A New Generation Architecture of Blockchain

What happens when you break the one assumption every blockchain has shared since 2009?

April 2026 · 35 min read

In January 2009, Satoshi Nakamoto launched Bitcoin with a design decision so fundamental that it became invisible. Every blockchain built in the seventeen years since — Ethereum, Solana, Cosmos, Polkadot, every Layer-2, every rollup — has inherited this decision without questioning it.

The decision is this: a private key is simultaneously the user's identity, authorization mechanism, and cryptographic implementation.

The Equation Every Blockchain Shares Private Key = Identity = Authorization Mechanism = Cryptographic Signature Scheme // One object. Four distinct concerns. Welded together.

This seems natural. Your key is you. Your key authorizes transactions. Your key produces signatures. Three roles, one object — elegant and simple.

But elegance is not the same as correctness. In software architecture, binding orthogonal concerns into a single abstraction has a name: coupling. And coupling at the foundation of a system propagates upward into every layer built on top of it.

This paper argues that most of the problems the blockchain industry has spent the last decade trying to solve — key recovery, post-quantum migration, conditional access control, cross-chain identity, institutional custody — are not independent problems at all. They are symptoms of a single architectural defect: the conflation of identity, authorization, and cryptographic mechanism into one inseparable object.

We then present an architecture that separates these concerns, and show that doing so causes entire categories of complexity to collapse.

Part I

The Cost of Conflation

Consider what happens when a single private key plays all four roles simultaneously.

Key Loss Equals Identity Death

If your private key is your identity, then losing it does not merely lock you out of your account — it destroys your existence on the network. There is no "forgot password" because there is no distinction between a credential (which can be reissued) and an identity (which persists). An estimated $140 billion in Bitcoin is permanently inaccessible for this reason.1

The industry's response — social recovery, guardian networks, multi-sig wallets — is an attempt to reconstruct the credential/identity distinction that the architecture eliminates. But these solutions are application-layer patches on a protocol-layer conflation. They add trust assumptions, coordination overhead, and gas costs because the protocol itself offers no concept of "same identity, different credential."

Cryptographic Lock-In

If your private key is both your identity and your cryptographic mechanism, then changing the mechanism means changing your identity. This is why post-quantum migration is an existential crisis for existing blockchains, not a routine upgrade.

NIST finalized ML-DSA (CRYSTALS-Dilithium) as the post-quantum signature standard in 2024. Its signatures are 2,420 bytes at security level 2 — versus 64 bytes for Ed25519. At the protocol level, this means:

30–60× Data Expansion

ML-DSA-44 signatures + public keys total 3,732 bytes per transaction, versus 96 bytes for Ed25519. ML-DSA-87 reaches 7,219 bytes.

85–90% Throughput Loss

Block space consumed by authorization data alone forces either massive throughput reduction or block size inflation that centralizes validation.

Identity Migration

Every user must generate new keys, register new addresses, and migrate all assets. Every counterparty, contract, and allowlist must update. The address is the key.

Every chain faces the same impossible tradeoff: adopt post-quantum cryptography and lose most of your throughput, or stay fast and stay vulnerable. This tradeoff exists because authorization means signature verification. If authorization were not bound to any specific cryptographic primitive, the choice of signature scheme would be an implementation detail, not an existential decision.

No Conditional Control

In traditional finance, control over assets is routinely conditional: time-locked trusts, co-signatory requirements, compliance-gated transfers, inheritance upon legal events. These are not edge cases — they represent the majority of institutional asset management.

On a blockchain where "authorized" means "possesses the private key," there is no native concept of conditional authorization. The key holder has unconditional, immediate, irrevocable control. Implementing conditions requires encoding them in smart contracts — which means gas costs, attack surface, and state bloat for what should be a structural property of the authorization model.

Cross-Chain Fragmentation

If identity is a specific key in a specific format on a specific chain, then the same human has a different identity on every network they use. Cross-chain operations require bridge protocols not because moving value across networks is inherently hard, but because identity cannot cross the boundary. Bridges exist to compensate for the absence of a chain-independent identity primitive. The $2.8 billion lost in bridge exploits is a direct cost of this absence.2

Observe the pattern: each of these problems arises from the same root cause, yet the industry treats them as separate challenges requiring separate solutions. Account abstraction for flexible accounts. MPC for multi-party control. Social recovery for key loss. Bridge protocols for cross-chain. Each solution adds a layer of complexity to work around a constraint that should not exist.

