White Paper — PALLAS Quantum Security Key

Document Notice: This white paper is provided for informational purposes only and is subject to change without notice. Pilon Laboratories Inc. reserves the right to modify, update, correct, or amend any content herein — including technical specifications, architecture, features, timelines, and claims — at its sole discretion and without prior notice. This document does not constitute a binding commitment, warranty, or guarantee of any kind. For the most current version, visit pilonlaboratories.com.

Abstract

PALLAS is a hardware security key developed by Pilon Laboratories Inc. that provides post-quantum authentication, biometric identity binding, and encrypted mass storage in a single USB-C form factor. Unlike existing hardware keys that rely on classical elliptic-curve cryptography vulnerable to Shor's algorithm, PALLAS implements CRYSTALS-Dilithium5 (NIST FIPS 204, Level 5) as its primary signature algorithm, combined with on-device true quantum random number generation (QRNG) and biometric liveness detection to ensure that no quantum or classical adversary can forge, replay, or extract credentials.

PALLAS is available in Standard and Pay configurations across eight models. Pro models feature an IP67-rated sealed enclosure rated for water submersion to one metre for thirty minutes, suitable for demanding field, industrial, and outdoor environments. PALLAS Pay models add optional NFC contactless payment capability (ISO/IEC 14443-A/B), hardware-disabled whenever biometric authentication is not actively satisfied — enabling tap-to-pay at any Visa or Mastercard terminal with the same quantum-secure, privacy-preserving architecture that governs all other PALLAS functions.

This document describes the hardware architecture, cryptographic protocols, key lifecycle, threat model, and FIDO2/WebAuthn compliance posture of PALLAS Rev 1.0.

Patent Status: The design, system architecture, and cryptographic protocols described in this document are the subject of a patent application filed by Pilon Laboratories Inc. All rights reserved. This white paper is published for informational and investor purposes only.

1 · The Quantum Threat

Shor's algorithm, running on a sufficiently large fault-tolerant quantum computer, can factor RSA moduli and solve the discrete logarithm problems underlying ECDSA and Ed25519 in polynomial time. Current estimates from NIST and CISA project that a cryptographically relevant quantum computer (CRQC) capable of breaking 2048-bit RSA may be available within 10–15 years. Nation-state adversaries are already collecting encrypted traffic today for decryption once a CRQC becomes available — a strategy known as harvest now, decrypt later.

Every existing hardware security key — including YubiKey 5, Google Titan, and Apple's Secure Enclave — relies on ECDSA P-256 or Ed25519 for FIDO2 assertions. These algorithms provide zero resistance to quantum adversaries. PALLAS was designed from the ground up to replace these algorithms with NIST-standardized post-quantum alternatives before the threat materializes.

Harvest Now, Decrypt Later: Authentication tokens signed with ECDSA today can be collected and later forged once quantum computing matures. Post-quantum migration cannot wait until quantum computers exist.

2 · Hardware Architecture

PALLAS integrates four security-critical hardware components on a single PCB, each communicating over independent SPI buses managed by the main MCU. No sensitive data crosses component boundaries in plaintext.

┌────────────────────────────────────────────────────┐ │ HOST (Windows / macOS / Linux) │ └─────────────────────┬──────────────────────────────┘ │ USB-C HID (FIDO CTAPHID) ┌─────────────────────▼──────────────────────────────┐ │ NXP LPC55S69 (Cortex-M33 + TrustZone) │ │ Main MCU · 150 MHz · HASHCRYPT · PUF · IAP Flash │ └────┬──────────────┬──────────────┬─────────────────┘ │ SPI2 │ SPI0 │ SPI1 ┌────▼────┐ ┌────▼────┐ ┌────▼──────────────────┐ │ SLE97 │ │IDQ6MC1 │ │ Synaptics FS7600 │ │Secure │ │ QRNG │ │ Biometric Sensor │ │Element │ │(Quantum)│ │ Liveness Detection │ └─────────┘ └─────────┘ └───────────────────────┘ Keys & sigs True Entropy Identity binding

2.1 Main MCU — NXP LPC55S69

The NXP LPC55S69 is an Arm Cortex-M33 microcontroller with hardware TrustZone isolation, a Physical Unclonable Function (PUF) for device-unique key derivation, and an on-chip HASHCRYPT accelerator supporting SHA-2, SHA-3, and AES. The MCU runs the FIDO2/CTAP2 protocol stack, manages USB HID enumeration, and coordinates all inter-component communication. The PUF generates a factory-derived device secret that seeds SE mutual authentication without ever being stored in flash.

2.2 Secure Element (SE) — SLE97

The SLE97 is a Common Criteria EAL 6+ certified secure element. All private key operations — generation, derivation, signing, and destruction — occur exclusively inside the SE. Private key material never crosses the SPI bus. The SE communicates via APDU frames over SPI; the main MCU acts as an APDU terminal and never has access to key material in RAM or flash.

PALLAS uses a two-phase mutual authentication protocol between the MCU and SE using HMAC-SHA3-256 and the PUF-derived factory key. Session keys are established fresh on every power cycle. After each signing operation, the derived key is cryptographically destroyed within the SE and destruction is verified by the MCU — if the verification fails, the device halts immediately.

2.3 Quantum Random Number Generator — IDQ6MC1

The ID Quantique IDQ6MC1 is a hardware quantum random number generator based on photon detection. It produces true random numbers sourced from quantum vacuum fluctuations — intrinsically unpredictable by any classical or quantum adversary. Every credential derivation operation seeds its IKM with 32 bytes of fresh QRNG entropy, ensuring that even an adversary who knows all other derivation inputs cannot reproduce the private key.

