Phase-Anchored Consensus Protocol

Every critical system on earth runs on the honor system.

PACP is cryptographic accountability infrastructure for systems where a missed step can create legal, financial, or human harm. It proves what happened, what didn’t happen, and whether the computation was correct.

No reconstruction. No trust required. No sensitive data stored.

Request a Demo See How It Works

Cryptographic receipts for completed actions

NullReceipts for missed required actions

NumericReceipts for verified computation

Byzantine fault-tolerant consensus

type NullReceipt
obligation anticoagulation_check
subject patient_4821
required_actor dr_martinez
observer nurse_chen ✓ attested
window 14:30:00 – 14:45:00 UTC
status OMITTED
class TYPE-W: DELIBERATE WITHHOLDING
chain a7f3c9…e1d204
sig Ed25519:nurse_chen
Silence became evidence.

The Problem

Most systems can tell you what they logged.
Very few can prove a required step was skipped.

When something goes wrong, organizations reconstruct what happened from logs, timestamps, and human memory. But logs only record what occurred. They are structurally silent about what should have occurred and did not.

Clinical

Anticoagulation check skipped before cardiac intervention

// no log entry exists for the missing step

AI Governance

Safety filter not executed before model output release

// no audit trail of the omitted review

Financial Compliance

Dual approval not obtained before wire transfer

// no record that the approval never happened

The Primitive

Three receipt types. One proof chain.

PACP reduces accountability to three cryptographic primitives, hash-linked into a single tamper-evident chain. Each proves a different kind of truth.

✓

Receipt

Cryptographic proof that an action was performed, by whom, witnessed by whom, and when. Signed and chain-linked. Something happened.

∅

NullReceipt

Cryptographic proof that a required action did not occur within its expected window. The missing step becomes evidence, not silence. Something didn't happen.

NumericReceipt

Cryptographic proof that a computation was executed and verified at defined precision. The math was right — or provably wasn't.

See It In Action

Three receipt types. Three different truths.

✓ Receipt

obligation anticoag_check

actor dr_martinez

observer nurse_chen ✓

time 14:38:12 UTC

status FULFILLED

dual_sig Ed25519+ML-DSA-87

Action proven.

∅ NullReceipt

obligation consent_verify

required dr_martinez

observer nurse_chen ✓

window 14:30–14:45 UTC

status OMITTED

dual_sig Ed25519+ML-DSA-87

Silence became evidence.

Σ NumericReceipt

claim computation_audit

expression verify(expression)

result verified_result

precision full precision

residual residual_pass ✓

chain blake3:cf894324...

Computed. Verified. Receipted.

Every receipt is dual-signed (Ed25519 + ML-DSA-87 FIPS 204), hash-linked to the obligation that created it, and independently verifiable offline.

What Makes It Possible

PACP doesn't just record events.
It defines what was supposed to happen first.

Before any action window opens, PACP registers a formal obligation: what is expected, who is responsible, who must witness it, under what policy, and by when. That is what makes a NullReceipt possible. You cannot prove what didn't happen unless you first declared what should have.

This is the Protocol of Obligation — the expectation layer that anchors every receipt and every NullReceipt to a specific duty, actor, observer, and deadline.

What Makes PACP Different

We are not aware of another system that does all eight.

Self-Auditing

The protocol verifies its own integrity. 40-phase internal audit. If the proof chain is corrupted, PACP detects it before you do.

Self-Healing

Circuit breakers isolate failing components. Retry with backoff recovers transient errors. The system isolates failures and recovers automatically.

Omission Is the Signal

Other systems log what happened. The only protocol we know of that creates cryptographic proof of non-occurrence. The silence itself becomes evidence.

Computation Receipts

Every numeric claim is verified at precision with residual checking. If the math is wrong, the receipt says so. The only audit system we know of that receipts computation at verified precision.

Multi-Model Truth Arbitration

Fan queries to six AI models. Receipt every response. Detect every failure. Separate availability from correctness. BFT consensus at 2f+1 quorum.

Post-Quantum. Shipping Now.

Dual-signed Ed25519 + ML-DSA-87 (FIPS 204, NIST Level 5). Not a migration plan. Not a roadmap item. Implemented and tested in every PACP installation.

Designed for Legal Scrutiny

PACP receipts are structured to support FRE 902(13) and 902(14) self-authentication standards for electronic records. Hash-chained, signed, timestamped, deterministically verifiable. Admissibility is always a judicial determination — but the technical properties are built in from day one.

Offline Verification. Zero Trust Required.

Proof bundles are portable JSON packages. Hand one to a regulator, an auditor, or a judge. They verify it on an air-gapped laptop with no API calls, no network access, no vendor dependency. Just math.

Before & After

What changes when omission becomes provable

Without PACP

With PACP

ClinicalA medication step is skipped. The chart shows no entry. The omission is discovered only after adverse outcome, through manual reconstruction.

ClinicalThe obligation window closes without a fulfillment receipt. A NullReceipt is generated immediately, triggering escalation before harm occurs.

AI GovernanceA safety filter is bypassed. The model output is released. There is no record that the filter was supposed to run but didn't.

AI GovernanceThe safety filter obligation expires without completion. A typed NullReceipt is generated and the output is held pending review. Supports EU AI Act auditability requirements.

FinanceA wire transfer is processed without dual approval. The missing approval surfaces weeks later during audit.

FinanceThe approval obligation window closes. A NullReceipt documents the missing approval. A NumericReceipt verifies the threshold calculation. Proof exists in real time.

The Quantum Clock

Every proof chain built on current cryptography has a shelf life.