The right question is not "how do we build better workarounds?" It is: "what happens when we remove the constraint?"
Part II

The Separation

The architecture we describe rests on a single structural principle: identity, authorization, and cryptographic mechanism are three independent concerns that must be designed, implemented, and evolved independently.

Traditional Architecture Private Key →→→ Identity + Authorization + Cryptography // Tightly coupled. Change one, change all. Separated Architecture Identity Layer: deterministic derivation → stable commitment Authorization Layer: independent paths, conditional activation Cryptographic Layer: replaceable mechanism, zero identity impact // Orthogonal. Evolve each independently.

We now describe each layer in detail, then show the emergent properties that arise from their combination.

Layer 1

Deterministic Identity Derivation

The foundation is a generative framework — we call it ACE-GF (Atomic Cryptographic Entity Generative Framework)3 — that derives identity from an ephemeral root, not from a persistent key.

A 256-bit Root Entropy Value (REV) serves as the identity root. From this single value, HKDF-SHA256 with explicit context tuples deterministically generates all downstream identifiers:

Identity Commitment IDcom = Poseidon(UUID || salt || domain) // UUID = HKDF(REV, context) — deterministic identity // salt = per-commitment randomization // domain = chain/application namespace Address Derivation // Same identity, every chain's native format IDcom → keccak256(IDcom)[12:] // EVM 20-byte address IDcom → HKDF(IDcom, "solana") // SVM 32-byte public key IDcom → HKDF(IDcom, "bitcoin") // BVM 33-byte compressed key

Three properties of this construction are critical:

The REV is ephemeral. It exists in memory only during enrollment or recovery, then is immediately zeroized. What persists is a sealed artifact (SA): the REV encrypted under a composite credential via AES-GCM-SIV, with the credential derived through Argon2id. There is no seed phrase. There is no persistent private key. The identity lives in the mathematical relationship between the sealed artifact and the credential, not in any single stored value.

Context isolation is cryptographic. The derivation context tuple Ctx = (AlgID, Domain, Index) ensures that keys derived for different purposes are computationally independent. Compromising a key derived for one application domain reveals nothing about keys derived for another. This is not access-control policy — it is information-theoretic separation enforced by the KDF.

Identity is hash-based, not scheme-based. The identity commitment is a Poseidon hash — it is not an elliptic curve point, not a lattice vector, not any artifact of a specific signature scheme. When the underlying cryptographic mechanism changes (e.g., from ECDSA to ML-DSA), the identity commitment remains unchanged. Migration can be reduced to a local credential and implementation update, without identity rotation.

What This Enables

With identity decoupled from key material, a single identity natively maps to every chain's address format through deterministic arithmetic. Cross-chain identity is not a protocol — it is a computation. Given an IDcom, any node on any chain can derive the corresponding native address locally, without lookups, bridges, or relayers.

Recovery becomes deterministic re-derivation, not social consensus. If the user can reconstruct the REV (via the sealed artifact and the original credential), all addresses, keys, and authorization paths regenerate identically. No guardian networks. No multi-sig ceremonies. No coordination.

Layer 2

Dormant Authorization Paths

In a traditional blockchain, possessing the private key grants unconditional, immediate control. There is no concept of "authorized under conditions" at the protocol level.

The separated architecture introduces authorization paths4 — derivation branches under the same identity root that remain cryptographically inactive until all required components are simultaneously available.

Authorization Path Construction APj = (REVroot, UserCredj, {AdminFactorj,1, ..., AdminFactorj,n}) // Path is DORMANT until ALL components available // Components held by independent custodians // Identity (ID_com) unchanged regardless of path state Sealed Artifact SA = Seal(params, UserCred || AdminFactor1 || ... || AdminFactorn, REV) // AES-GCM-SIV encryption, Argon2id-derived key // REV zeroized immediately after sealing

The key insight is that activation and revocation are structural, not stateful:

Activation. A dormant path activates when all its credential components become available simultaneously. The components can be distributed across independent parties — a time-lock oracle, a compliance officer, a co-signatory, the account holder. No single party can activate the path alone. This is not multi-sig (no signing ceremony) and not MPC (no key splitting). It is architectural threshold: the REV can only be reconstructed when the composite credential is complete.

Revocation. Destroying any single AdminFactor renders the authorization path permanently unusable. The REV cannot be reconstructed without the complete credential. This revocation is:

Instant

No on-chain transaction, no confirmation time, no block finality. The path is dead the moment the factor is destroyed.

Stateless

No revocation lists, no state updates, no on-chain footprint. The blockchain does not need to know a path was revoked — it simply can never be activated.