QRNG vs PRNG — True Quantum Randomness vs Pseudo Randomness — PALLAS Architecture

2.4 Biometric Sensor — Synaptics FS7600

The Synaptics FS7600 capacitive fingerprint sensor incorporates on-sensor liveness detection that distinguishes live tissue from spoofed prints, photographs, or gelatin replicas. Biometric templates are stored in encrypted flash and are never transmitted off-device. Every FIDO2 assertion and vault access requires a live fingerprint match; there is no PIN fallback that bypasses biometric verification.

3 · Cryptographic Stack

3.1 CRYSTALS-Dilithium (NIST FIPS 204)

CRYSTALS-Dilithium is a lattice-based digital signature scheme standardized by NIST in FIPS 204, now formally known as ML-DSA (Module-Lattice Digital Signature Algorithm). Its security rests on the hardness of the Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS) problems, both believed to be intractable for quantum computers. PALLAS targets Dilithium5 (NIST Level 5) for production — the highest security level available, equivalent to breaking AES-256. Hardware supports this with no modification; it is a firmware parameter selection.

Parameter	Dilithium3 (considered)	Dilithium5 (selected — production)
Security Level	NIST Level 3 — equiv. AES-192	NIST Level 5 — equiv. AES-256 ✓
Public Key Size	1,952 bytes	2,592 bytes
Signature Size	3,293 bytes	4,595 bytes
Private Key Size	4,000 bytes	4,864 bytes (SE RAM only)
Key Generation	Inside SLE97 — QRNG-seeded IKM
COSE Algorithm ID	-6 (draft IANA PQC assignment)

Why Level 5? NIST Level 3 is currently considered secure. However, as lattice cryptanalysis research matures, conservative engineering practice suggests targeting the highest available security level when hardware permits at negligible cost. PALLAS hardware handles Dilithium5 without modification. Production firmware will use Dilithium5.

3.2 Key Lifecycle — Derive-Then-Destroy

PALLAS uses an ephemeral derivation model: no private key is ever written to non-volatile storage. Keys exist only in SE RAM for the duration of a single signing operation, then are cryptographically destroyed and verified gone. FIDO2 compatibility requires that the same keypair can be reproduced for a given credential — PALLAS achieves this by storing the 32-byte QRNG entropy from registration (AES-256-GCM encrypted) alongside the credential, allowing identical IKM reconstruction at authentication time.

At credential registration (MakeCredential):

QRNG generates 32 bytes of true quantum entropy (fresh, one-time)
MCU assembles IKM: master_seed_id ‖ platform_id ‖ account_index ‖ QRNG(32B) ‖ biometric_hash
SE derives a Dilithium5 keypair in SE RAM — public key returned, private key never leaves SE
Public key is sent to the relying party (website) and registered
The 32-byte QRNG value is stored encrypted in the credential record in flash
Private key is destroyed in SE RAM; destruction is verified by MCU

At authentication (GetAssertion):

Credential record is retrieved; stored QRNG bytes are decrypted from flash
MCU reconstructs the identical IKM using the same inputs
SE re-derives the identical keypair — producing the same public key the website registered
SE signs the authentication challenge; signature is returned to host
Private key is destroyed and verified gone — key exists in SE RAM for milliseconds only

This design ensures FIDO2 interoperability (reproducible public key) while maintaining the post-quantum security guarantee: the private key never persists anywhere, and the QRNG component makes each credential's keypair unique to that specific registration event on that specific device.

The master seed is provisioned once at factory initialization, stored exclusively in SE non-volatile memory, and is never accessible to the MCU or any external interface. All credential QRNG values stored in flash are encrypted with AES-256-GCM and cannot be accessed without a live biometric match.

3.3 Vault Encryption — AES-256-GCM

The encrypted storage vault uses AES-256-GCM, with encryption and decryption performed entirely inside the SLE97. The vault key is derived from the master seed via HKDF-SHA3-512 with a vault-specific info string and loaded into SE RAM slot 0x11 for the duration of the vault session. A vault session requires a live biometric match before the key is loaded; the key is destroyed from SE RAM when the vault is locked.

Each stored item is encrypted with a unique 96-bit random IV generated by the QRNG. The GCM authentication tag provides ciphertext integrity — any tampering with flash contents is detected before decryption is attempted.

4 · FIDO2 / WebAuthn Compliance

PALLAS implements the FIDO2 Client-to-Authenticator Protocol 2 (CTAP2) over USB HID using the FIDO Alliance CTAPHID transport layer. The device enumerates as a standard HID device (VID: 0x1209, PID: 0x5353) and requires no drivers on any supported operating system.

Feature	Status
authenticatorMakeCredential	Supported
authenticatorGetAssertion	Supported
authenticatorGetInfo	Supported — versions FIDO_2_0, FIDO_2_1
authenticatorReset	Supported — requires live biometric
Resident Keys (discoverable credentials)	Supported — up to 64 credentials
User Verification (biometric)	Supported — liveness required
User Presence	Supported
clientPin	Not supported — biometric replaces PIN
pqc extension	Supported — Dilithium5 COSE key
hmac-secret extension	Supported
Transport	USB HID (CTAPHID)
Max message size	2,048 bytes CBOR payload

PALLAS advertises the pqc extension in its authenticatorGetInfo response. Relying parties that support COSE algorithm -6 (Dilithium5) will receive a post-quantum public key in the attestation. Relying parties that do not yet support PQC will receive a standard FIDO2 registration flow and can upgrade when their backend is ready.

Digital Identity

Your identity lives in hardware — quantum-signed, biometric-bound, and impossible to forge or transfer.

5 · Threat Model

The table below compares known real-world attack vectors against current market hardware security devices with PALLAS's specific mitigations. Each row identifies how existing products are compromised and why PALLAS is immune.

