A silicon photomultiplier (~$400) inside a datacenter rack measures local cosmic-ray flux. The combined neutron + muon signature is a per-location fingerprint that workload-residency claims can be cross-checked against.

Posture: 🔵 Blue Team (defensive)   ·   Status: alpha (moonshot)

What it does

Cosmic rays hit Earth at a rate that varies with latitude (Earth's magnetic field deflects them more near the equator), altitude (more flux higher up – at sea level you see ~1 cm⁻² min⁻¹ of secondary muons; at airliner cruise, ~300×), building mass overhead (a deep basement absorbs muons; a rooftop sees them all), and time of day (the diurnal cosmic-ray modulation shifts the count by a few percent). Stack all four signals together and you get a site fingerprint – a tuple unique to a specific physical rack at a specific physical location.

A Silicon Photomultiplier (SiPM) – a modern $300–$500 solid-state replacement for the older photomultiplier tube – paired with a small scintillator counts cosmic-ray neutrons and muons at counts-per-minute resolution. The Hamamatsu S13360 array is a representative production-grade SiPM. Stick one inside a datacenter rack on a USB-C ADC, sample 24/7, run pulse-shape analysis to discriminate neutrons from muons, and you have a continuous physical-location fingerprint of that rack. Cherenkov-Witness turns this into a cryptographic proof of physical workload location: each rack signs a continuous stream of flux observations and the Bureau builds site-fingerprint centroids gated against the registered location. If your "EU-sovereign" cloud workload reports a neutron signature matching Virginia, the vendor lied about geography.

Who would use it

A bank, hospital, or government agency subject to data-residency law (GDPR, Schrems-III, HIPAA, FISMA-High) who needs cryptographic proof of physical workload location.
A cloud customer evaluating "EU-sovereign" / "in-country" claims from AWS, Azure, GCP, OVH, or Hetzner.
A semiconductor / DARPA supply-chain auditor verifying that hardware physically lives where the vendor's certification says.
A national-security incident responder investigating a forensic claim that a workload was migrated without notification.

What you'll need

The Pluck CLI installed (npm i -g @sizls/pluck-cli).
For real deployment: a Hamamatsu S13360 SiPM (~$400), a small plastic scintillator, a USB-C ADC, and a host inside the rack to run the pipeline. Hardware bridge plumbing is deferred today.
A registered baseline – at least four flux observations at the claimed physical location to compute the site centroid before gating.

Step-by-step

Shell

pluck bureau cherenkov-witness demo

The demo registers a Frankfurt SiteFingerprint (50° N, 100 m, EU-sovereign, basement attenuation 0.3) from four baseline samples. Then ingests: a baseline observation (no proof), a cruise-altitude flux observation (fires geography-mismatch), an observation claiming "us-east-1" (fires data-residency-fraud), and two simultaneous observations from different hardware (fires site-cloned).

cherenkov-witness/demo: registering 1 SiteFingerprint + ingesting 4 FluxObservations -> 3 CherenkovProofs.
[Bureau/CHERENKOV-WITNESS] proof=c84cf25b… kind=geography-mismatch
[Bureau/CHERENKOV-WITNESS] proof=ed255620… kind=data-residency-fraud
[Bureau/CHERENKOV-WITNESS] proof=38a4399b… kind=site-cloned

Production CLI (register-site to record the centroid, observe-flux to feed continuous samples, verify to check a published observation) lands in a follow-up.

Run it yourself

Drop this into a Node 18+ project (npm install @sizls/pluck-bureau-cherenkov-witness @sizls/pluck-bureau-core tsx). Real silicon-photomultiplier hardware integration is research-required; the example calls the deterministic readSipmFlux stub and registers a fingerprint, then submits a vendor claim that contradicts the expected region.

