Evaluation Inquiry
Derek Arsenault
Founder & Inventor · Pilon Laboratories Inc.
derek@pilonlaboratories.com
Open Email Client

Copy the address above if your email client does not open automatically.

PALLAS Enterprise — Pilon Laboratories Inc.
CIPO Patent Filed · April 14, 2026 NIST FIPS 204 · ML-DSA-87 · Level 5 71 Claims · Chrono-Isolated Secrecy™

Pilon Laboratories Cryptographic Engine

PALLAS

Enterprise

A patent-pending post-quantum signing architecture with Chrono-Isolated Secrecy™ — no private key persists before or after the authorization window. No identified prior art as of CIPO filing date (April 2026). Built for the HNDL threat environment financial institutions can no longer defer.

Authorize Demo Live Benchmark Technical Whitepaper View Documents

Live Benchmark — Software MVP · Node.js · Commodity Hardware

Full 1,000-ceremony concurrency matrix (CSPRNG × 4 levels + NIST Beacon × 2 levels) · 4,200 total ceremonies · commodity hardware · no hardware crypto acceleration.

23.91ms
Mean Latency · CSPRNG · c=1
41.80/s
Ceremonies/sec · CSPRNG · c=1
<0.01ms
Key Destruction · Software Readback
100%
Gates Passed · 4,200/4,200

Technical Documentation

Evaluation Documents

Technical abstract and live benchmark report for CQRO and security architecture evaluation. View in-browser or download as PDF.

Chrono-Isolated Secrecy — Technical Abstract
View HTML Download PDF

Exec Demo System

SWIFT High-Value Wire Ceremony

Interactive simulation of a $49.5M interbank SWIFT authorization processed through the PALLAS QSK cryptographic ceremony pipeline. All timings are empirically measured — no synthetic values.

Wire Authorization Request
STANDING BY
Sender Institution
Tier-1 US Clearing Member A
Receiver Institution
Schedule I Canadian Bank — Toronto Node
Intermediary Network
SWIFT Wire Gateway
Transaction Amount
$49,500,000.00 USD
Payment Reference
sovereign-reserve-settlement-fips204
SWIFT Message Type
MT103 — Customer Credit Transfer
ML-DSA-87 · FIPS 204 Level 5 CIS Architecture
Risk Classification
HIGH VALUE INTERBANK · DUAL CONTROL REQUIRED · QSK CEREMONY MANDATORY
Chrono-Isolated Verification Ceremony Monitor
IDLE
● PALLAS CRYPTOGRAPHIC ENGINE v0.1.0
● DILITHIUM GATE: ARMED AND READY
● ENTROPY SOURCE: CSPRNG (SANDBOX) / IDQ6MC1 QRNG (PRODUCTION TARGET)
● SIGNING ALGO: ML-DSA-87 (CRYSTALS-DILITHIUM5)
────────────────────────────────────────────
Awaiting authorization request...
Press AUTHORIZE TRANSACTION to initiate QSK ceremony.
Live SDK Benchmark
1,000 ML-DSA-87 ceremonies — running live in your browser
800 CSPRNG ceremonies + 200 NIST Randomness Beacon ceremonies. Cryptography runs entirely in your browser from self-hosted libraries — no external servers, no simulated values. Every keygen, sign, zeroize, and Dilithium Gate verify is empirically timed.
Run Live Benchmark →

Without PALLAS

Traditional PQC Migration Forces a Multi-Billion-Dollar Rail Overhaul

NIST's standardized lattice-based algorithms are mathematically massive compared to the RSA and ECDSA primitives that legacy banking infrastructure was engineered around. Attempting to swap ML-DSA-87 directly into existing core payment pipelines triggers three cascading infrastructure failures — before a single line of business logic changes.

$2–5B
Estimated Tier-1 overhaul cost
7–10yr
Rail remediation timeline
14×
Auth payload inflation vs RSA-2048
90%
Classical HSM throughput collapse

PQC Data Inflation — The Rail Bottleneck

Algorithm Public Key Signature Total Overhead Legacy Rail Impact
ECDSA P-256 · Classical 64 B 64 B 128 B Ultra-lightweight. Fits anywhere.
RSA-2048 · Legacy Standard 256 B 256 B 512 B Compact. Fits legacy field sizes.
ML-DSA-87 · Native swap-in (competitor path) 2,592 B 4,595 B 7,187 B 14× inflation. Rails collapse.
ML-DSA-87 · PALLAS metadata overlay 2,592 B 4,595 B 7,187 B Non-breaking external header. Zero rail modification.