Threat	How Current Devices Are Compromised	Attack Vector	PALLAS Immunity
Quantum computer attack on credentials	Virtually all hardware wallets (Ledger, Trezor, Coldcard) and FIDO2 security keys (YubiKey, Google Titan) sign with ECDSA secp256k1 or P-256. A fault-tolerant quantum computer using Shor's algorithm can break ECDSA in hours — every stored credential, wallet private key, and signed session becomes recoverable.	Shor's algorithm applied to ECDSA or Ed25519 elliptic curve discrete logarithm	CRYSTALS-Dilithium5 (ML-DSA, NIST FIPS 204, Level 5) — based on the Module Learning With Errors (MLWE) lattice problem. No known quantum algorithm provides meaningful speedup against MLWE at Level 5 parameters.
Harvest now, decrypt later	Nation-state actors and well-funded adversaries are recording encrypted traffic and signed blockchain transactions today, intending to break them once quantum hardware matures. Any ECDSA signature recorded now is a future liability — the signing key can be recovered from two signatures sharing a nonce, or directly via Shor's algorithm.	Passive interception of signed assertions; deferred quantum decryption	32 bytes of certified QRNG entropy seed each keypair. No two keypairs share any entropy. Past signatures cannot be replayed or used to recover future keys — each signing event is cryptographically independent.
Private key extraction via host	Many software wallets and early hardware wallets expose key material to the host CPU at some point. Malware can intercept USB HID frames, inject rogue firmware updates via a compromised host, or exploit firmware parsing bugs to trigger key leakage. Ledger's 2020 data breach and multiple Trezor PIN extraction exploits demonstrate that host-adjacent keys are high-value targets.	Malware on host OS; USB frame interception; malicious update injection	All key operations (generation, signing, destruction) execute exclusively inside the SLE97 Secure Element. The MCU issues APDU commands over SPI — private key material never appears on the SPI bus, in MCU RAM, or in flash. A fully compromised host gains nothing.
Biometric spoof	Consumer fingerprint sensors — including those on smartphones and budget security keys — use optical or basic capacitive imaging. High-resolution gelatin casts, printed fingerprints, and silicone spoofs defeat them routinely. Academic research (Checkpoint 2019, CCC 2022) has demonstrated sub-$10 spoof materials bypassing mass-market sensors at high success rates.	Gelatin cast, silicone mold, or high-resolution printed fingerprint presented to sensor	Synaptics FS7600 uses multi-spectrum sub-dermal capacitive imaging with hardware liveness detection. It measures sub-surface ridge patterns and verifies live tissue characteristics — gelatin, silicone, and photo spoofs are rejected at the sensor hardware layer before any software evaluation.
Lost or stolen device	Hardware wallets typically protect access with 4–8 digit PIN codes stored on the device. Researchers at Kraken Security Labs (2020) demonstrated PIN extraction from a Trezor One via voltage glitching in under 15 minutes. Devices without SE-enforced lockouts are vulnerable to offline brute-force if flash is extracted.	Physical possession; brute-force PIN/biometric; NAND flash extraction	Biometric authentication is enforced by the SLE97 SE at the hardware level. The SE enforces a progressive lockout that cannot be bypassed by the MCU. A successful flash dump yields only AES-256-GCM ciphertext — the decryption keys never leave the SE.
Firmware tampering / supply chain attack	Several hardware wallet supply chain attacks have been documented — devices shipped with pre-loaded malicious firmware that exfiltrates seed phrases on first use. Devices without cryptographic firmware signing cannot verify authenticity of an update. The 2018 "Blockchain Bandit" campaign exploited predictable private key generation in firmware, not hardware.	Malicious firmware pre-loaded in supply chain; unsigned OTA update injection	All firmware images are signed with Dilithium5. The LPC55S69 secure boot ROM verifies the Dilithium5 signature before executing any new firmware — an invalid signature halts the device permanently and the previous firmware is not restored, preventing rollback attacks.
Physical flash dump via JTAG	JTAG debug interfaces left enabled on production hardware are a known extraction vector. Kraken Security Labs (2020) used JTAG access to extract a Trezor One seed phrase. Many embedded devices ship with JTAG fuse bits unset due to manufacturing oversight or deliberate debugging convenience.	JTAG probe attached to debug header; direct flash read via SWD/JTAG	The LPC55S69's JTAG/SWD interface is permanently fused off during factory provisioning — this is a one-way hardware operation and cannot be reversed. All NAND flash content is AES-256-GCM ciphertext. A successful physical dump yields no recoverable plaintext.
Key persistence after signing	Software wallets keep private keys in RAM or on disk between sessions. Hardware wallets without verified key destruction may retain key material in SE cache across power cycles. Fault injection attacks (voltage/clock glitching) can force re-execution of signing operations, potentially exposing cached keys.	Cold-boot RAM attack; fault injection forcing SE re-execution; power cycle key persistence	The MCU issues a cryptographic destruction command to the SE immediately after each signing operation. The MCU then challenges the SE to prove the key is gone via a verification protocol — if the key remains accessible, the device halts permanently. No cached keys survive a power cycle.
Man-in-the-middle on USB	USB HID relay attacks forward CTAPHID frames through a compromised intermediary device. Early FIDO U2F implementations (pre-WebAuthn) lacked cryptographic origin binding — a relay could forward an authentication request to a legitimate key and return the assertion to a phishing site. Several U2F bypass proofs-of-concept were demonstrated at DEF CON 2019.	USB HID relay; CTAPHID frame forwarding to legitimate authenticator	PALLAS implements CTAP 2.1 with full CTAPHID channel ID binding and cryptographic origin verification. Every assertion is signed over the relying party origin hash — a relay attack yields an assertion cryptographically bound to the attacker's origin, which the legitimate server will reject.

