The Vault & The Long Game

Swiss Stiftung (Foundation). Separate legal entity from SSK Corp. Purpose-locked under Swiss law.

Modeled on the intersection of:

· Bell Labs — fundamental research institution

· DARPA — directed research via precise technical specifications

· Gates Foundation — global impact, philanthropic governance

SSK Corp's role: Donates unfettered, free, secure access to the Foundation Model. Receives $0 in return. SSK Corp benefits indirectly — every bounty-funded .kasset that enters the public marketplace generates progressive certification fees via the certification service.

Delivered through the member's existing twin. Same architecture as every other Sovereign user. Same device. Premium security features only. No separate terminal. No separate hardware. The architecture — minus the public availability of the market — is the exact same thing.

Each gap is a technical specification of a fact that isn't true yet: a precise description of knowledge whose absence the Foundation Model has detected, priced by rarity and utility.

Maximum access window: the shorter of the two participants' lifetimes.

When either the buyer or the minter dies, the .kasset releases to the public marketplace. The minter's death triggers Rule 1 (factual knowledge enters the Common Knowledge Codex). The buyer's death terminates the exclusive access.

Properties

The billionaire and the researcher become mutual life insurance policies. In a world where power historically eliminates threats, this system converts the relationship between apex capital and frontier knowledge into a mutual non-aggression pact enforced by economics.

The Foundation Model generates revenue without releasing its contents. The Stiftung operates the Gap Feed. The Corp operates the marketplace. The minters create the knowledge. The buyers fund it.

The entire campus is a library that creates its own contents.

2.1 Main Campus: Wears Valley, East Tennessee

Location: Connected parcels of large acreage in the Wears Valley / Townsend corridor, near the entrance to Great Smoky Mountains National Park. Wears Valley (Wear Cove) runs parallel to the park between Chilhowee Mountain to the north and the park boundary to the south. The western end opens toward Townsend ("the peaceful side of the Smokies"). The Metcalf Bottoms park entrance is directly accessible.

Jurisdictional note: Wears Valley spans Sevier County (east, toward Pigeon Forge) and Blount County (west, toward Townsend). Large acreage in Blount County has fewer STR-driven zoning restrictions and more agricultural/open land use. The western Wears Valley / Townsend side is the primary acquisition target.

Scale: 300-500+ acres. Apple Park is 175 acres / 2.8M sq ft / $5B / 12,000 capacity. The Sovereign campus is larger and more complex — it contains a boarding school, graduate program, research labs, corporate R&D, performance venues, and an arboretum. 500 acres allows the Swarthmore integration model: buildings embedded in the arboretum, not the arboretum surrounding buildings.

Campus design references (post-Fallingwater):

This document covers Line of Business #1: The Apex Oracle and its downstream infrastructure (the Stiftung).

Both Y3 business lines are now fully documented.

· Cipher: AES-256-GCM (authenticated encryption)

· Signing: ML-DSA-65 (post-quantum, NIST FIPS 204)

· Key derivation (active vault): vault_key = Argon2id(passphrase) ⊕ HSM_key. Both the user's passphrase and the device's hardware security module key are cryptographic inputs. Neither alone is sufficient. Compromise of one factor does not compromise the vault.

· Key derivation (backup): backup_key = Argon2id(passphrase) ⊕ BackupEnclave_HSM_key. The Home Backup Enclave contains its own HSM. Backup encryption is two-factor: passphrase + physical possession of the Backup Enclave.

· Argon2id minimum parameters: Memory cost ≥ 256 MiB, iterations ≥ 3. On platforms without HSM (software fallback), memory cost ≥ 512 MiB and iterations ≥ 4 to compensate for single-factor. These are minimums — implementations should tune higher based on device capability.

· Passphrase complexity: Minimum 40 bits of entropy enforced at setup (approximately 4+ random words or 8+ mixed characters). User's choice beyond the minimum.

Compartment A — Sovereign Space (Self-Created)

Everything the owner made, wrote, recorded, thought, or trained. Contains three critical components:

The Idiolect — the user's unique semantic map. A learned mapping function that translates tau profiles (process dynamics) into semantic weight space. The idiolect IS the user in computational form. It is trained from the user's language, writing, behavior, and decisions. It is the key that makes tau values meaningful. It never leaves the vault.

The Tau Collection — the user's cognitive dynamics. Process descriptors: how fast the user decides, how they hesitate, their rhythms across cognitive domains. Without the idiolect: an unlabeled bag of numbers. With the idiolect: the user's personality.

Raw Content — journal entries, messages, health data, personal facts. PII-stripped before reaching the training pipeline. The idiolect is trained FROM this content, but the content is consumed during training and not stored in recoverable form.

· Constitutional basis: 1st Amendment (expression), 5th Amendment (testimonial privilege)

No biometric authentication at the SSK layer. Device OS-level biometric auth is the user's choice and the platform's domain. SSK does not implement, require, or store biometric data for vault authentication.

Auth flow: Device OS auth → SSK passphrase → vault_key = Argon2id(passphrase) ⊕ HSM_key

High-stakes operations (mint, trade, export): passphrase re-confirmation + HSM-bound TOTP (6-digit rotating code, seed in hardware security module). Anti-remote-theft measure — protects against passphrase-only compromise from a different device. Not an anti-state measure.

Opt-in security feature. User activates at their own discretion and assumes all liability.

A second passphrase that, when entered, executes atomic, irrevocable destruction of all active vault contents:

HSM key zeroed

Encryption keys overwritten with random data

All data in both compartments overwritten (including Idiolect and Tau collection)

Operation is atomic — cannot be interrupted or rolled back

The vault is designed so the company cannot access user data, even under compulsion. This follows from the 1st, 4th, and 5th Amendments. The company does not possess user keys. The KDF architecture requires both the user's passphrase and the device's HSM key — the company has neither. Reproducible builds prove no backdoor exists.

The Problem

The vault layer is open source (Doc 29 §8). The intelligence layer is proprietary. If both run in the same address space, the proprietary code can read anything in memory — including the decrypted idiolect, the vault_key, and all Class 2 data. During normal operation (not minting), the application has network access (web server, BLE, trade settlement). A supply chain attack on the proprietary binary could exfiltrate the idiolect while the user believes the open-source vault is protecting them. The open-source vault is meaningless if untrusted code shares its address space with network access.

The Requirement

The intelligence module and the vault module MUST run as separate operating system processes. This is not optional. Shared-address-space architectures violate the trust model.

Sandbox Enforcement

The intelligence process MUST be sandboxed by the operating system's kernel-level isolation mechanism. The sandbox MUST deny:

Scenarios

Procedure (Atomic Re-Keying)

User authenticates with current vault_key (old passphrase + old HSM)

Vault contents decrypted into RAM (Class 2 window)

New HSM key generated (on new hardware or via PKCS#11)

New vault_key computed: Argon2id(new_passphrase) ⊕ new_HSM_key

The Sovereign Survival Kit builds personal vaults, hands the only key to the owner, and certifies the provenance of what comes out. The company never holds the key. It cannot open the vault, inspect the contents, or decide what goes in. Once the owner locks the door, the contents are sovereign — protected by the same constitutional principles that protect a person's papers, thoughts, and private effects.

This architecture has a direct consequence for content enforcement: The company controls two boundaries — the minting mechanism (what enters the tradeable format) and the certification stamp (what gets certified). It does not control what the owner stores, writes, or creates inside their own vault. Content enforcement therefore operates at layer boundaries, not at the content layer.