Zero-Cost

No gas, no asset migration, no address changes. The identity commitment remains the same. Only the authorization topology changes.

Condition-Triggered Control

Because authorization paths are independent of identity, a single identity can have multiple paths with different activation conditions:

// Same identity root (REV), different authorization semantics Path A: Daily operations UserCredA = passkey biometric AdminFactors: none // Immediate access for the account holder Path B: Institutional co-control UserCredB = holder credential AdminFactors: {compliance_officer, risk_manager} // Requires 3-party availability for large transfers Path C: Inheritance UserCredC = beneficiary credential AdminFactors: {legal_executor, time_oracle(T > death_cert_date)} // Dormant until legal event + time condition met Path D: Emergency freeze AdminFactors: {regulator_attestation} // Compliance-gated, revocable by destroying factor

Most of this can be implemented without relying on smart contracts for the authorization logic itself. The conditions are structural properties of the derivation graph, not logic executed on-chain. This avoids the gas cost of contract-based condition evaluation, much of the attack surface from contract bugs, and the state bloat of time-lock records. The authorization model is part of the cryptographic construction, not primarily a program running on top of it.

This single layer captures much of the core functionality targeted by ERC-4337 account abstraction, multi-sig wallets, MPC threshold signing, time-lock contracts, and smart-contract-based custody — not by reimplementing them, but by making the architectural constraints that necessitated them no longer exist.

Layer 3

Authorization Without Signatures

This is where the architecture produces its most counterintuitive — and most consequential — result.

Every blockchain verifies authorization by checking signatures: a mathematical object that proves "this key signed this message." But consider what consensus actually needs. It does not need to know which algorithm was used, what the public key looks like, or how the signature was constructed. It needs exactly one assurance: "the entity that controls this identity authorized this transaction."

Once identity is a hash commitment rather than a public key, this assurance can be provided by a zero-knowledge proof rather than a signature. We call this construction ZK-ACE.5

Traditional Authorization Verify(public_key, signature, message) → bool // On-chain data: public key + signature // PQC cost: 3,732 – 7,219 bytes per transaction // In-circuit cost: 2,000,000+ R1CS constraints (lattice arithmetic) ZK-ACE Authorization Verify(proof, {IDcom, tx_hash, nonce, domain}) → bool // Proof attests: "I know the preimage of ID_com // and I authorize tx_hash // under domain separation" // On-chain data: 288 bytes (proof + public inputs) // Circuit cost: 4,024 R1CS constraints (hash + equality only)

The Circuit

The ZK-ACE circuit contains five constraint groups, totaling 4,024 R1CS constraints. Every constraint is either a Poseidon hash invocation or a field-element equality check. There is no elliptic curve arithmetic, no lattice arithmetic, no pairing computation inside the circuit.

ZK-ACE Constraint Decomposition C1: Commitment Consistency // 805 constraints, 1 Poseidon "I know (UUID, salt, domain) such that Poseidon(UUID || salt || domain) = IDcom" C2: Derivation Correctness // 1,200 constraints, 2 Poseidon "The target address is correctly derived from UUID under the specified context" C3: Authorization Binding // 1,615 constraints, 1 Poseidon "This identity authorizes this specific tx_hash" C4: Replay Prevention // 400 constraints, 1 Poseidon "The nonce/nullifier is correctly derived and fresh" C5: Domain Separation // 4 constraints, equality checks "All bindings include the correct domain tag" Total: 4,024 R1CS constraints, 5 Poseidon invocations

Performance

Benchmarked on a reference implementation (arkworks + Groth16/BN254, single-threaded Apple M3 Pro):

288bytes
Total on-chain auth data
52.3ms
Proof generation
604µs
Proof verification
4,024
R1CS constraints
Signature Scheme Sig + PK Size ZK-ACE Reduction
Ed25519 (current standard) 96 bytes 288 bytes 3× larger6
ML-DSA-44 (NIST PQC Level 2) 3,732 bytes 288 bytes 13× smaller
ML-DSA-65 (NIST PQC Level 3) 5,261 bytes 288 bytes 18× smaller
ML-DSA-87 (NIST PQC Level 5) 7,219 bytes 288 bytes 25× smaller
SLH-DSA-128f (hash-based PQC) 17,120 bytes 288 bytes 59× smaller

The crucial comparison is in-circuit cost. Verifying an ML-DSA signature inside a ZK circuit requires performing NTT (Number Theoretic Transform) operations over degree-256 polynomials in a non-native field — at least 2 million R1CS constraints. ZK-ACE uses 4,024 constraints. This is not a constant-factor improvement; it is a ~500× reduction achieved by proving a different statement entirely: authorization semantics instead of signature validity.