6 · Full Specifications

Component	Specification
Main Processor	NXP LPC55S69 · Arm Cortex-M33 · 150 MHz · TrustZone
Secure Element	Infineon SLE97 · CC EAL 6+
Quantum RNG	ID Quantique IDQ6MC1 · True QRNG
Biometric Sensor	Synaptics FS7600 · Capacitive · Hardware liveness
Storage	NAND Flash · 128GB / 256GB / 512GB / 1TB (model dependent)
Primary Signature Alg.	CRYSTALS-Dilithium5 (ML-DSA) · NIST FIPS 204 · NIST Level 5
Key Encapsulation (planned)	CRYSTALS-Kyber (ML-KEM) · NIST FIPS 203 · device-to-device
Symmetric Encryption	AES-256-GCM (inside SLE97)
Hash Functions	SHA3-256, SHA3-512 (HASHCRYPT hardware)
Key Derivation	HKDF-SHA3-512 (RFC 5869)
Authentication Protocol	FIDO2 / CTAP2 / WebAuthn
USB Interface	USB 2.0 Full-Speed HID · USB-C connector
NFC	ISO/IEC 14443-A/B · ISO/IEC 18092 · PALLAS Pay model only
Driver Requirement	None (Windows 10+, macOS 12+, Linux 5.4+)
Enclosure	Aluminium (standard) · IP67 anodized aluminium (Pro)
Operating Temp.	−20°C to +70°C
Waterproofing	IP67 — 1 m submersion, 30 minutes (Pro model)
LED Status	RGB LED · CTAP status / biometric feedback / error codes
Max Stored Credentials	64 resident FIDO2 credentials
Blockchain Mode	One-time ephemeral Dilithium5 keys · QRNG entropy · never stored
Firmware Updates	Signed via Dilithium5 · USB DFU · Lifetime free

6.1 · Product Variants — Standard vs. PALLAS Pay

PALLAS is offered across eight models in two hardware variants — Standard and Pay. All cryptographic capabilities, biometric liveness detection, QRNG, secure element, and vault functions are identical across all models. The only hardware difference between variants is the presence of an NFC module in the Pay models. NFC is available from the 512GB tier upward; the 128GB and 256GB Standard models are NFC-free by design, targeting enterprise and government buyers where policy or preference requires zero wireless attack surface.

Model	Variant	Storage	NFC	IP67	Price (CAD)
PALLAS 128GB	Standard	128GB	✗	✗	$224.99
PALLAS 256GB	Standard	256GB	✗	✗	$274.99
PALLAS 512GB	Standard	512GB	✗	✗	$324.99
PALLAS 512GB Pay	Pay	512GB	✓	✗	$329.99
PALLAS 1TB	Standard	1TB	✗	✗	$374.99
PALLAS 1TB Pay	Pay	1TB	✓	✗	$404.99
PALLAS 1TB Pro	Standard · Flagship	1TB	✗	✓	$424.99
PALLAS 1TB Pro Pay	Pay · Flagship	1TB	✓	✓	$454.99

Feature	PALLAS Standard	PALLAS Pay
Post-quantum signing (CRYSTALS-Dilithium5)	✓	✓
On-device QRNG	✓	✓
Biometric liveness detection	✓	✓
Encrypted vault	✓	✓
FIDO2 / WebAuthn	✓	✓
XInfinitum hardware wallet	✓	✓
NFC tap payments (ISO 14443)	✗	✓
Card storage in vault (Apple Pay / Google Pay)	✗	✓
XInfinitum Card NFC integration	✗	✓
Recommended for	Enterprise, government, security-first users	Everyday carry, consumer, full wallet replacement

The Standard variant is the recommended choice for government procurement, enterprise IT, and security professionals operating in environments where NFC transmission may be prohibited by policy or presents an unacceptable additional attack surface. The absence of an NFC module provides a hardware-level guarantee — not a software toggle — that no contactless transmission is possible.

6.2 · NFC Payment Architecture — PALLAS Pay

The PALLAS Pay variant includes an NFC module conforming to ISO/IEC 14443-A/B and ISO/IEC 18092, enabling contactless payment at any NFC-enabled terminal worldwide. The PALLAS companion app allows users to load credit cards, debit cards, and their XInfinitum Card into the device's encrypted vault. All card credentials are stored as tokenized representations inside the SLE97 secure element — the raw card number never touches the host device or any external storage.

Payment is authorized exclusively by the biometric fingerprint sensor. The NFC module is hardware-disabled when the biometric gate is not actively satisfied — there is no passive tap, no background transmission, and no relay possible without a live, authenticated fingerprint present at the moment of transaction. This neutralizes the primary NFC relay attack vector that affects all standard contactless payment cards.

NFC Attack Vector	Standard Contactless Card	PALLAS Pay
Relay attack (silent proxying)	Vulnerable — no presence verification	Immune — NFC disabled without live biometric
Passive eavesdropping	Possible within ~30cm	Mitigated — tokenized credentials, no raw card data
Unauthorized scan	Possible if card in pocket	Immune — NFC inactive without biometric trigger
Card number theft	Possible via skimming	Immune — only tokenized form transmitted, never raw PAN

The PALLAS Pay variant makes the device a complete physical wallet replacement: a single USB-C form factor that serves as a post-quantum security key, hardware cryptocurrency wallet, encrypted identity vault, and biometric-triggered NFC payment terminal. Users who prefer zero NFC attack surface should select the Standard variant — both are available at launch.