The cryptographic overhead of ML-DSA-87 is identical regardless of integration method. The architectural question is where that overhead lands — inside legacy rails (catastrophic) or as an external non-breaking authorization header (zero disruption).

The Three Rail Failure Vectors — Why a Native PQC Swap-In Fails

FAILURE VECTOR 01
Database Schema Truncation

Legacy middleware commonly hardcodes security token fields to VARCHAR(512). Forcing a 4,595-byte ML-DSA-87 signature into a 512-byte column triggers immediate data truncation, corrupted audit logs, and database crashes. Remediating every security-bearing field across a global bank's 200+ internal systems costs hundreds of millions and takes years.

FAILURE VECTOR 02
Network MTU Fragmentation

A complete ML-DSA-87 auth payload (7,187 bytes) exceeds the standard MTU of 1,500 bytes by nearly 5×. Every transaction becomes a fragmented multi-packet sequence — triggering retransmission storms, out-of-order delivery, and severe latency spikes across SWIFT parsing engines where sub-millisecond timing is a regulatory requirement.

FAILURE VECTOR 03
HSM Performance Collapse

Classical rack HSMs (Thales Luna, nShield, IBM 4769) use ASICs hardcoded for elliptic-curve math, not polynomial matrix arithmetic. Patching via software forces emulation mode — verified throughput collapses up to 90% TPS. For a Tier-1 institution at 50,000+ TPS, this is systemic capacity failure. Full fleet HSM replacement: $200M–$1.5B in hardware alone before software remediation.

PALLAS ADVANTAGE
Drop-In Cryptographic Shield — Zero Rail Modification
Metadata Overlay

The PALLAS authorization token attaches as a non-breaking JSON header. SWIFT MT103/MT202, Fedwire, LYNX, SEPA, and ACH formats are entirely untouched. No database schema modification required anywhere in your infrastructure.

Offloaded Lattice Math

All ML-DSA-87 polynomial arithmetic runs natively on the Infineon SLC27 TEGRION EAL6+ secure element or the sandboxed SDK container. Your core banking servers never touch the computation — zero CPU degradation, zero TPS impact.

Every Path Beats the Alternative.

Sandbox Evaluation: $70,000 — Full SDK access, benchmarks, air-gapped testing. Costs less than one classical HSM unit. For architectural evaluation only. Pre-FIPS 140-3 certification; not approved for regulated authorization pipeline deployment.

Regional Software License: $1,500,000/yr — Full API, all algorithms, enterprise SLA. ML-DSA-87 on your existing servers. Zero rail modification. Zero hardware required.

Regional Standard + HSM: $2,500,000/yr + hardware — SLC27 TEGRION offloads all lattice arithmetic at sub-millisecond native speed. Zero compute load on core banking infrastructure.

Global Uncapped License: $3,500,000/yr + hardware — Institution-wide, all regions, unlimited deployment. Full FIPS 140-3 Level 3 hardware-enforced CIS. The $2–5B overhaul becomes a rounding error.

Universal Zero-Trust Authentication

QSK Beyond Banking Rails

While PALLAS is optimized for high-volume financial transaction authorization, the QSK engine is a generalized, zero-trust cryptographic primitive for any critical perimeter where a command must be issued, verified, and never replayed. The core property — key material that exists for under 0.01ms and is architecturally destroyed upon use — eliminates the concept of a harvestable attack surface regardless of the infrastructure domain.

0
Bytes Residual Key Material
<0.01ms
Maximum Key Lifetime
100%
Dilithium Gate Verification Rate
SpaceX command replay attack blocked by PALLAS QSK
■ ATTACK NEUTRALIZED
USE CASE 01 — COMMAND AUTHORIZATION

Telemetry & Command Integrity
Replay Attack Prevention

The Vulnerability

In critical infrastructure — from cloud server roots to SpaceX telemetry and Starlink orbital adjustments — administrative commands are prime targets for replay attacks. An adversary who intercepts a signed token can attempt to resubmit it to alter machine behaviour, trigger a burn, or abort a maneuver.

The PALLAS Solution

Commands are bound to a single-use, chrono-isolated cryptographic spark. Each signature is mathematically linked to a specific sub-0.01ms execution window and telemetry metadata. The key material is architecturally eliminated on use — there is no persistent root key on the edge device to target, intercept, or replay.

