Section 08

Security Model

Cryptographic primitives, attack surfaces, and validator behaviour

8.1Quantum-Resistant Cryptography From Genesis

Pim Protocol deploys the full set of NIST-standardised post-quantum cryptographic algorithms from the very first block — nine years ahead of NIST's 2035 migration deadline [26]. No legacy algorithm vulnerable to quantum attack (RSA, ECDSA, or the secp256k1 curve used by Bitcoin and Ethereum) appears anywhere in the protocol. This matters because of a specific attack pattern called "harvest now, decrypt later": an adversary captures encrypted network traffic today and simply stores it until a sufficiently powerful quantum computer becomes available to break it. A protocol that waits until closer to the 2035 deadline to migrate leaves years of historical transaction data retroactively exposed; this protocol does not.

StandardAlgorithmProtocol Use
ML-KEMCRYSTALS-KyberPeer-to-peer key exchange, privacy-mode address derivation [15]
ML-DSA (Level 3)CRYSTALS-Dilithium3Primary signing for all ledger objects, energy proofs, and monetary-policy event commitments; also used for hardware-derived keys on edge devices [16]
SLH-DSASPHINCS+Backup signing, long-lived keys, the unspendable burn address [17]
HQCHamming Quasi-CyclicBackup key-exchange mechanism, providing a structurally different security assumption in case ML-KEM is ever compromised [31]

The primary signing algorithm, ML-DSA at security Level 3, produces a 0.1-millisecond signature on every hardware tier from a $3 microcontroller to a GPU server — identical performance regardless of execution mode, since both Lite Mode and Full Mode implement the same signing logic against the Shared Host API described in Section 5.3.3. The protocol's unspendable burn address — the destination for currency permanently removed from circulation — is secured by a hash-based signature scheme with no private key in existence at all, which is a stronger guarantee than the usual practice of using an address whose private key is simply discarded.

8.2Threat Model

The protocol's security analysis treats the following as the primary adversary classes worth defending against, distinguishing protocol guarantees from underlying assumptions.

ThreatAssumption / Guarantee
Quantum adversary with cryptographically relevant hardwareGuarantee: all signing and key exchange uses NIST post-quantum standards from genesis
51% consensus attackAssumption: an adversary cannot simultaneously compromise a majority of validators across all five hardware tiers, software modes, and geographic distributions
Sybil attack (fake node identities)Guarantee: registration requires sequential, non-parallelisable computation plus hardware attestation plus staked capital
Monetary policy manipulation via signal spoofingGuarantee: persistence gating requires any manipulation to be sustained for 24–36 hours across independent sampling windows, raising the cost with duration
Virtual machine execution divergenceGuarantee: determinism is enforced at the Shared Host API boundary, not within each execution backend
Physical theft or cloning of edge hardwareAssumption: the physically unclonable function response cannot be extracted or simulated without destroying the device
Privacy-mode deanonymisationGuarantee: reputation-gated mixing pool and gossip-stem participation; quantum-resistant stealth addresses

8.3Sybil Resistance

Registering a new node on the network requires completing a verifiable delay function — a computation that is, by design, inherently sequential and cannot be sped up by throwing more parallel hardware at it [30]. Combined with hardware attestation (a TPM where available, hardware-fingerprint attestation for edge devices) and a requirement to stake PYM capital, this means a Sybil attack — flooding the network with fake node identities — requires sustained commitment of both physical hardware and locked capital, not just cheap computation.

8.4Validator Behaviour and Slashing

Staked PYM backing a validator's participation can be partially slashed for dishonest behaviour, including submitting an implausible energy attestation — one exceeding the maximum plausible throughput for that device's publicly registered hardware class. As described in Section 7.6, slashed capital is never destroyed; it is routed to the Stability Reserve, converting enforcement into a pro-stability funding mechanism rather than a purely punitive one. A node's standing also factors into a continuously updated reputation score, which gates participation in privacy-mode mixing and gossip-stem routing — meaning a node that has behaved dishonestly is automatically excluded from sensitive coordination roles, without requiring a manual intervention.

8.5Monetary Policy Manipulation Resistance

The persistence-gating mechanisms described in Section 7 — the 36-hour requirement before a calibration threshold crossing is honoured, and the two-cycle requirement before a circuit-breaker state transition fires — jointly defend against an adversary attempting to manufacture a brief, artificial spike in any single input signal to trigger a favourable policy response. A plausible attack vector here is a large, short-lived deposit into a trading pool intended to distort the liquidity signal described in Section 7.1; because that signal is computed as a 48-block trimmed average rather than an instantaneous reading, a single-block deposit-and-withdraw round trip contributes negligibly to it. Combined with the persistence gates, any sustained manipulation attempt must be maintained across multiple independent sampling windows, at a capital cost that compounds with how long the manipulation needs to be sustained — rather than remaining a cheap, one-shot attack.

8.6Virtual Machine and Network-Level Security

The lightweight execution mode's smaller attack surface — no garbage collection, no dynamic memory allocation in its hot execution paths, fully deterministic bytecode — reduces the exploit surface available on constrained devices compared to a full just-in-time-compiled runtime. Privacy-mode contracts are further sandboxed, with no ability to access memory outside of explicit, audited host-function calls. At the network layer, gossip-stem routing and mixing-pool participation are both filtered by the same reputation scoring described above, and malicious mixing-pool claims trigger the same slashing process as other dishonest behaviour.

8.7Failure Scenarios and Designed Responses

ScenarioDesigned Response
Sudden, sharp QOL price deviationComposite Stress Index rises; if sustained for two cycles, the system transitions toward Tightening or Transition, slowing or halting issuance
Network-wide energy-reporting compliance drops sharplyRecovery to Stable from any elevated state is blocked until compliance returns to at least 85%, since the underlying energy signal is considered unreliable below that threshold
Coordinated attempt to inflate the liquidity signalTrimmed-average computation plus multi-cycle persistence gating make a sustained attack costly and slow rather than instantaneous
A single hardware tier is broadly compromisedConsensus weight and monetary calibration both depend on distributed participation across all five tiers; compromising one tier alone is insufficient for a 51% attack
Multiple stability mechanisms trigger simultaneouslyA hard cap limits mechanism activations per hour, and the circuit breaker's transition throttle limits state changes to two per 24-hour window, preventing compounding overreactions
Pim Protocol

Pim·Protocol

Technical & Strategic Whitepaper · Pim Global Limited

RC No: 8807790 · Port Harcourt, Rivers State, Nigeria

Alexander Pym Atà Allison, B.Ed · apallison@pimprotocol.org