Skip to content

Bureau — Blue Team (defensive)

Cosmic-Drift

Cosmic rays cause SRAM bitflips at a rate that varies with altitude and geomagnetic latitude. Hardware that reports a soft-error rate substantially below the expected value for its claimed location is either being shielded, being virtualized (with a hypervisor intercepting SRAM reads), or misreporting its location. Cosmic-Drift signs observation tuples and emits proofs when the observed rate diverges from the modeled rate. 

Posture: 🔵 Blue Team (defensive)   ·   Status: alpha (moonshot)

What it does

Cosmic rays hit Earth at all times. When a high-energy muon punches through a Static RAM (SRAM) cell – the tiny, fast memory inside almost every chip – it can flip a single bit. This is called a soft error. The Soft Error Rate (SER, errors per megabyte per day) depends on muon flux at the device's location, which in turn depends on altitude (at airliner cruise altitude ~10 km, the rate is ~300× the sea-level rate) and geomagnetic latitude (Earth's magnetic field deflects more cosmic rays near the equator). The Regener-Pfotzer curve has been the canonical model since Erich Regener and Georg Pfotzer first measured it with stratospheric balloons in 1933, refined by the global neutron-monitor network since 1958. SRAM bitflip rates have a measurable, well-characterized cosmic-ray floor.

If hardware reports a soft-error rate that is anomalously low for its claimed altitude and latitude, one of three causes is likely. The hardware is shielded by a Faraday cage, lead shroud, or kernel-level scrubbing. The hardware is virtualized and a hypervisor is intercepting SRAM reads, returning data from an emulated buffer. The hardware is misreporting its location – for example, claiming sea level when the observed flux corresponds to cruise altitude. Cosmic-Drift signs (altitude-bucket, geomag-lat-bucket, observed-SER, expected-SER, hardware-fingerprint) tuples and emits proofs when the observed value diverges from the modeled value. Because muon flux cannot be fabricated at scale, only suppressed, divergence in the suppression direction is the detector's primary signal.

Who would use it

  • A cloud customer running regulated workloads (financial trades, EU-sovereign data, classified pipelines) who needs cryptographic proof that the hardware really lives where the vendor claims.
  • A semiconductor vendor or DARPA program officer detecting firmware Trojans in supply-chain attestation flows – the cosmic-ray floor is the side-channel the Trojan can't perfectly fake.
  • A datacenter security engineer suspecting hypervisor-level interception of memory reads (e.g., in a forensic incident-response engagement).
  • An academic / NIST-CSRC researcher building physics-based hardware-attestation primitives, who wants a published Bureau cassette as a reference implementation.

What you'll need

  • The Pluck CLI installed (npm i -g @sizls/pluck-cli).
  • For real deployment: hardware that exposes SRAM error counters at sufficient resolution. Most consumer hardware does not. Production targets are FPGAs, ECC server memory, and specialized attestation hardware.
  • A Regener-Pfotzer expected-SER calibration table for your (altitude, geomag-lat) bucket – alpha ships an approximation; real calibration requires per-chip SRAM cross-section data.

Step-by-step

Shell
pluck bureau cosmic-drift demo

The demo synthesizes four observations: a baseline at sea level (~1 errs/MB/day, no proof), an anomalously-low at the same location (0.05 errs/MB/day, fires anomalously-low-ser), a 100 errs/MB/day reading from a device claiming sea-level (cruise-altitude flux, fires altitude-claim-falsified AND anomalously-low-ser), and a same-hardware sudden drop from 0.9 to 0.1 (fires hardware-shielded).

cosmic-drift/demo: ingesting 4 SerObservations -> 3 CosmicDriftProofs.
[Bureau/COSMIC-DRIFT] proof=e639ec47… kind=anomalously-low-ser
[Bureau/COSMIC-DRIFT] proof=f907fb50… kind=altitude-claim-falsified
[Bureau/COSMIC-DRIFT] proof=c8506bd7… kind=hardware-shielded

Production CLI (observe-ser reads bitflip counters from your hardware, register-expected registers the expected SER for a location, verify checks a published observation) lands in a follow-up.

Run it yourself

Drop this into a Node 18+ project (npm install @sizls/pluck-bureau-cosmic-drift @sizls/pluck-bureau-core tsx). The Regener-Pfotzer flux model is research-required; the example calls the deterministic expectedSerForLocation stub to register a sea-level reference and fires anomalously-low-ser against a shielded reading.

TypeScript
// index.ts
import { createHash } from "node:crypto";
import {
  bucketAltitude,
  bucketGeomagLat,
  createCosmicDriftSystem,
  expectedSerForLocation,
  fingerprintPrivateKey,
  signCanonicalBody,
  STUB_MODEL_VERSION,
} from "@sizls/pluck-bureau-cosmic-drift";
import { generateOperatorKey } from "@sizls/pluck-bureau-core";

const sha256 = (s: string) => createHash("sha256").update(s).digest("hex");
const flush = (n = 80) => new Promise<void>((r) => { let i = 0; const tick = () => (++i >= n ? r() : setImmediate(tick)); setImmediate(tick); });

async function main() {
  const op = generateOperatorKey();
  const opFp = fingerprintPrivateKey(op.privateKeyPem);
  const altitude_m = bucketAltitude(0);
  const geomagLat = bucketGeomagLat(30);

  const system = createCosmicDriftSystem({
    signingKey: op.privateKeyPem,
    disablePausePoll: true,
    disableLogging: true,
  });

