Cryptographic Primitives

This section defines the minimal set of identities and cryptographic keys used by the KnoxNet protocol. These primitives underpin authorization, offline value issuance, and encrypted settlement across both execution and settlement domains.

5.1 Identities

Each user u is associated with a signing keypair:

(skᵤ, pkᵤ)

which is used to authorize ownership and transfer of offline notes, as well as reconciliation submissions.

KnoxNet optionally supports device-scoped keypairs:

(sk_dev, pk_dev)

used to enforce device-level policies such as issuance caps, exposure limits, and recovery mechanisms. Device identities are subordinate to user identities and do not represent independent economic actors.

5.2 Anchor Ledger Keys

The KnoxNet Layer 1 ledger maintains protocol-level cryptographic keys.

A signing key:

sk_𝓛₁

is used to authorize the issuance of offline notes. Notes lacking a valid signature under this key are invalid.

For encrypted settlement, the ledger maintains a homomorphic encryption public key:

pk_HE

used to encrypt settlement data and verify global constraints without revealing plaintext values. Decryption capability may optionally be distributed across a validator committee using threshold decryption to reduce trust concentration.

5.3 Cryptographic Assumptions

KnoxNet assumes the standard security properties of the cryptographic primitives it employs, including the unforgeability of digital signatures and the semantic security of encryption schemes. The protocol does not rely on trusted hardware or continuous connectivity.

Cryptographic primitives are combined with architectural design—offline execution and encrypted settlement—to reduce observability rather than relying on cryptography alone for privacy.