Whitepaper v4.0

The fire belongs to humanity,
not to corporations.

Prometheus is a fully decentralized, AI-powered threat intelligence protocol built on the Kaspa blockchain. It transforms every connected device into a node in a global threat detection swarm — without central control, without a foundation, and with zero pre-mined tokens.

The protocol combines three layers: on-device AI (Phi-3-mini 3.8B, 4-bit quantized) for local anomaly detection, Guardian nodes (LLaMA 3 70B/8B) for advanced threat analysis and YARA rule generation, and Kaspa L1 consensus (DAGKnight, 100 BPS) for immutable rule storage and governance.

The security industry is structurally compromised.

Classical antivirus software works by comparing files against a database of known malware signatures. This approach has a fundamental design flaw: it only detects what is already known. New, unknown attacks — zero-day exploits — pass through undetected.

State-sponsored trojans like Pegasus (NSO Group), Predator (Intellexa), and FinFisher were specifically engineered to bypass these detection mechanisms. They use zero-click exploits — the user need not click anything or download anything. A single incoming message is sufficient for complete device compromise.

The commercial security industry suffers from a fundamental conflict of interest: the same firms that sell protection also sell attack tools to governments. Firms like NSO Group, Hacking Team, and Intellexa profit from enabling espionage — not from preventing it.

• Zero-day market: A legal but opaque market for security vulnerabilities. Governments pay millions for unknown exploits.
• Backdoor laws: The US Cloud Act and similar legislation in other countries compel technology companies to cooperate with authorities.
• Conflict of interest: An antivirus company that simultaneously serves government clients has a financial incentive not to detect government malware.

Trustworthy security research does not come from the large corporations — it comes from independent actors: Amnesty International Security Lab (MVT toolkit for Pegasus detection), The Citizen Lab (University of Toronto — the leading address for uncovering state cyber-espionage), ClamAV (fully transparent, community-maintained open source scanner), and Wazuh (open source threat detection platform).

Prometheus builds on this tradition — and scales it to global network effects through blockchain technology.

Swarm intelligence. Blockchain immutability. AI analysis.

Prometheus solves the three core failures of the current security industry simultaneously:

Three layers. No center.

Layer 1 is the core of the security system. Validated threat rules are stored here as KRC-20 assets. These data can be deleted or manipulated by nobody — not governments, not companies, not the developers themselves.

• DAGKnight consensus: Adaptive, parameterless consensus with theoretically optimal Byzantine fault tolerance (~50%). Converges under attack orders of magnitude faster than classical systems.
• BlockDAG architecture: Parallel block production eliminates the bottleneck of linear chains. 10 BPS today, 100 BPS with Crescendo upgrade.
• Silverscript (from May 5, 2026): High-level language for UTXO-based smart contracts. Compiles directly to Kaspa opcodes, no separate VM. Reentrancy attacks are structurally impossible.
• Native ZK verification: Groth16 Zero-Knowledge Proofs directly on L1 — essential for anonymous threat reports.

Kasplex brings zkEVM functionality to Kaspa. The complex governance logic runs here: votes, reputation computation, reward distribution. Results are confirmed to L1 via ZK-rollup. Active since August 2025.

The actual protective effect arises off-chain on the devices of users and the nodes of operators. This layer communicates constantly with L1 and L2 but acts autonomously. Raw data never leaves this layer.

Four roles. Every device contributes.

LLaMA 3 70B requires 4× NVIDIA A100/H100 (~$30,000–50,000). This excludes many potential Guardian operators. LLaMA 3 8B runs on a single consumer GPU (e.g. RTX 4070 Ti) — dramatically lower entry barrier. The reputation system automatically filters out poor-quality outputs: incorrect proposals halve reputation and automatically revoke voting rights.

Open source models. Security specialization. Federated learning.

The choice of AI model is a security question, not a quality question. Proprietary models (GPT-4, Claude, Gemini) are black boxes — nobody can verify what they actually do. For a security system with transparency as a core principle, they are structurally unsuitable.

Microsoft's Phi-3-mini 3.8B runs completely locally on the end user's device. No data transfer, no cloud, no dependency on external services. The model is 4-bit quantized and runs via ONNX Runtime on 4 GB RAM without GPU on Windows, macOS, Linux, and mobile.