6.3 · PALLAS Pay — Card Setup & Active Card Selection

Card management and NFC payment require a USB-C connection to the PALLAS companion app. There is no wireless provisioning pathway — card credentials are loaded exclusively via the physical USB-C interface, eliminating any over-the-air interception surface during setup.

The active card selection model is deliberately singular: one card is designated active at a time, written to the secure element. This is a security property, not a limitation — it prevents ambiguous charge routing and ensures the user makes a conscious, deliberate selection before any payment can occur. To switch the active card, the user reconnects via USB-C and selects a different card in the PALLAS app. The NFC module cannot fire for any card other than the currently designated active card.

Step	Action	Where It Happens
1 — Load cards	Connect via USB-C · Open PALLAS app · Add cards to encrypted vault	Cards tokenized inside SLE97 secure element. Raw PAN never stored in host memory.
2 — Select active card	Choose active card in app · Selection written to SE	Secure element holds active card token. Selection persists until changed.
3 — Pay	Tap device to NFC terminal · Present fingerprint	SE verifies liveness · NFC fires with tokenized credential · Key destroyed after transaction.
4 — Switch cards	Reconnect USB-C · Select different card in app	New active card written to SE. Previous selection overwritten.

6.4 · PALLAS Pay vs. Apple Pay / Google Pay — Security Comparison

Apple Pay and Google Pay are well-engineered payment systems that provide strong security for most consumers. PALLAS Pay is not positioned as a replacement for those systems — it is positioned as a higher-assurance alternative for users who require hardware-level guarantees rather than software-level ones, and for users who do not wish to link payment behaviour to a cloud account.

Property	Apple Pay / Google Pay	PALLAS Pay
Biometric layer	Software (Face ID / Touch ID on general-purpose OS)	Hardware liveness detection inside EAL6+ secure element — isolated from OS
Secure element rating	Apple Secure Enclave (~EAL4+, unpublished) / Google Titan M	Infineon SLE97 — published Common Criteria EAL6+
NFC when idle	Radio active when screen is on — passive scanning theoretically possible	NFC module hardware-disabled until biometric fires — no passive scan possible
Cloud account dependency	Cards tied to Apple ID / Google Account — account breach = card accessible remotely	No cloud account — no remote attack surface for credential access
Device type	General-purpose computer running third-party apps	Single-purpose hardware — no application layer can access card credentials
Transaction privacy	Transactions logged and linked to Apple / Google account	No account, no logging — transaction data stays between user, bank, and merchant
Crypto spending	Not supported natively	XInfinitum Card loads directly — spend XFIN anywhere Visa / Mastercard accepted
Card switching	Instant, in-app	Requires USB-C connection to change active card

6.5 · Battery & Power Architecture

The PALLAS Pay variant incorporates a sealed lithium polymer (LiPo) cell — approximately 40 mAh — housed within the aluminium enclosure. This cell powers the biometric sensor, microcontroller, and NFC gating logic independently of any host device. The NFC module itself harvests power from the terminal's RF field during a transaction; however, the biometric authentication processor and the SLE97 secure element gating logic require independent power to authorize the NFC window prior to terminal contact.

State	Current Draw	Duration
Deep standby — NFC disabled, no activity	5–15 μA	Continuous between uses
Biometric sensor wake + fingerprint capture	~20 mA	< 1 second burst
NFC transaction window	~50 mA	2–5 second burst
USB-C connected — management / charging	Powered by host	Battery charges passively

Usage Pattern	Estimated Battery Life
Light use — ≤2 taps/day	12–18 months
Moderate use — 5–10 taps/day	6–12 months
Heavy use — 20+ taps/day	3–6 months

The battery charges automatically and passively whenever the device is connected via USB-C for any purpose — FIDO2 authentication events, vault access, card loading, card switching, firmware updates, or simply plugging in at a desk. Users who connect the device periodically for any management task maintain a near-full charge without any dedicated charging behaviour. The USB-C port, already required for card management, serves as the sole charging interface — no additional cable, dock, or wireless pad is needed.

6.6 · Operational Modes — Plugged vs. Standalone

PALLAS Pay operates in one of two mutually exclusive modes determined by USB-C connection state. This physical mode separation is a deliberate security architecture decision — not a software toggle.

Mode	Trigger	Available Functions
Management & Authentication Mode	USB-C connected to host	FIDO2 / WebAuthn authentication events · Credential signing & verification · Encrypted vault read/write (AES-256-GCM) · Card loading & active card selection · Battery charging · Firmware updates (cryptographically signed) · Key generation & enrollment · Device configuration
Standalone Payment Mode	USB-C disconnected	Biometric fingerprint touch opens NFC payment window (30–60 sec). No other functions accessible without a host connection.

When unplugged, the firmware interprets a valid biometric touch as a payment intent — unambiguously. There is no host to communicate with and no vault to access, so the only meaningful action is a payment. This eliminates an entire class of accidental-trigger and social-engineering scenarios: an attacker who has the device while it is plugged in cannot trigger an NFC payment, and an attacker who has the device while unplugged cannot access the vault, load fraudulent card credentials, or push unauthorized firmware.

Mode separation on PALLAS Pay is enforced by connection state — not by software policy. No application, command, or firmware state can open an NFC payment window while the device is connected to a management host.

6.7 · NFC Biometric Gate — Hardware Security Guarantees

The NFC module is controlled by a hardware enable line driven directly by the SLE97 secure element. No software running on the host, MCU application layer, or any external process can assert this line without a valid hardware confirmation from the SE. There is no API, debug interface, or firmware command that bypasses this gate.