QSK Ceremony Log
context: SpaceX Falcon 9 · Stage 1 Deorbit Burn
command: IGNITE_BURN { delta_v: -94.2 m/s, dur: 68s }
origin: ADVERSARIAL — replayed intercepted token
[01] NONCE_CHECK ← ceremony_id consumed: TRUE
[02] REPLAY_FLAG ← TOKEN REUSE DETECTED
[03] KEY_SKIPPED ← no ephemeral keypair generated
[04] GATE_RESULT ← DILITHIUM GATE: REJECTED ✗
[05] ALERT ← anomaly flagged to mission ops
■ BLOCKED · 0 bytes exposed · exposure window: 0.000 ms
Starlink satellite orbital hijack blocked by PALLAS QSK
■ ATTACK NEUTRALIZED
USE CASE 02 — RUNTIME INJECTION DEFENSE

RAM Scrape & APT Memory Defense
Remote Orbital Command Hijack

The Vulnerability

Advanced persistent threats inject malicious scripts into application runtimes. Their primary objective: volatile memory dumps to harvest active cryptographic keys mid-operation. A compromised satellite ground station key could grant an adversary permanent orbital override capability — indefinitely.

The PALLAS Solution

The PALLAS SDK initiates zeroization of the volatile register memory buffer immediately upon signing. An injected script attempting a RAM scrape will find no accessible key material. You cannot harvest what no longer exists — and without device attestation, no unauthorized endpoint can initiate a valid ceremony at all. In software mode, zeroization is initiated at the application layer; silicon-enforced guaranteed destruction is the production model via the Infineon SLC27 TEGRION EAL6+ secure element.

QSK Ceremony Log
context: Starlink LEO · Sat #4471 · Orbital Adjust
command: SET_ORBIT { delta_v: -12.4 m/s, axis: 2 }
origin: UNAUTHORIZED REMOTE ENDPOINT
[01] ENTROPY_SEED ← CSPRNG: 512-bit ✓
[02] EPHEMERAL_KEY ← ML-DSA-87 keypair generated
[03] DEVICE_ATTEST ← authorized signing hw: NOT FOUND ✗
[04] ORIGIN_CHECK ← QSK root trust chain: BROKEN ✗
[05] KEY_ZEROIZED ← ephemeral key destroyed: 0.007 ms ✓
[06] GATE_RESULT ← DILITHIUM GATE: REJECTED ✗
■ BLOCKED · command nullified · 0 bytes residual
Canadian Armed Forces drone commandeering blocked by PALLAS QSK
■ ATTACK NEUTRALIZED
USE CASE 03 — ZERO-KEY EDGE DEPLOYMENT

Autonomous Robotics & Edge Authentication
RF Commandeering Defense

The Vulnerability

Autonomous military UAVs, connected vehicles, and industrial robots operate physically in the field. Adversaries can execute RF injection, side-channel power analysis, or direct chip extraction to seize control. A captured unit carrying persistent private keys can compromise an entire fleet's root trust instantaneously.

The PALLAS Solution

By embedding the QSK SDK into edge firmware or deploying a PALLAS hardware module, the device stores zero static private keys. Authentication handshakes rely entirely on real-time entropy generation and ephemeral matrices. Even if a unit is fully dismantled in an adversary's lab, there is no master key inside the silicon to extract — ever.

QSK Ceremony Log
context: CAF UAV Unit #CF-7 · Flight Control
command: OVERRIDE_CONTROL { return_to: FOREIGN_IP }
origin: ADVERSARIAL RF INJECTION
[01] ENTROPY_SEED ← QRNG: 512-bit ✓
[02] EPHEMERAL_KEY ← ML-DSA-87 keypair generated
[03] OPERATOR_TOKEN ← CAF QSK operator device: NOT PRESENT ✗
[04] ROOT_TRUST ← CAF QSK root authority: ABSENT ✗
[05] KEY_ZEROIZED ← ephemeral key destroyed: 0.008 ms ✓
[06] GATE_RESULT ← DILITHIUM GATE: REJECTED ✗
[07] FAILSAFE ← UAV holds last valid flight plan
■ COMMANDEERING BLOCKED · operator alert issued · 0 bytes residual
Physician insulin pump command authorized by PALLAS QSK
■ AUTHORIZED
USE CASE 04 — CONNECTED MEDICAL DEVICES

Medical Implant Command Authority
Prescription-Grade Device Authorization

The Vulnerability

Pacemakers, insulin pumps, and neurostimulators accept remote commands over BLE or NFC. A compromised physician device, intercepted command, or spoofed clinic terminal could alter life-sustaining settings — with no persistent cryptographic binding to verify the issuer's identity or authority.