Proof System Agnosticity

Because the circuit uses only hash functions and equality constraints, it is compatible with any proof system satisfying soundness, zero-knowledge, and public-input binding:

Backend Options Groth16: 128-byte proofs, fastest verification trusted setup per-circuit PLONK/KZG: 400–600 byte proofs universal setup (reusable across circuits) STARKs/FRI: 40–100 KB proofs transparent setup (none required) // plausibly post-quantum secure Bulletproofs: ~700 byte proofs transparent setup, slower verification

The identity commitment is hash-based and proof-system-independent. Migrating from Groth16 to STARKs (for post-quantum security of the proof system itself) requires no identity rotation, no re-registration, no on-chain migration. The proof backend is an implementation detail behind a stable authorization interface.

The Post-Quantum Resolution

This is how the architecture resolves the post-quantum throughput crisis. The user's keys can be ML-DSA, SLH-DSA, or any future post-quantum scheme — that is a local implementation choice. What goes on-chain is a 288-byte ZK proof that the identity commitment holder authorized the transaction. The proof verifier does not know or care what signature scheme was used. It does not even see a signature.

Furthermore, when a block contains thousands of transactions, individual proofs can be aggregated into a single STARK/FRI batch proof. O(n) per-signature verification collapses to O(1). The post-quantum era can arrive without the conventional throughput penalty associated with carrying PQC signatures through the consensus-critical path — not because PQC signatures were optimized, but because signatures were removed from that path entirely.

Layer 4

Attestation Relay

In traditional blockchains, every node in the mempool validates each transaction's signature before forwarding it. With post-quantum signatures, this per-hop validation becomes a bandwidth bottleneck — propagating 3,732+ byte signatures through every relay node is expensive.

The separated architecture enables a different propagation model7: proof-off-path relay. Full ZK proofs are generated by the transaction submitter but validated only by the block builder. Through the mempool, transactions carry compact attestation claims — lightweight evidence that a proof exists — not the proofs themselves.

Traditional Propagation Submitter → [full signature] → Node1 validates → [full signature] → Node2 validates → ... // Every hop: verify 3,732+ byte PQC signature Attestation Relay Submitter → [compact attestation] → Node1 relays → [compact attestation] → Node2 relays → ... └→ Builder validates full proof // Mempool: relay bytes, not kilobytes // Full verification: once, at builder

This separation of "where authorization is verified" from "where it is propagated" reduces per-transaction mempool bandwidth from kilobytes to bytes. It is only possible because the authorization primitive (a ZK proof) is separable from the propagation primitive (an attestation claim) — a direct consequence of decoupling authorization from the cryptographic mechanism.

Layer 5

Context-Sharded Multi-VM Execution

With identity and authorization cleanly separated from execution, a further architectural possibility opens: running multiple virtual machines on a single shared state tree.

In existing multi-chain architectures, each VM (EVM, SVM, etc.) has its own state, its own identity format, and its own consensus. Interoperability requires bridges. In the separated architecture, identity is a chain-independent commitment that deterministically maps to every VM's native address format. This means multiple VMs can share a single state tree without bridges, because they share a single identity layer.8

Multi-VM Dispatch Transaction → Authorization Layer (ZK proof verified once) │ ├→ opcode 0x01–0x0F → Native VM // system operations ├→ opcode 0x10–0x1F → EVM // Solidity, ERC tokens ├→ opcode 0x20–0x2F → SVM // Solana programs, SPL ├→ opcode 0x30–0x3F → BVM // Bitcoin Script, UTXO └→ opcode 0x40–0x4F → TVM // Tron contracts │ └→ All VMs → Unified State Tree // One token ledger. No wrapped tokens. No bridges. // Cross-VM transfer = balance change on shared ledger. // Existing contracts deploy as-is. No modifications.

Context Sharding

The identity derivation context tuple (AlgID, Domain, Index) provides a natural sharding boundary. Transactions tagged with different contexts are guaranteed to operate on independent state spaces. This enables linear horizontal scaling: add shards, add throughput, with zero cross-shard coordination overhead for unrelated contexts.

Cross-context operations are possible but require explicit bridge proofs — a deliberate architectural boundary, not an accidental limitation. The system makes the cost of crossing context boundaries explicit, rather than hiding it in global consensus overhead.

