleon Hashing ensure that the equations cannot be statistically unraveled. The aggressor escapes satisfied, believing they have extracted the master keys — while the real patrimonial sovereignty remains hidden and intact.

Logical decision tree of the Phantom Input Protocol (Deniable Encryption). A central biometric actively bifurcates routing: the secure upper optical path (cyan) accesses the real key (RSK), while the lower path under coercion detection (amber) silently redirects to a fake key (FSK).
Figure 3: Phantom Input Protocol — Biometrics → Coercion Flag → RSK vs FSK (Deniable Encryption).

4.3 Cryptographic Attestation against Hostile Substitution (“Evil Maid”)

The Evil Maid attack involves the insidious swapping of the device for a cosmetic clone with hidden radio-transmitting hardware. PSI subverts this with reverse attestation: it is the device that must prove its authenticity to the host viaZero-Knowledge Proofs (ZKP), generating untransferable Personal Boot Images. A clone without the legitimate chip does not produce the correct attestation, alerting the user to the interception.

5. Aerospace-Grade Redundancy: TMR and LEO Threats

The Event Horizon philosophy argues that threats are not always terrestrial. An inviolable vault postulates resilience against infrastructure catastrophes, ensuring computational perpetuity in adversity — including Low Earth Orbit (LEO).

5.1 The Orbital Radiation Threat (SEU, SEL, TID)

At 300-800 km from the surface, the magnetosphere substantially thins (especially in the South Atlantic Anomaly). The environment is flooded with solar protons and heavy ions from galactic cosmic rays (GCR). COTS components collapse under:

  • Total Ionizing Dose (TID): Continuous degeneration of semiconductors due to cumulative accumulation of gamma irradiations in the insulating SiO₂, altering threshold voltages and causing lethal leakages.
  • Single-Event Effects (SEE): Transients induced by the penetration of a charged particle — Single-Event Upsets (SEU) randomly flip bits;Single-Event Latch-ups (SEL) trigger short circuits by fusing microscopic traces.

5.2 The Rad-Hard Standard and Ferroelectric FRAM

PSI discards civilian Flash and NAND EEPROMs in favor of Rad-Hard Ferroelectric RAM (FRAM). Contrary to traditional memories based on electron trapping over CMOS floating-gate capacitors, FRAM utilizes exotic crystallographic topologies (thin film of Lead Zirconate Titanate — PZT).

The structure maintains binary keys through the fixed residual electric field polarization associated with geometric placements of the metallic crystal — an unshakeable stable dipole arrangement. Transient ionizing particles do not corrupt these oriented crystallizations, conferring native immunity in massive TID environments.

5.3 Triple Modular Redundancy (TMR)

Each critical operation is physically replicated three times in independent microcontrollers (sub-blocks A, B, C). At the end of parallel calculations, the paths converge in a Majority Scrutinizer Device (“Voter”).

If a cosmic particle flips the transistors of sub-block B (SEU), sets A and C continue reporting correct data. The Voter — by Simple Majority (2 against 1) — instantly expels spurious errors, without reboots or operational interventions. The device maintains continuous and infallible operation under orbital radioactive bombardment.

Architectural diagram of Project PSI's aerospace Triple Modular Redundancy (TMR). Three independent microprocessors process data in a fault-tolerant parallel manner, converging to a central Majority Voter logic gate that validates and emits only a unified cyan output immune to fault injection.
Figure 4: Triple Modular Redundancy — Sub-blocks A/B/C → Majority Voter → Infallible Output.

6. Conclusion

Project PSI (Ψ) categorically transcends the dimension of a “consumer electronic wallet,” shifting the taxonomy of custody to unexplored levels of military, metallurgical, and planetary civil safeguarding sciences.

By unreservedly adopting the existential manifesto of “Zero Trust in Silicon”, its responses pave the way for interdisciplinary state-of-the-art:

  1. Kinetic Vanguard: The intertwining of the acoustic thermodynamics of epoxy potting with the military density of Cu-W suppresses piezoelectric acoustic forensic vectors in parallel with instantaneous EMP absorption.
  2. Rad-Hard Cryptographic Ephemerality: The abolition of electronic persistence by SRAM PUF, solidified by post-quantum XMSS (NIST SP 800-208) and surviving in crystallized FRAM memories, sweeps away the dangers of forensic microscopes and the quantum future.
  3. Active Plausibility Neural Safeguard: Behavioral biomarkers (CapsNets) trigger undetectable cybernetic mutation for deniable phantom encryption under real-time coercion stress.