The gate sequence on each payment attempt is as follows:

Step	Component	Action
1	Biometric sensor (Synaptics FS7600)	Captures live fingerprint sample. Liveness detection active — rejects printed photographs, silicone molds, cadaver tissue, and replay attacks.
2	SLE97 Secure Element	Receives sample. Compares against enrolled template stored entirely within SE — template never exposed to MCU or host.
3	SLE97 — match confirmed	SE asserts NFC hardware enable line. NFC window opens (configurable 30–60 sec timeout).
4	NFC module	Tokenized payment credential presented to terminal via ISO/IEC 14443. Raw card data never transmitted.
5	SLE97	De-asserts NFC enable line on transaction completion or window timeout. Gate closes.

Scenario	Outcome
Registered owner — enrolled finger presented	NFC window opens — transaction authorized
Unregistered fingerprint presented	SE rejects match — NFC stays disabled
Spoofed fingerprint (photo, mold, replay)	Liveness detection rejects — NFC stays disabled
Device stolen — no fingerprint presented	SE never activates — NFC disabled indefinitely
Host software command to enable NFC	Not possible — no software API can assert SE hardware gate
MCU firmware vulnerability exploited	MCU application layer cannot assert SE gate line — hardware isolation holds

6.8 · Duress Fingerprint & Emergency SOS Protocol

PALLAS supports a duress fingerprint — a designated finger enrolled in the SLE97 with a DURESS flag, separate from the user's standard access fingers. This feature is designed for scenarios where a user is compelled under threat or coercion to authenticate with their device. To an observer the device behaves identically — no indicator reveals that a duress template exists or has been triggered.

Setup: During enrollment, the user may optionally designate one finger (e.g., right pinky) as the duress finger. The duress template is stored in the SE with a flag distinguishing it from access templates. Standard access fingers and the duress finger cannot be the same digit.

Trigger behavior — device must be plugged into the PALLAS companion app on a smartphone:

Step	Visible to Attacker	Happening in Background
1 — Duress finger scanned	Device appears to authenticate normally	SE flags DURESS state to PALLAS app over USB
2 — App receives DURESS flag	No visible change on screen	App captures phone GPS coordinates
3 — Emergency alert fires	No visible change on screen	Pre-composed SMS + GPS coordinates sent to up to 3 configured emergency contacts
4 — Device locks	Appears to complete authentication	Device enters 24-hour lockout — vault, NFC, and signing suspended. Recovery requires multi-factor re-enrollment.
5 — Optional Emergency SOS	No visible change	App silently triggers phone's native Emergency SOS function (iOS / Android) to contact local emergency services

Why USB-C connection is required for the full protocol: Alert transmission requires access to the phone's GPS, cellular data, and messaging stack — all available only when the PALLAS app has an active connection. The device-lock component of the duress protocol does function in standalone mode (fingerprint match against DURESS template → immediate lockout), but the silent alert and location transmission require the phone to be connected.

Optional decoy vault: Users may configure a secondary decoy vault, accessible only under the duress finger, containing limited or sanitized data. This provides the appearance of cooperation while the emergency alert transmits silently in the background.

The duress fingerprint is a standard security feature available on all PALLAS models — Standard and Pay. It is not limited to payment scenarios. Any situation requiring biometric authentication — vault access, FIDO2 login, or signing — can trigger the duress protocol if the designated finger is used.

7 · Standards & Compliance

NIST FIPS 204 — ML-DSA (CRYSTALS-Dilithium) — primary signature algorithm, Level 5 production target
NIST FIPS 203 — ML-KEM (CRYSTALS-Kyber) — planned for device-to-device key encapsulation and XInfinitum protocol node encryption
FIDO Alliance CTAP 2.1 — Client-to-Authenticator Protocol
W3C WebAuthn Level 3 — Web Authentication API
RFC 5869 — HKDF key derivation
FIDO HID Transport — CTAPHID v1.0
Common Criteria EAL 6+ — SLE97 Secure Element (Infineon)
ISO/IEC 7816 — Smart card APDU framing (SPI adaptation)
NIST SP 800-90B — Entropy assessment methodology (QRNG)
IP67 — Ingress protection (Pro model enclosure)

Full PQC Stack: PALLAS implements the complete NIST post-quantum cryptography suite. ML-DSA (Dilithium5) for digital signatures, ML-KEM (Kyber) for key encapsulation/exchange, AES-256-GCM for symmetric encryption, and SHA3-512 for hashing — all quantum-resistant primitives serving their respective cryptographic roles. SHA-3 and AES-256 are quantum-safe under Grover's algorithm analysis; they are not replaced by PQC but complemented by it.

PALLAS firmware is pending FIDO Alliance Certification testing. Pre-production units will be submitted to FIDO Alliance for Level 1 certification prior to commercial availability.

8 · XInfinitum — One-Time Key Blockchain Architecture

PALLAS supports a second operational mode beyond FIDO2: serving as the hardware signing terminal for the XInfinitum blockchain protocol. This mode exploits PALLAS's unique hardware capabilities to implement an architectural property no existing blockchain possesses — genuinely unique, quantum-seeded, hardware-destroyed private keys for every single transaction.

8.1 Why One-Time Keys?

Every major blockchain today — Bitcoin, Ethereum, Solana — assigns users one keypair. Every transaction is signed by the same private key. This creates several compounding risks:

Key reuse attacks: Multiple signatures from the same key allow statistical analysis. In classical cryptography this is mitigated; in lattice schemes, key reuse is explicitly discouraged.
Harvest-for-later: An adversary collecting signed transactions today can forge new transactions once quantum computing matures, if the keypair persists.
Single point of failure: Compromise of one keypair compromises the entire transaction history and future access.