Layer 6

Human-Native Protocol Services

The identity-authorization separation enables protocol-level services that traditional architectures can only implement as application-layer workarounds.

Identifier-Based Payments

If identity is a deterministic derivation from a human-readable identifier (email, phone number), then payments can be addressed to identifiers rather than cryptographic addresses.9 The recipient need not have an account yet. The sender deposits to a derived address; the recipient claims by proving control of the identifier via a ZK proof.

Privacy is preserved through a blinded binding model: on-chain, only a random intent identifier, a one-time blinded binding hash, and the payment amount are visible. The recipient's identifier is never exposed on-chain. An observer knowing the email cannot compute the binding without the recipient's secret handle.

Decentralized Recovery

Recovery is re-derivation.10 The sealed artifact containing the REV is stored on permanent decentralized storage (e.g., Arweave). The discovery index is a keyed HMAC of the normalized email — preventing third-party enumeration. On a new device, the user inputs email + passphrase, derives the discovery key, fetches the sealed artifact, and reconstructs the REV. All addresses and keys regenerate identically.

No guardian networks. No recovery shares. No social coordination. No vendor lock-in. The recovery flow is deterministic and works on any device, at any time, with no third-party cooperation.

Privacy by Proof

ZK-ACE proofs are zero-knowledge: the verifier learns nothing about the prover's identity beyond the fact that they control the commitment. The same REV can generate multiple non-linkable identity commitments through salt rotation. This enables use cases from anonymous voting to private compliance attestation ("I am in the approved-entity set, but I will not reveal which entity").

Part III

The Complexity Collapse

The architectural consequences of the separation are not additive. They are multiplicative. Once identity, authorization, and cryptographic mechanism operate as independent layers, entire categories of blockchain infrastructure become structurally unnecessary.

Problem Traditional Approach Separated Architecture
Account Abstraction ERC-4337: UserOp → Bundler → EntryPoint → Paymaster middleware stack Authorization paths are native flexible accounts
Multi-Party Control MPC key splitting or threshold signature ceremonies AdminFactor distribution (no cryptographic ceremony)
Post-Quantum Security 85–90% throughput loss, or defer and stay vulnerable 288-byte ZK proof; PQC scheme is local implementation detail
Cross-Chain Identity Bridge validators, relayers, wrapped tokens Deterministic derivation from same commitment
Key Recovery Guardian networks, social consensus, multi-sig Deterministic re-derivation from human identifier
Conditional Control Smart contract escrow, time-lock contracts, gas costs Cryptographic dormancy in derivation graph
KYC/Compliance Identity exposure to centralized provider ZK proof of set membership (private compliance)
Credential Rotation On-chain transaction, gas fee, state change Local operation. $0. Zero on-chain footprint
Revocation New address, asset migration, counterparty notification Destroy AdminFactor. Instant, stateless, permanent
DID / Verifiable Credentials W3C spec: document + resolver + registry + issuer + revocation list Identity is self-proving; credentials are ZK derivation proofs

These are not ten separate features. They are structural consequences of a single architectural decision: treating identity, authorization, and cryptographic mechanism as independent concerns.

The point is not that any individual problem is solved more cleverly. The point is that most of these problems should not exist. They exist because the foundation fuses things that should be separate, and every layer built on top must work around the fusion. Remove the fusion, and the workarounds become unnecessary.

Part IV

Implications for the Agent Economy

The architecture described above was designed for human users. But its properties turn out to be precisely what autonomous software agents need.

AI agents are becoming economic actors — trading, paying for services, managing portfolios. Traditional blockchains require a human with a private key at the root of every action chain. This is fine for a world where economic actors are humans. It fails in a world where millions of agents need to transact autonomously with precisely scoped permissions.11

In the separated architecture, an agent's identity is a deterministic derivation from the human owner's REV under a specific context. The agent has a real, protocol-level identity — indistinguishable from a human's at the consensus layer. But the authorization path can encode exact constraints: "this agent may spend up to X from account Y until date Z." The human retains sovereign control through AdminFactor possession. Revocation is instantaneous: destroy the agent's AdminFactor, and all its authorization paths die.

This is not a feature added after the fact. It is a direct consequence of the separation: when identity is independent of authorization, you can grant an identity to any entity (human or software) and independently control what that identity is authorized to do. The same architecture that enables human-friendly payments and quantum-safe security also enables a programmable, revocable, condition-gated agent economy.