By unifying these fronts of material safeguarding and cybernetic processing, the device consecrates itself as the bulwark and immutable frontier of the tangible event horizon in the unwavering defense of the future of personal sovereignty.

Scientific References

  1. NIST SP 800-208. Recommendation for Stateful Hash-Based Signature Schemes (XMSS/LMS). National Institute of Standards and Technology.
  2. Roel Maes (2013). Physically Unclonable Functions: Constructions, Properties and Applications. Springer.
  3. Kocabaş, O., et al. “A Review of Side-Channel Attacks on Cryptographic Hardware.” IEEE Transactions on Information Forensics and Security.
  4. TMR & Rad-Hard Architecture: Estudos em redundância modular tripla e FRAM para ambientes LEO/Aeroespacial.
  5. Deniable Encryption & Behavioral Biometrics: Literaturas de heurísticas comportamentais em Edge AI contra coerção (Rubber-hose cryptanalysis).
  6. Study on Shielding Effectiveness of Arc Thermal Metal Spraying Against EMP. Materials 10(10), 2017. MDPI.
  7. Electromagnetic Shielding Performance of Carbon Black Mixed Concrete with Zn-Al Metal Thermal Spray Coating. PMC, 2020.
  8. Radiation Effects in Tungsten and Tungsten-Copper Alloys. PMC, 2024.
  9. Laser Powder Bed Fusion of Copper-Tungsten Composites. mediaTUM, TU Munich.
  10. PreSCAN: Comprehensive Review of Pre-Silicon Physical SCA Assessment. MDPI.
  11. A Comprehensive Survey on Non-Invasive Passive Side-Channel Analysis. PMC, 2022.
  12. A Survey on Acoustic Side-Channel Attacks: An AI Perspective. MDPI.
  13. Thermal Side-Channel Threats in Densely Integrated Microarchitectures. PMC, 2024.
  14. Can't Touch This: Inertial HSMs Thwart Advanced Physical Attacks. ResearchGate, 2021.
  15. Proof-of-PUF Enabled Blockchain: Concurrent Data and Device Security. PMC, 2020.
  16. In-Depth Review and Comparative Analysis of DRAM-Based PUFs. ResearchGate, 2024.
  17. Understanding SRAM PUF: The Secure Silicon Fingerprint. Synopsys.
  18. Building Secure SRAM PUF Key Generators on Resource Constrained Devices. arXiv, 2019.
  19. NIST SP 800-208 (Draft). Recommendation for Stateful Hash-Based Signature Schemes.
  20. A Configurable Hardware Implementation of XMSS. Cryptology ePrint Archive, 2021.
  21. Hash-based Signatures: State and Backup Management. IETF Draft.
  22. Improved Biometric Stress Monitoring Using HRV and CapsNet. PMC, 2024.
  23. Cyber Coercion Detection Using LLM-Assisted Multimodal Biometric System. MDPI, 2025.
  24. Stress Detection for Keystroke Dynamics. Carnegie Mellon University.
  25. Optimizing Mental Stress Detection via HRV Feature Selection. MDPI Sensors, 2025.
  26. Coercion-Resistant CP-ABE for IoT Security. PMC, 2025.
  27. Deniable-Encryption Protocols Based on Commutative Ciphers. Quasigroups and Related Systems 25(1).
  28. SkyForge Core: TMR Computing Architecture for Small Satellites. Taylor University.
  29. Experimental Study on SEU Mitigation in SRAM FPGA for LHC Phase-2. IIHE.
  30. Reliability Analysis of TMR System Under Step-Partially Accelerated Life Tests Using Lomax Distribution. PMC, 2023.
  31. A Rad Hard ASIC Design Approach: TMR. ASIC North.
  32. SRAM FPGA Reliability Analysis for Harsh Radiation Environments. Pitt Space.
  33. Designing a Rad-Hard CubeSat Onboard Computer. Military Embedded Systems.
  34. Aging-Induced Long-Term Data Remanence in SRAM Cells. Auburn University.
  35. System-Level Mitigation of SEFIs in Data Handling Architectures for Small Satellites. DigitalCommons@USU.

Interested in digital sovereignty and cryptographic hardware?

Ulisses Flores offers consulting in digital privacy, hardware wallet architectures, Ring Signatures, and the implementation of sovereignty protocols for companies and blockchain projects. Get in touch.

Speak with Ulisses Flores →

Questions about Projeto PSI and Hardware Wallet