8.2 The PALLAS One-Time Key Scheme

For each blockchain transaction, PALLAS executes the following protocol — no private key is ever the same twice:

QRNG generates 32 bytes of fresh quantum entropy — never stored, never reproducible
SE derives a Dilithium5 keypair: HKDF-SHA3-512(master_seed ‖ QRNG_32B) — entirely in SE RAM
SE signs the transaction payload; signature and one-time public key are returned
SE destroys the keypair in RAM; MCU verifies destruction
Transaction broadcast contains: {account_commitment, recipient, amount, nonce, one_time_pubkey, signature}

The account_commitment is a SHA3-256 hash of the master seed — a stable, public account identifier that cannot be reversed to reveal the seed. Validators confirm: (1) the signature is valid against the included one-time public key, and (2) the account commitment matches the signing device's registered identity. Balance is maintained by the network as a function of all valid transactions committed to that account hash.

8.3 Security Properties

Property	Conventional Blockchain	XInfinitum / PALLAS
Private key reuse	Every transaction	Never — unique per transaction
Key entropy source	Software PRNG or user seed phrase	IDQ hardware QRNG — quantum vacuum
Signature algorithm	ECDSA (quantum-vulnerable)	Dilithium5 (NIST Level 5)
Key storage	Wallet file, seed phrase, hot wallet	Never stored — derived and destroyed per transaction
Compromise blast radius	All past and future transactions	One transaction (already spent)
Hardware requirement	None (software-only)	PALLAS device with biometric presence
Perfect forward secrecy	No	Yes — by design

Patent Note: The combination of hardware QRNG entropy + Dilithium5 post-quantum signatures + biometric-gated one-time key derivation + hardware destruction verification for blockchain transaction signing represents a novel system that is the subject of ongoing patent activity by Pilon Laboratories Inc.

9 · Perfect Forward Secrecy

XInfinitum — Perfect Forward Secrecy — A Post-Quantum Secured Blockchain

What Is Perfect Forward Secrecy?

Perfect Forward Secrecy (PFS) is a guarantee about the past. It answers one of the most important questions in all of security: "If something is compromised in the future, can the damage reach backward through my history?"

In plain terms: imagine every door you have ever unlocked used the same key. If someone steals that key today, they can open every door you ever touched — going back years. This is how most digital security works, and it is a structural flaw that affects banks, messaging apps, hardware wallets, blockchains, and authentication systems worldwide.

Perfect Forward Secrecy removes this flaw entirely. Instead of one persistent key protecting everything, the system generates a different, unique, temporary key for every single interaction. Each key is used once, then permanently destroyed. If an adversary compromises something today, all they touch is today. Every prior session is forever locked behind keys that no longer exist — not hidden, not encrypted, but physically, mathematically gone from the universe.

Formal Definition: A cryptographic protocol provides Perfect Forward Secrecy when the compromise of long-term key material yields zero information about previously established session or transaction keys. Even with unlimited computation, past sessions cannot be decrypted because the keys that protected them are irreversibly destroyed — not hard to find, but genuinely nonexistent.

Why PFS Is Rare — And Why It Matters Now

Most systems do not implement PFS because it requires generating, using, and destroying a fresh cryptographic key for every operation. This demands significant engineering discipline and hardware investment. Traditional systems take the shortcut of reusing long-lived keys, accepting the assumption that those keys will never be compromised. That assumption is increasingly dangerous.

Nation-state intelligence agencies are already conducting harvest now, decrypt later attacks — recording encrypted data today, archiving it, and waiting until quantum computers become powerful enough to break the classical cryptography (ECDSA, RSA, elliptic curve) that protects it. Every message, transaction, and authentication token protected by classical cryptography is potentially sitting in an adversary's archive right now. When a sufficiently powerful quantum computer arrives, that archive becomes fully readable retroactively.

For blockchains, this means every transaction ever signed on Bitcoin or Ethereum could be exposed — wallet balances revealed, pseudonymous identities linked, entire financial histories deanonymized. For authentication systems, it means credentials signed today could be forged later. The threat is not theoretical; the data collection is already happening.

Harvest Now, Decrypt Later: Adversaries are collecting today's signed and encrypted data at scale. Classical cryptography cannot protect it once a quantum computer exists. PFS removes the attack surface entirely — there is nothing to harvest if the keys used to sign it are already gone.

Three Requirements for True Perfect Forward Secrecy

PFS requires all three of the following properties to hold simultaneously. Any single missing element breaks the guarantee:

Ephemeral key generation: A fresh, unique cryptographic key pair must be generated for every session or transaction. Keys derived from the same source, or reused in any form, allow sessions to be linked and potentially compromised together.
Verified hardware destruction: The ephemeral private key must be permanently and verifiably destroyed immediately after use. Software deletion is insufficient — operating systems can page keys to disk, memory dumps can capture them, and compromised runtimes can log them before deletion. Hardware-level zeroization confirmed by an independent processor is required.
No derivability from persistent state: The session key must not be reconstructable from any data that persists after the session ends. If any stored value could allow an adversary to recompute the key, PFS is broken regardless of whether the key itself was deleted.

How PALLAS Achieves Perfect Forward Secrecy

PALLAS is designed from genesis to satisfy all three requirements simultaneously — and to do so at a higher assurance level than any software-only implementation can claim.

