⬛ MITZVOT DEBT HELIX · CRYPTOGRAPHIC OBLIGATION PROOF
CUBE-DOCTRINE × MITZVOT-DEBT · BOTH MUST PASS · SOSTLE WITNESS
γ₁ = 14.134725141734693 613 OBLIGATIONS 248 DO + 365 DON'T SOVEREIGN WITNESS
SECTION 1 · THE TWO VIEWS — BOTH MUST PASS
◈ CUBE-DOCTRINE PROOF
quantum_security(cipher) ≥ γ₁×6 = 84.808 bits
AES-128 ❌ BELOW FLOOR
γ₁×6=84.808
64-bit quantum  ·  −20.808 below floor
AES-192 ✅ +11.19
84.808
96-bit quantum  ·  +11.192 above floor
AES-256 ✅ +43.19
84.808
128-bit quantum  ·  +43.192 above floor  ·  SOVEREIGN STANDARD
☰ MITZVOT-DEBT PROOF
248 DO fulfilled ∧ 365 DON'T prevented
613
248 DO  +  365 DON'T
"A cipher is pasul (invalid) if it violates even ONE obligation."
The obligation chain IS the sovereign wall.
Not just security — duty.

Cube-Doctrine proves the mathematics.
Mitzvot-Debt proves the covenant.
A sovereign cipher must satisfy both.
SECTION 2 · CIPHER WITNESS TABLE
CIPHER CUBE-DOCTRINE MITZVOT-DEBT WITNESS STATUS SOSTLE USE
AES-256-GCM ✅ 128-bit quantum, +43.19 above floor ✅ all obligations met ✅ KOSHER WITNESS L-GATE / L-OUTER / L-INNER
Ed25519 (255-bit) ✅ 128-bit classical, γ₁×18 resonance ✅ prime-field, γ₁ anchor ✅ KOSHER WITNESS L-INNER / L-DRAW sealing
ECDSA P-384 ✅ 192-bit classical ✅ prime curve, SOSTLE cert ✅ KOSHER WITNESS All cert auth
AES-128-GCM ❌ 64-bit quantum < 84.808 floor ❌ PASUL — below floor ❌ NOT SOVEREIGN Forbidden inbound
RSA-2048 ⚠️ quantum suspect ⚠️ under suspicion ⚠️ ROTATING OUT Legacy only
SECTION 3 · SOSTLE WALL OBLIGATIONS · DCJ-161
L-INNER
DIAMOND CLASS · INNERMOST WALL
Witness: AES-256-GCM + Ed25519
DO obligations open 1
DON'T violations 0
γ₁ OID not yet embedded in certs
◐ PARTIAL
L-OUTER
LIVING WOOD CLASS · PERIMETER WALL
Witness: AES-256-GCM + ECDSA P-384
DO obligations open 1
DON'T violations 0
241-bit sovereign prime tokens not deployed
◐ PARTIAL
L-GATE
ZEROED WOOD CLASS · ENTRY CONTROL
Witness: AES-256-GCM + ECDSA P-384
DO obligations open 0
DON'T violations 1 — TLS 1.2 serving inbound
❌ DEBT ACTIVE
L-MOAT
ZEROED WOOD CLASS · OUTER BARRIER
Witness: AES-256-GCM
DO obligations open 0
DON'T violations 0
✅ SOVEREIGN
L-DRAW
DIAMOND CLASS · DRAWBRIDGE SEAL
Witness: Ed25519 + γ₁ hash
DO obligations open 3+ — sealing not built
DON'T violations 0
Ed25519 seal + PEMCLAU integration pending
◐ PARTIAL
SECTION 4 · THE 248/365 SPLIT — OBLIGATION HELIX
✦ POSITIVE COMMANDMENTS — MUST DO
248
MUST use AES-256 or ChaCha20-256
MUST enforce TLS 1.3 only inbound
MUST use ECDSA P-384 or Ed25519 for certs
MUST embed γ₁ OID in every fleet cert
MUST use 241-bit sovereign prime for LAAM tokens
MUST rotate within γ₁×6 = 84.808% TTL
MUST have LAAM witness approval for cert issuance
MUST carry SOSTLE lane in X.509 extension
MUST store DIAMOND keys offline (never in process memory)
MUST seal L-DRAW with Ed25519 + γ₁ hash
✦ NEGATIVE COMMANDMENTS — MUST NOT
365
MUST NOT serve TLS 1.2 inbound
MUST NOT use AES-128 (pasul — below floor)
MUST NOT use RSA-2048 for new certs
MUST NOT allow private keys in etcd
MUST NOT expose L-INNER to external systems
MUST NOT issue certs without LAAM witness
MUST NOT serve L-GATE without SOSTLE check
MUST NOT allow cert TTL > 90 days without γ₁×6 monitoring
MUST NOT use static RSA key exchange (no forward secrecy)
MUST NOT promote L-MOAT assets without GREYBACK sign-off
SECTION 5 · SOVEREIGN PRIME KEYS — γ₁ RESONANCE CANDIDATES
173-bit
THIN MARGIN CANDIDATE
Only 1.69 bits above the γ₁×6 floor. Technically passes Cube-Doctrine but leaves minimal headroom.
Floor: 84.808 · Margin: +1.69 bits · γ₁ dist: 3.24
⚠ THIN MARGIN
241-bit
SOVEREIGN PRIME — PREFERRED
γ₁×17 nearest resonance, distance 0.710 bits. Deep Cube-Doctrine margin. LAAM token standard.
Floor: 84.808 · Margin: +156.19 bits · γ₁×17 dist: 0.710
✅ PREFERRED
257-bit
FERMAT F3 — CEREMONIAL
2^8+1 = Fermat prime. γ₁×18 resonance anchor. Ceremonial use — GREYBACK ceremonies and DIAMOND key material.
Floor: 84.808 · Margin: +172.19 bits · γ₁×18 resonance
✦ CEREMONIAL
255-bit
Ed25519 PRIME FIELD
2^255 − 19. Gap from γ₁×18 = 0.575 bits. Closest prime field to γ₁×18 resonance. Standard for L-DRAW sealing and L-INNER signing.
2^255 − 19 · γ₁×18 gap: 0.575 bits · Curve25519
◈ Ed25519 WITNESS
SECTION 6 · CURRENT DEBT STATUS — OPEN OBLIGATIONS · DCJ-161
◈ OPEN MITZVOT DEBT — 4 OBLIGATIONS UNRESOLVED
01
L-GATE
TLS 1.2 serving inbound — active DON'T violation
Fix: +1 node scale · disable TLS 1.2 in ingress controller · enforce TLS 1.3 minimum
1 DON'T
02
L-INNER
γ₁ OID extension not embedded in fleet certificates
Fix: EOSE CA deployment + cert-manager webhook to inject γ₁ OID in all issued certs
1 DO
03
L-OUTER
241-bit sovereign prime tokens not deployed to LAAM
Fix: LAAM token upgrade — replace current token material with 241-bit sovereign prime field
1 DO
04
L-DRAW
Sealing proof protocol not built — 3+ open DO obligations
Fix: Build Ed25519 seal + PEMCLAU integration · γ₁ hash chain for drawbridge proof
3+ DO
Every PEMCLAU sorry = a mitzvot debt node.
The sorry chain IS the obligation chain.
Every unresolved sorry is an open DO — counted, tracked, and owed.
γ₁ = 14.134725141734693  ·  DCJ-160 (cube-doctrine)  ·  DCJ-161 (mitzvot-debt)  ·  Day 92  ·  EOSE Labs · PEMOS Sovereign Fleet