TypeScript

// index.ts
import { createHash } from "node:crypto";
import {
  computeSiteCentroid,
  computeSiteId,
  createCherenkovWitnessSystem,
  fingerprintPrivateKey,
  readSipmFlux,
  signCanonicalBody,
} from "@sizls/pluck-bureau-cherenkov-witness";
import { generateOperatorKey } from "@sizls/pluck-bureau-core";

const sha256 = (s: string) => createHash("sha256").update(s).digest("hex");
const flush = (n = 80) => new Promise<void>((r) => { let i = 0; const tick = () => (++i >= n ? r() : setImmediate(tick)); setImmediate(tick); });

async function main() {
  const op = generateOperatorKey();
  const opFp = fingerprintPrivateKey(op.privateKeyPem);

  const system = createCherenkovWitnessSystem({
    signingKey: op.privateKeyPem,
    disablePausePoll: true,
    disableLogging: true,
  });

  const altitude_m = 100, geomagLat = 50, buildingMassAttenuation = 0.3;
  const siteId = computeSiteId(altitude_m, geomagLat, buildingMassAttenuation);
  const hardwareFingerprint = sha256("hardware-A");

  const buildObs = (observedAt: string, claimedRegion?: string) => {
    const sample = readSipmFlux({ deviceFingerprint: hardwareFingerprint, geomagLat, altitude_m, buildingMassAttenuation, observedAt });
    const skel = {
      schemaVersion: 1 as const, siteId, hardwareFingerprint,
      neutronFluxCpm: sample.neutronFluxCpm, muonFluxCpm: sample.muonFluxCpm,
      geomagLatBucketDeg: sample.geomagLatBucketDeg, altitudeBucket_m: sample.altitudeBucket_m,
      buildingMassAttenuation: sample.buildingMassAttenuation, timeOfDayModulation: sample.timeOfDayModulation,
      observedAt, operatorFingerprint: opFp,
      ...(claimedRegion !== undefined ? { claimedRegion } : {}),
    };
    const observationId = sha256(JSON.stringify(skel));
    const { signature } = signCanonicalBody({ ...skel, observationId }, op.privateKeyPem);

    return { ...skel, observationId, signature };
  };

  // Build the centroid from 4 baselines, then register the fingerprint with EU-sovereign claim.
  const baseline = ["00", "06", "12", "18"].map((h) => buildObs(`2026-04-26T${h}:00:00.000Z`));
  const centroid = computeSiteCentroid(baseline);
  const fpBody = {
    schemaVersion: 1 as const, siteId,
    centroidNeutronCpm: centroid.centroidNeutronCpm, centroidMuonCpm: centroid.centroidMuonCpm,
    sigmaNeutronCpm: centroid.sigmaNeutronCpm, sigmaMuonCpm: centroid.sigmaMuonCpm,
    geomagLatBucketDeg: 50, altitudeBucket_m: 100,
    sampleCount: centroid.count, registeredAt: "2026-04-26T18:00:01.000Z",
    operatorFingerprint: opFp, expectedRegion: "EU-sovereign",
  };
  const fingerprintId = sha256(JSON.stringify(fpBody));
  const fpSig = signCanonicalBody({ ...fpBody, fingerprintId }, op.privateKeyPem);

  try {
    system.registerFingerprint({ ...fpBody, fingerprintId, signature: fpSig.signature });
    system.observeVendorClaim(buildObs("2026-04-26T19:10:00.000Z", "us-east-1"));
    await flush();
    for (const p of system.facts.proofs()) {
      console.log(`proof kind=${p.kind} id=${p.proofId.slice(0, 16)}…`);
    }
  } finally {
    await system.shutdown();
  }
}

main().catch((err) => { console.error(err); process.exit(1); });

Run with tsx index.ts. Expected output:

proof kind=data-residency-fraud id=…

▶ Open in StackBlitz – runs in your browser, no install required.

What you get

A FluxObservation envelope per measurement window containing neutron CPM, muon CPM, altitude bucket, geomag-lat bucket, building-mass-attenuation, time-of-day modulation, hardware fingerprint, and an optional vendor-claimed region. A SiteFingerprint envelope per registered location containing the centroid (median + MAD-scaled sigma over many baselines). All Rekor-anchored.