Requirement	PALLAS Implementation	Why It Holds
Ephemeral key generation	For every signing operation, the ID Quantique IDQ6MC1 hardware QRNG generates 32 bytes of true quantum random entropy from photon vacuum fluctuations. This entropy seeds a unique Dilithium5 keypair derived entirely inside the SLE97 Secure Element. No two keys share any derivation entropy — uniqueness is guaranteed by quantum physics, not algorithmic unpredictability.	QRNG output is information-theoretically random. Even complete knowledge of all prior keys provides zero information about future or past keys. An adversary cannot predict or enumerate the entropy space — it has no structure to exploit.
Hardware-verified destruction	After each signing operation, the SLE97 cryptographically zeroizes the ephemeral key from its volatile RAM. The NXP LPC55S69 MCU immediately issues a destruction verification challenge to the SE. If the SE cannot confirm the key is gone, the device halts permanently. Destruction is a hardware operation confirmed by an independent processor — it cannot be bypassed by any software layer, host OS, or firmware state.	Infineon SLE97 is certified to Common Criteria EAL6+ — independently evaluated against hostile physical attack models by accredited evaluation laboratories. The destruction guarantee has been adversarially tested, not merely claimed.
No derivability from persistent state	The QRNG entropy used to seed each keypair is consumed during key generation and is never stored anywhere in any form. The session key cannot be reconstructed from any persistent data after the signing event, because the entropy component of its derivation was genuinely one-time and is now overwritten and gone.	Reconstruction from any retained data is impossible — not computationally hard, but genuinely absent from the system, because the entropy that seeded the key no longer exists anywhere. For the on-chain public key, CRYSTALS-Dilithium5 provides a post-quantum computational barrier: no known classical or quantum algorithm provides meaningful attack against the module lattice problem. "Hard to compute from the public key" and "nothing to compute from in the stored data" are layered guarantees; PALLAS provides both.

What This Means for You — In Plain Language

Every time you use PALLAS — to log in to a website, authorize a transaction, access your vault, or pay at an NFC terminal — a new quantum-derived key is born inside the chip, performs exactly one purpose, and is immediately erased from existence. The next use generates a completely different key. So does every use after that.

The practical meaning: if your PALLAS device is lost, stolen, or forensically analyzed at any point in the future, an adversary gains the ability to authorize actions from that moment forward only — and even that requires your live fingerprint. Everything you authenticated in the past remains permanently sealed behind keys that are gone from the physical world.

There is no archive to subpoena. No database to breach. No record that can be quantum-decrypted. The past is protected not by encryption — but by the most absolute security mechanism possible: the keys that protected it do not exist.

The Difference Between Encryption and PFS: Encryption protects data by making it hard to read. PFS protects data by ensuring there is nothing left to read it with. Encryption says "this is computationally difficult." PFS says "there is no key — not hidden, not encrypted — gone." PALLAS provides both, layered together. They are complementary, not alternatives.

PFS Scope Across the PALLAS Device

Function	PFS Applied?	Mechanism
FIDO2 / WebAuthn authentication	Yes — per-session	Fresh QRNG entropy seeds each assertion; session signing key derived and destroyed per GetAssertion
XInfinitum transaction signing	Yes — per-transaction	Unique Quantum State Key generated and destroyed for each individual blockchain transaction — see Section 8
PALLAS Pay (NFC payments)	Yes — per-transaction	Each NFC payment uses a fresh ephemeral key from QRNG; destroyed inside SLE97 post-transaction
Vault session keys	Yes — per-session	Vault key loaded into SE RAM for session duration, destroyed on vault lock; QRNG entropy in derivation chain
Credential public keys	Reproducible by design	FIDO2 requires websites to recognize the same public key across sessions — the stored QRNG seed allows identical keypair reconstruction without persisting the private key. This is an intentional and documented exception to support interoperability.

XInfinitum — Blockchain-Native Post-Quantum Forward Secrecy for Signing Authority

On a public blockchain where all transaction data is visible by design, the relevant forward secrecy property is not confidentiality of transaction content — it is forward secrecy of signing authority: the mathematical impossibility of reconstructing the private key used to authorize any past transaction. XInfinitum's architecture is designed to provide this property at the individual transaction level, extending PALLAS's hardware PFS guarantee into the blockchain layer.

Design Statement: XInfinitum is designed to achieve blockchain-native post-quantum forward secrecy for signing authority through zero-persistence Quantum State Keys. Each transaction is signed with a one-time CRYSTALS-Dilithium5 private key derived from quantum vacuum entropy and immediately hardware-zeroized after use. Because the entropy used to generate each key is never stored and no deterministic derivation path exists, past signing keys cannot be reconstructed from any retained state or deterministic process. This provides forward secrecy for signing authority at the protocol level — a property not present in conventional public blockchain architectures.

Why This Is Revolutionary: No commercially available hardware security key, hardware wallet, or authentication device implements full hardware-verified Perfect Forward Secrecy with QRNG-seeded ephemeral keys and EAL6+-certified destruction. Software systems like TLS 1.3 implement computational forward secrecy (hard but theoretically breakable). PALLAS implements hardware-enforced post-quantum forward secrecy — the entropy source is information-theoretically random (QRNG) and the signing scheme is post-quantum hardened (CRYSTALS-Dilithium5). This is a fundamentally different and stronger guarantee than computational forward secrecy. This is not an incremental improvement; it is a categorical step change in the security model available to any user.

References

NIST. FIPS 204: Module-Lattice-Based Digital Signature Standard. National Institute of Standards and Technology.
FIDO Alliance. FIDO Client to Authenticator Protocol (CTAP) 2.1. 2023.
W3C. Web Authentication: An API for accessing Public Key Credentials Level 3. 2023.
Krawczyk, H. & Eronen, P. RFC 5869: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). 2010.
Shor, P.W. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput., 1997.
CISA / NSA / NIST. Quantum-Readiness: Migration to Post-Quantum Cryptography. August 2023.
NXP Semiconductors. LPC55S6x Data Sheet. Rev. 4, 2022.
Infineon Technologies. SLE 97 Family Security Controller. 2021.
ID Quantique. IDQ6MC1 Quantum Random Number Generator — Product Brief. 2023.
Synaptics. FS7600 Fingerprint Sensor. 2022.

PALLAS Quantum State Security Key