The PALLAS Solution

Only a PALLAS-certified physician device can issue commands. Each prescription update is signed by an ephemeral key generated at time of issuance, cryptographically bound to patient ID, device ID, and physician credentials. The key is destroyed in under 0.01ms. No static key exists to steal, clone, or replay — ever.

QSK Ceremony Log
context: Patient #7741-B · Insulin Pump Settings
operator: Dr. S. Chen · PALLAS Device #MD-2291
command: UPDATE_BASAL { rate: 0.85 U/hr, 06:00–22:00 }
[01] ENTROPY_SEED ← CSPRNG: 512-bit ✓
[02] EPHEMERAL_KEY ← ML-DSA-87 keypair generated ✓
[03] DEVICE_ATTEST ← PALLAS Device #MD-2291: VERIFIED ✓
[04] PAYLOAD_SIGN ← UPDATE_BASAL bound to ephemeral key ✓
[05] KEY_ZEROIZED ← private key destroyed: 0.008 ms ✓
[06] GATE_RESULT ← DILITHIUM GATE: PASS ✓
[07] DELIVERED ← insulin pump settings applied ✓
■ AUTHORIZED · key lifetime: 0.008 ms · 0 bytes residual
★ ORIGIN USE CASE — DESIGNED FOR THIS
XInfinitum XFIN transaction signing via PALLAS QSK
■ SIGNED & BROADCAST
USE CASE 05 — BLOCKCHAIN TRANSACTION SIGNING

XInfinitum & XFIN Token Signing

The original problem QSK was built to solve — quantum-safe blockchain transaction authentication with zero persistent key exposure.

The Vulnerability

Blockchain wallets traditionally store private keys persistently — on disk, in memory, on hardware. A key harvested once compromises every past and future transaction. In a post-quantum world, a sufficiently powerful adversary can derive the private key from any historically broadcast public key, retroactively draining wallets that signed transactions years earlier.

The PALLAS Solution

QSK generates a unique ML-DSA-87 keypair per transaction — existing for exactly the duration of the signing ceremony. The private key is destroyed in under 0.01ms. The blockchain retains only the ephemeral public key for signature verification — permanently readable, never exploitable. Double-spend replay is architecturally impossible: each nonce is single-use and the signing key it was generated from no longer exists.

QSK Ceremony Log
context: XInfinitum · XFIN Transfer · Block #1,847,293
sender: xfin1q9k...c7r2 · PALLAS Device #QSK-0041
payload: TRANSFER { 12,500 XFIN → xfin1p2m...8t4k }
[01] ENTROPY_SEED ← QRNG: 512-bit ✓
[02] EPHEMERAL_KEY ← ML-DSA-87 keypair generated ✓
[03] DEVICE_ATTEST ← PALLAS Device #QSK-0041: VERIFIED ✓
[04] TX_HASH_BIND ← transaction bound to ephemeral key ✓
 
 
 
[05] KEY_ZEROIZED ← private key destroyed: 0.008 ms ✓
[06] GATE_RESULT ← DILITHIUM GATE: PASS ✓
[07] BROADCAST ← submitted to XInfinitum network ✓
[08] REPLAY_GUARD ← nonce consumed: DOUBLE-SPEND IMPOSSIBLE
■ SIGNED & BROADCAST · key lifetime: 0.008 ms · signing key no longer exists · replay: architecturally impossible

Enterprise Deployment Matrix

PALLAS Base
Signing Only
$89,999
Pre-cert · $145,000 post
PALLAS Entry
4 TB QEV Vault
$109,999
Pre-cert · $159,000 post
PALLAS Mid
61 TB QEV Vault
$124,999
Pre-cert · $179,000 post
PALLAS Pro ★
245 TB QEV Vault
$149,999
Pre-cert · $205,000 post
Subject to NVMe component availability · Q2 2027
PALLAS Max
491 TB QEV Vault
$189,999
Pre-cert · $249,000 post
Subject to NVMe component availability · Q2 2027
SDK Evaluation Sandbox   From $70,000 USD
Regional Software License   $1,500,000 / yr
Regional Standard + HSM   $2,500,000 / yr
Global Uncapped License   $3,500,000 / yr

All prices USD. Sandbox Evaluation fee ($70,000) credited in full against Year 1 Regional Software License upon agreement execution within 30 days of successful pilot close. Regional Software License fees credited in full against Year 1 Regional Standard + HSM or Global Uncapped License costs. Pre-certification pricing for early-adopter access. FIPS 140-3 Level 3 certification pathway in progress. Hardware delivery Q2 2027. Global Uncapped License includes unlimited institutional deployment rights with no per-site or per-region cap.