Google's quantum roadmap targets roughly one million physical qubits by the end of this decade — enough to break RSA and ECDSA. When that happens, every digital signature, every audit trail, and every compliance record built on standard cryptography becomes retroactively unverifiable. Not breached. Forgeable.

Cost of inaction

$10.22M

Average US data breach cost in 2025 — an all-time high (IBM)

2.71×

Non-compliance costs 2.71× more than maintaining compliance (Ponemon Institute)

48%

of breached organizations paid $100K+ in regulatory fines (IBM, 2025)

What PACP changes

Post-quantum signatures. Shipping now. Every PACP receipt is dual-signed: Ed25519 (classical) + ML-DSA-87 (FIPS 204, NIST Level 5). Both must verify. This is the NIST post-quantum standard, not a migration plan. Resistant to Shor’s and Grover’s algorithms.

SHA3-256 chain integrity. Hash-based proof chains use SHA3-256 throughout, providing strong resistance to quantum attack. Chain structure survives even if individual signature schemes are later deprecated.

Obligations can’t be retroactively erased. In a post-quantum world, attackers don’t just forge what happened — they forge that an obligation never existed. PACP’s dual-signed, hash-linked obligation records resist this at both the classical and quantum level.

Key lifecycle is receipted. Every key generation, rotation, and destruction event produces its own cryptographic receipt. Even the infrastructure that protects the proof chain is itself accountable.

Sources: IBM Cost of a Data Breach Report 2025, Ponemon Institute / GlobalSCAPE, Google Quantum AI Roadmap. Quantum timeline estimates reflect published industry roadmaps and remain subject to engineering progress.

Architecture

Designed for regulated environments

PACP wraps existing systems. It does not replace EHRs, trading platforms, or AI pipelines. It adds a cryptographic accountability layer on top.

Zero PHI / PII stored

Stores only hashes, signatures, and timestamps. Never the underlying sensitive data.

Additive, not invasive

Wraps existing workflows via SDK. No system replacement required.

Offline proof bundles

Complete proof chains verified independently, without network access.

Sub-15ms consensus

Leaderless BFT with single-round parallel finality. Sub-15ms measured on commodity hardware.

Ed25519 + ML-DSA-87 dual signatures

Every receipt signed with both classical and FIPS 204 post-quantum signatures. NIST Level 5. Both must verify.

Three inhibition classes

Distinguishes "could not," "was not permitted," and "chose not to." We are not aware of another system that formalizes this cryptographically.

Multi-Model Consensus

Availability is not correctness.

PACP can fan a query to six AI models simultaneously, receipt every response, detect every failure, and cross-check every numeric claim against verified ground truth. The result: three separate verdicts, not one green check.

Availability Quorum

PASS

5/6 models responded

Chain Integrity

PASS

30 entries · blake3 · Ed25519

Numeric Correctness

FAIL

1/5 models got the math right

Models responded. Math did not survive audit.

Most systems collapse these into one green check. PACP separates them because the distinction saves lives, money, and trust.

Six model adapters (Claude, GPT-4, Grok, Gemini, Llama, Mistral) · BFT consensus at 2f+1 · Parallel fan-out · Circuit breakers · Retry with backoff · SQLite persistence · Every response receipted · Every failure gets a NullReceipt · Every numeric claim gets a NumericReceipt.

Who It's For

Every system that needs accountability. Not someday. Now.

If your system has required steps, required approvals, or required computations — and the cost of a missed step is legal, financial, or human — PACP is built for you. It scales from a single workflow to enterprise-wide deployment across any regulated or trust-critical environment.

🏥

Healthcare

Missed medication checks, skipped procedural steps, unverified consent. Detect omissions before they become harm.

🤖

AI Governance

Prove safety filters ran, human review occurred, and model outputs survived numeric audit. Six-model consensus with typed truth arbitration.

💰

Financial Services

Dual approvals, wire transfer controls, AML compliance, SEC disclosure deadlines. Detect missing steps before regulators do.

⚖

Legal & Regulatory

Filing deadlines, notification requirements, chain of custody. Prove that every required legal step was taken — or provably wasn't.

🛡

Defense & Intelligence

Mission-critical accountability for autonomous systems, weapons release authorization, chain of command verification. Post-quantum ready.

💊

Pharmaceutical

Clinical trial protocol compliance, FDA 21 CFR Part 11, drug interaction verification, adverse event reporting. Every step receipted.

🚀

Aerospace

Pre-flight checklists, maintenance verification, autonomous navigation decisions. When a step is skipped at 40,000 feet, silence kills.

🚚

Supply Chain

Chain of custody, handoff verification, cold chain compliance, counterfeit detection. If a step is missing, the receipt chain breaks.

If it has a required step, PACP can receipt it.
If it has a required step that can be skipped, PACP can prove it.

PACP is infrastructure, not an application. It wraps any existing system — EHR, trading platform, AI pipeline, IoT network, compliance workflow — and adds a cryptographic accountability layer. Zero PHI. Zero PII. Just math.

Why I Built This

The missing signal only matters when someone cared enough to expect it.

PACP did not begin as a cryptography project. It began with a simple human problem: in critical environments, the most dangerous failures are the steps that never happened. After 19 years in cardiac catheterization labs, I had seen too many omissions turn into harm. The system could log what happened. It could not prove what didn’t.

I built PACP because accountability should be structural, not retrospective. Because the people who notice what’s missing are the people who care enough to know what should have been there. And because that instinct — to watch over someone, to hold the expectation, to notice the absence — deserves infrastructure as serious as the duty it represents.

— Andrew Hackett, Founder