Part V

Security Foundations

The security model rests on standard cryptographic assumptions, composed through the separation of concerns:

Authorization Soundness Advauth(λ) ≤ Advks(λ) + Advcollision(λ) + Advdidp(λ) // ks = knowledge-soundness of proof system (Groth16/PLONK/STARK) // collision = collision resistance of Poseidon hash // didp = hardness of inverting HKDF derivation (standard KDF assumption) Replay Resistance Advreplay(λ) ≤ Advauth(λ) + 2-256 // Verifier enforces monotonic nonce or nullifier set // Collision probability negligible for 256-bit values Cross-Domain Separation Advxdomain(λ) ≤ Advcollision(λ) + Advpib(λ) // pib = public-input binding of proof system // Domain string in all commitments prevents cross-chain proof reuse

Sealed artifact security depends on AES-GCM-SIV (IND-CPA) and Argon2id memory-hardness. The Argon2id parameters can be tuned per deployment: mobile devices target ~100ms latency; institutional HSMs can use multi-second derivation for maximum brute-force resistance.

Privacy is provided by the zero-knowledge property of the proof system. The verifier learns that a valid identity authorized the transaction, but learns nothing else — not the identity root, not the derivation path, not the signature scheme used. Salt rotation enables unlinkable commitments from the same identity root.

Upgradeability is structural. Because each layer is independent, upgrading the proof backend (e.g., Groth16 → STARKs for post-quantum proof security), the KDF (e.g., HKDF-SHA256 → KMAC), or the AEAD scheme (e.g., AES-GCM-SIV → ChaCha20-Poly1305) requires changes only within that layer. Identity commitments and authorization paths are unaffected.

Conclusion

The blockchain industry has spent fifteen years building increasingly sophisticated solutions to problems that share a single root cause: the conflation of identity, authorization, and cryptographic mechanism into one inseparable object.

This paper has shown that separating these three concerns into independent architectural layers produces a cascade of structural simplifications. Post-quantum security without throughput loss. Conditional control without smart contracts. Cross-chain identity without bridges. Key recovery without guardian networks. Agent authorization without new trust models. Not as ten independent features, but as emergent properties of one architectural decision.

The core technical contributions are:

1. A deterministic identity derivation framework (ACE-GF) that decouples identity from key material, enabling hash-based identity commitments that are cryptographic-scheme-independent and chain-independent.

2. A dormant authorization path model that provides conditional, multi-party, revocable control as a structural property of the derivation graph, not as application-layer logic.

3. A zero-knowledge authorization construction (ZK-ACE) that proves authorization semantics in 4,024 R1CS constraints — a ~500× reduction over in-circuit signature verification — by proving identity control rather than signature validity.

4. A proof-off-path relay model that separates authorization verification from propagation, reducing mempool bandwidth from kilobytes to bytes per transaction.

5. A unified multi-VM execution model that shares a single state tree across EVM, SVM, BVM, and TVM, enabled by chain-independent identity commitments.

The lesson is architectural, not technological: when you find yourself building elaborate workarounds for a constraint, the right response may be to question the constraint. Not every assumption inherited from Bitcoin in 2009 needs to be inherited forever.

1 Chainalysis estimates $140B in Bitcoin is held in lost or stranded wallets as of 2024.

2 Rekt.news aggregate of cross-chain bridge exploits, 2021–2025.

3 J. Wang, "ACE-GF: Atomic Cryptographic Entity Generative Framework," arXiv:2511.20505, 2025.

4 J. Wang, "Condition-Triggered Dormant Authorization Paths," arXiv:2603.07933, 2026.

5 J. Wang, "ZK-ACE: Identity-Centric Zero-Knowledge Authorization for Post-Quantum Blockchains," arXiv:2603.07974, 2026.

6 ZK-ACE is larger than Ed25519 for classical signatures. The advantage appears at PQC scale; for classical, the architecture's value lies in the other layers (identity separation, conditional control, cross-chain), not data reduction.

7 J. Wang, "AR-ACE: Attestation Relay for Post-Quantum Consensus Propagation," arXiv:2603.07982, 2026.

8 J. Wang, "n-VM: Context-Sharded Multi-Virtual Machine Architecture," arXiv:2603.23670, 2026.

9 J. Wang, "HFI-Pay: High-Frequency Issuance Payment Protocol," arXiv:2603.26970, 2026.

10 J. Wang, "VA-DAR: Verifiable Address-based Decentralized Address Recovery," arXiv:2603.02690, 2026.

11 J. Wang, "AESP: Autonomous Economic Sovereignty Protocol," arXiv:2603.00318, 2026.