Meta's LLaMA 3 in the 70B or 8B variant is the centerpiece of the Guardian AI. It runs self-hosted on Guardian nodes and analyzes incoming threat hints from Light Clients across the network. Both variants are fine-tuned with LoRA (Low-Rank Adaptation) on security-specific datasets:

• VirusShare: Largest public malware database, millions of samples
• MalwareBazaar: Current malware samples, daily updated
• Exploit-DB: Complete exploit database for CVE correlations
• CuckooSandbox Reports: Behavioral analysis of malware in sandbox environments

# LoRA Fine-Tuning Configuration
lora_config = LoraConfig(
    r=16,                              # Rank
    lora_alpha=32,                     # Scaling factor
    target_modules=['q_proj', 'v_proj'], # Attention layers only
    lora_dropout=0.1,
    task_type='CAUSAL_LM'
)
# Only 1-5% of parameters are trained → efficient
# Training on ~500k malware samples
# Result: specialized security model on LLaMA 3 base

The network improves continuously without central data exchange. Fed-DART (Fraunhofer Institute) enables decentralized training: clients train locally and send only mathematical gradients — never the underlying data.

Six Silverscript contracts. Fully automated. Audited.

All contracts are written in Silverscript, audited before mainnet deployment, and use uint64 with 10,000× scaling for all reputation and confidence values (no float64).

Two tokens. No shortcuts.

Economic security through KAS staking.

Validator nodes are the economic backbone of the network. By staking KAS they put economic capital on the line as a guarantee for honest behavior. Misbehavior is punished by slashing — a direct financial loss.

Reputation capital through AI contribution.

Guardian nodes are the intelligence of the network. They operate the Jäger-KI, analyze threat patterns, and create rule proposals. Their "stake" is not financial but reputational — a form of social capital earned through good work.

Commit-Reveal. Bond system. 67% quorum.

Commit-Reveal is the core protection mechanism against collusion among validators. No validator knows how the others will vote before they themselves have committed.

# Phase 1: COMMIT — validator sends only a hash
# commitment = sha256(vote_byte || salt_LE || block_height_LE)
# vote_byte: 1 = true, 0 = false
# salt and block_height as 8-byte little-endian

# Phase 2: REVEAL — after 10-second collection phase
# Validator reveals actual vote + salt
# Network verifies: sha256(vote||salt||block) == commitment
# Invalid reveal → bond slashed immediately

KRC-20 assets. Supply 1. Immutable.

Each accepted rule is stored as a unique KRC-20 asset on Kaspa L1:

• Tick: PROM-RULES
• Supply: 1 per rule (NFT-like — unique and non-fungible)
• ID format: PROM-RULE-2026-XXXX
• IPFS reference: bytes(36) — CIDv1 binary with SHA-256 multihash (not bytes(46) — corrected in audit V-002)
• Minimum confidence: 0.85 (stored as 8,500 at 10,000× scale)
• Challenge period: 24 hours after acceptance

Rule content is stored on IPFS. The CIDv1 hash is stored on-chain. Every client verifies the IPFS content hash against the on-chain hash before loading a rule — manipulation is structurally impossible.

The network learns. Raw data never leaves.

Fed-DART enables decentralized training: clients train locally and send only mathematical gradients — never the underlying data. The global model improves without any central party knowing the data of the users.

# Fed-DART Training Round (simplified)
async def training_round(self):
    # 1. Fetch global model from coordinator
    global_model = await self.client.fetch_global_model()
    # 2. Train locally — ONLY with local threat data
    local_gradients = await self.train_local(global_model)
    # 3. Send ONLY gradients — NEVER raw data
    await self.client.submit_update(ModelUpdate(
        gradients=local_gradients,      # Mathematical difference
        client_id=self.anonymized_id(), # Anonymous
        data_size=self.local_data_count,# Count, not content
        signature=self.sign_update()    # Authenticity
    ))
    # 4. Aggregated global model is distributed
    # No single client knows the data of any other

Fully automated. No human intervention possible.

All protocol parameters adjust themselves weekly based on network data. No human can intervene — or needs to.

Sybil resistance. FP flood. 51% attack. Collusion.

5% Dev Pool. DAO vote only. No foundation.

5% of annual PROM emission (1,000,000 PROM/year) is allocated to developer grants. Every single payment requires a DAO vote — full transparency, no hidden payments, no founder allocation.

Recommended reward formula: lines × 10 × (100 + complexity × 10) / 100 — capped at 100,000 PROM per grant. Complexity scale: 1–10.

Before mainnet launch, no tokens are issued. Development is financed through external funding — Gitcoin Grants (quadratic funding, community-decided), Octant (matching pools for open-source infrastructure), and community donations in KAS.

Built in public. Audited in public.

All findings public. All resolved before mainnet.

All development is subject to continuous architect audit via the Claude Code workflow. Every finding is documented in memory/AUDIT.md and publicly visible in the repository.