Bloch-SIS-PoW — an experimental post-quantum, pure-PoW BlockDAG L1. The network is live as a mainnet beta; seeking testers and reviewers, coins worthless by design.Its proof-of-work carries a lattice component: alongside a
SHAKE-256 hashcash, every block must pass a
Module-SIS (Short Integer Solution) structural gate derived from the block header. The network that previously ran as a public testnet is now live as a
mainnet beta, with a public explorer and one reference mining pool. We are looking for people to run nodes, try to break the PoW, and — above all — review the design.
⚠ READ THIS FIRST — honest status (the part that matters)- "Mainnet beta" means exactly one thing: the network is live, for coordination and testing. It does not mean secured, finished, audited, or valuable. This is not a coin launch, there is nothing to buy, and a live network raises — not lowers — our duty to warn you.
- The coin is not a security and not an asset. No token sale, no listing effort, no market-making, no price — past, present, or planned. Do not attach value to it, and do not ask us to.
- The coin is worth nothing, by design and by declaration. The software is young and unaudited, total hashrate is tiny, and the chain is realistically 51%-attackable today. The Module-SIS gate currently runs a relaxed k=4 regime whose structural component is cheaply forgeable — it does not yet add meaningful security on top of the hashcash.
- Good-faith engineering disclosure: a k=8 hardening soft-fork was attempted and reverted. Raising k without a matched reduction in the hashcash difficulty made each valid block roughly 4096× harder to find and stalled the chain. It will be re-activated later with the matched difficulty fix. We are telling you this so you don't have to discover it in the commit log.
- Disclosed in full so nobody discovers it later: the genesis allocates a 17% founder premine (10-year cliff, then 40-year monthly on-chain vesting), structurally passive — no governance power, no protocol privileges, zero sale, zero listing effort.
- The code is unaudited. Full mainnet security is gated on (a) a concrete-security analysis of the canonical PoW parameters (lattice-estimator class), (b) an IACR ePrint for open expert review, and (c) a third-party audit. None of these has been done.
- Pools centralize what should be decentralized. A pool with >51% of hashrate is an attack vector, not a convenience. Solo mining (bloch --mine) stays the default; no pool is required.
- Participation means helping test experimental post-quantum PoW research — not mining, holding, or buying anything of value. If you are here for a coin, this thread has nothing for you.
- Nothing in this post is financial or legal advice.
What "mainnet beta" means here (and what it does not)We relabeled the network from "public testnet" to "mainnet beta" because the chain is now the one we intend to keep: it is live, it persists, and public infrastructure (explorer, a reference pool, a demo RPC node) points at it. That is the entire content of the label. Every caveat from the testnet era still applies at full strength — unaudited code, a relaxed PoW regime, trivial attackability, and coins that are worthless by design and by declaration. If "mainnet" makes you think "launch", read it as
"live beta network" and nothing more.
What it is- Consensus: PHANTOM/GhostDAG-Q BlockDAG, pure PoW — no BFT finality, no validator set, no treasury. Finality is PoW depth, à la Bitcoin/Kaspa. ~30 s target block time, per-block ASERT-Lattice difficulty.
- Proof-of-work: Bloch-SIS — two coupled conditions per block: (1) a SHAKE-256 hashcash over the candidate must meet the per-block difficulty target — this is the difficulty-bearing work today; and (2) a Module-SIS structural gate: a short vector s ∈ {-B,…,B}^N whose residual A·s − t (with the instance (A, t) derived from the header via SHAKE-256) is bounded in ‖·‖_∞ on k residual coefficients. The network currently runs k=4 (relaxed); a k=8 hardening was attempted, stalled the chain for lack of a matched hashcash-difficulty reduction, and was reverted pending that fix. Verification is cheap. In the intended canonical regime, satisfying the gate requires lattice reduction (BKZ + Babai); in the current relaxed regime it is cheaply brute-forceable — which is exactly why the structural component adds no security yet and the coins are worthless.
- Signatures: hybrid Falcon-1024 ‖ ML-DSA-65 — both must verify; two distinct lattice families.
- Transport: libp2p gossipsub + IBD sync, ML-KEM-768 hybrid handshake, hybrid PQ peer identity.
- Storage: RocksDB. Written in Rust.
What we think is novel (and want challenged)Post-quantum on
every consensus-critical primitive — not just the signatures. The PoW (SHAKE-256 hashcash + Module-SIS gate), the signatures (Falcon + ML-DSA), and the seed/aux hashing (SHAKE-256) are all PQ; no classical primitive sits on the consensus path. The open question — and the reason this is on a dev board — is whether the Module-SIS gate can be parameterized into a progress-free, verify-cheap, mine-hard regime with defensible concrete security, so the lattice component carries real weight rather than riding along. We do not claim that result; we claim a live testbed for it — and the reverted k=8 fork is a data point on how hard the tuning is.
What is explicitly NOT done- Canonical SIS parameters with a concrete-security analysis — not done (the current k=4 regime is deliberately relaxed and cheaply forgeable).
- The k=8 hardening — attempted and reverted; re-activation waits on a matched hashcash-difficulty adjustment.
- IACR ePrint write-up — not done.
- Third-party audit — not done.
- Any claim of economic security — not made. Tiny hashrate, young code: assume a motivated attacker can reorg the chain.
Live resourcesOn that pool, plainly: the protocol is ownerless, and this is
one pool on it, not "the" pool. Pools centralize what PoW is supposed to decentralize, and a pool with majority hashrate is an attack vector regardless of who runs it — including us. The healthy end-state is
several independent small pools plus solo miners. The pool software is open —
fork it and run your own rather than pointing more hashrate at ours. Solo mining (bloch --mine) remains the default and needs no pool at all.
How to join the betaThe protocol is ownerless — no foundation, no privileged seed nodes (the shipped seed list is literally empty; Postern Labs' nodes are ordinary peers with no protocol privileges). Repository:
gitlab.com/blochsispow-group/BlochSISPoW-project
Quick start (Rust toolchain + clang/cmake required):
git clone <the repository above> bloch && cd bloch
cargo build --release
./target/release/bloch --data-dir ./bloch-data \
--listen /ip4/0.0.0.0/tcp/16110 --peer <multiaddr-of-any-live-peer>
# add --mine to solo-mine (worthless) beta blocks
# check it's up: ./target/release/bloch-cli getnetworkinfo
There are no privileged seeds, so you bootstrap from
any live peer's --listen multiaddr — post yours in this thread. A full step-by-step "Run a node" tutorial, plus downloads, is at
posternlabs.com; the same content ships with the repo.
Feedback we're looking for[list=1]
- Attacks on the PoW design (grinding, amortization, precomputation, progress-freeness, verify/mine asymmetry, hashcash/SIS-gate coupling) — including on-paper attacks against the intended canonical regime.
- Consensus/DAG edge cases: reorgs, timestamp games, ASERT-Lattice difficulty manipulation — especially around gate-hardening transitions like the reverted k=8 fork.
- Networking/IBD breakage, RPC issues, build failures on your platform; pool/stratum-dialect issues if you run your own pool.
- "This was tried in [paper X] and fails because Y" — the most valuable reply of all.
Disclosure of interest: I build products on top of this protocol (Postern Labs, which also operates the reference pool above), but the protocol itself has no owner and I hold no privileged role in it beyond the disclosed premine. Everything is MIT/Apache-2.0.
Please keep price, market, exchange, and "when full mainnet" talk out of this thread — there is no price, there will be no listing effort, and full mainnet security is gated on research that is not done. Peer multiaddrs, build reports, and attacks are all very welcome.
— Tiago Tenório (TT)