Three classes of proof:

geography-mismatch – observed flux deviates >3 sigma from the registered site centroid. The rack physically moved, or the observation came from a different physical location.
data-residency-fraud – the observation's claimedRegion (e.g., "us-east-1") contradicts the registered SiteFingerprint's expectedRegion (e.g., "EU-sovereign").
site-cloned – the same siteId is observed at two distinct hardware fingerprints simultaneously (within a 60-second clone-window).

What it can't do

Real Hamamatsu SiPM hardware bridge is deferred (hardware-required). readSipmFlux() is deterministic. Real SiPM bridge plumbing requires a USB-C ADC, neutron-vs-muon pulse-shape discrimination, and per-rack temperature compensation.
USB-C ADC + neutron-vs-muon pulse-shape DSP pipeline deferred.
Building-mass-attenuation calibration via co-located reference detector deferred.
Per-rack temperature compensation deferred.
Two datacenters in the same metro with the same building-mass profile have nearly-identical fingerprints. The detector resolves physical-location class, not specific-rack-coordinates.
A sufficiently sophisticated adversary that captures the SiPM signing key AND has reference flux data for the real claimed location can fabricate a plausible signed observation – the detector is a physics floor, not an active-adversary defense.
Real Sigstore Rekor notarize integration is stubbed.

A real-world example

In late 2027, a Frankfurt-headquartered insurance company runs a full Cherenkov-Witness deployment across 800 racks claiming "EU-sovereign" residency. Each rack has a $400 SiPM. The site centroid is registered with four baselines. For nine months, observations match. Then in October, 47 racks suddenly report flux signatures matching Virginia – the diurnal modulation curve and the muon-to-neutron ratio are unmistakably North American. data-residency-fraud and geography-mismatch fire. The cassette publishes to Rekor. The insurance company's cloud vendor had silently migrated the workloads to a US datacenter without notification – a Schrems-III breach. The German data-protection authority opens an enforcement action; the cassette is exhibit A. The vendor cannot argue "our control plane logs say Frankfurt" – physics says Virginia.

For developers

Predicate URIs

URI	What it attests
`https://pluck.run/CherenkovWitness.FluxObservation/v1`	Hardware H at site S observed neutron N cpm, muon M cpm, building-mass-attenuation A, time-of-day modulation D, optional claimedRegion R.
`https://pluck.run/CherenkovWitness.SiteFingerprint/v1`	Site S has centroid (neutron N, muon M) with MAD sigma (σN, σM), built from K samples, expectedRegion R.
`https://pluck.run/CherenkovWitness.Proof/v1`	Class: `geography-mismatch` \| `data-residency-fraud` \| `site-cloned`.

The signed body never carries the operator's precise location. Altitude is bucketed to 100 m, geomag-lat to 1°, and no raw datacenter address ever appears. The site-id is sha256-shaped.

Programs composed

Fingerprint – composes the per-hardware sha256 fingerprint.
Cosmos – same robust-statistics centroid math (median + MAD-scaled sigma).
Cosmic-Drift – companion SRAM bitflip program; both ride the cosmic-ray floor.
Custody – cryptographic anchoring of supply-chain attestations.
Pluck core's DSSE in-toto envelopes + Sigstore Rekor client.

Threat model + adversary

Adversary is a cloud vendor or co-location operator that lies about workload geography. Defense is the cosmic-ray flux signature, which is unique to physical location class and cannot be cloned to a different physical site. A nation-state-grade adversary with reference flux data for the real claimed location plus the SiPM signing key can fabricate plausible observations; the protocol is a physics floor, not an active-adversary defense.

What's stubbed (alpha – moonshot)

Real Hamamatsu S13360 SiPM hardware integration deferred.
USB-C ADC + neutron-vs-muon pulse-shape DSP pipeline deferred.
Building-mass-attenuation calibration deferred.
Per-rack temperature compensation deferred.
dsseSign / notarizeAttestation Rekor integration stubbed.
RACER (Solar Energetic Particle event) corrections deferred.

Verify a published cassette