  // Register the expected SER for sea level (1 errs/MB/day).
  const expBody = {
    schemaVersion: 1 as const, altitude_m, geomagLat,
    expectedErrsPerMbPerDay: expectedSerForLocation(altitude_m, geomagLat),
    modelVersion: STUB_MODEL_VERSION, operatorFingerprint: opFp,
    computedAt: "2026-04-15T09:00:00.000Z",
  };
  const sampleId = sha256(JSON.stringify(expBody));
  const expSig = signCanonicalBody({ ...expBody, sampleId }, op.privateKeyPem);

  // Anomalously-low reading: 0.05 errs/MB/day at sea level (5% of expected, < 0.3 ratio).
  const obsBody = {
    schemaVersion: 1 as const,
    bitflipCount: 1, observationWindowMs: 86_400_000, sramSizeMb: 20,
    altitude_m, geomagLat,
    hardwareFingerprint: sha256("hardware:vendor-B"),
    operatorFingerprint: opFp,
    observedAt: "2026-04-15T10:30:00.000Z",
  };
  const observationId = sha256(JSON.stringify(obsBody));
  const obsSig = signCanonicalBody({ ...obsBody, observationId }, op.privateKeyPem);

  try {
    system.observeExpected({ ...expBody, sampleId, signature: expSig.signature });
    system.observeSer({ ...obsBody, observationId, signature: obsSig.signature });
    await flush();
    for (const p of system.facts.proofs()) {
      console.log(`proof kind=${p.kind} id=${p.proofId.slice(0, 16)}`);
    }
  } finally {
    await system.shutdown();
  }
}

main().catch((err) => { console.error(err); process.exit(1); });

Run with tsx index.ts. Expected output:

proof kind=anomalously-low-ser id=…

▶ Open in StackBlitz – runs in your browser, no install required.

What you get

A SerObservation envelope per measurement window containing the bitflip count, altitude bucket (100 m), geomag-lat bucket (1°), and hardware fingerprint. An ExpectedSer envelope per location containing the Regener-Pfotzer expected rate. All Rekor-anchored.

Three classes of proof:

  • anomalously-low-ser – observed SER is strictly less than 0.3× expected (a 70%+ drop, beyond natural ±20% solar-cycle and ±10–15% diurnal/seasonal variation).
  • altitude-claim-falsified – implied altitude (back-derived from observed SER) differs from claimed altitude by more than 2000 m.
  • hardware-shielded – two consecutive observations from the same hardware at the same location show a sudden >50% drop without a location change.

What it can't do

  • Real Regener-Pfotzer flux model is deferred. Alpha's expectedSerForLocation() is a deterministic curve approximation. Real calibration (1933 Regener-Pfotzer balloons + post-1958 IGY neutron monitors + 2015–present data + RACER solar-energetic-particle corrections + per-chip SRAM cross-section calibration) is research-required.
  • Naturally-shielded environments (deep basements, lead-lined SCIFs, underground bunkers) produce legitimately low SER that the detector flags. Operators must register a building-mass-attenuation profile or expect false positives.
  • Solar-event corrections deferred – the curve does not yet adjust for Solar Energetic Particle events.
  • The detector is "shielding cannot fake muons that aren't there," not "an active adversary cannot fabricate counts." A sufficiently sophisticated attacker who knows the expected SER for a specific location could simulate a plausible bitflip stream that matches the curve.
  • Real Sigstore Rekor notarize integration is stubbed.

A real-world example

In Q3 2027, a German bank runs Bureau attestation across 1,200 servers in a "Frankfurt-only EU-sovereign" cloud cluster. For the first six months, observed SERs match expected values for 50° N latitude at ~340 m altitude – the Regener-Pfotzer curve predicts ~0.9 errs/MB/day, observed is ~0.85. In Q4, 18 servers drop to ~0.08 errs/MB/day overnight without changing buckets. Cosmic-Drift fires hardware-shielded on each. The bank's incident response determines that those 18 instances were migrated to a Virginia datacenter without notifying the bank, in breach of the data-residency contract. The bank's regulator opens a Schrems-III follow-on action with the cosmic-ray cassettes attached as evidence. The vendor's location logs cannot be reconciled with the observed SER for the contracted location.

For developers

Predicate URIs

URIWhat it attests
https://pluck.run/CosmicDrift.SerObservation/v1Hardware H observed N bitflips in window W at altitude bucket A_m, geomag-lat bucket L°, at time T.
https://pluck.run/CosmicDrift.ExpectedSer/v1Regener-Pfotzer curve sample for altitude bucket A_m, geomag-lat bucket L°, expected E errs/MB/day, model version V.
https://pluck.run/CosmicDrift.Proof/v1Class: anomalously-low-ser | altitude-claim-falsified | hardware-shielded.

The signed body never carries the operator's precise location. Altitude is bucketed to 100 m, geomag-lat to 1°, and no raw datacenter address ever appears.

Programs composed

  • Fingerprint – composes the per-hardware sha256 fingerprint.
  • Custody – cryptographic anchoring of supply-chain attestations.
  • Cherenkov-Witness – companion datacenter neutron-flux location program.
  • Pluck core's DSSE in-toto envelopes + Sigstore Rekor client.

Threat model + adversary

Attacker is a hypervisor or firmware Trojan that intercepts SRAM reads. Defense is the cosmic-ray floor – the attacker can suppress bitflips but not fabricate them at scale matching a specific (altitude, latitude) pair. A nation-state-grade adversary with reference flux data for the real claimed location could fabricate plausible counts; the defense is then per-rack temperature compensation and pulse-shape calibration that the alpha defers.

What's stubbed (alpha – moonshot)

  • Real Regener-Pfotzer flux model + per-chip SRAM cross-section calibration deferred.
  • dsseSign / notarizeAttestation Rekor integration stubbed.
  • Building-mass-attenuation calibration deferred.
  • RACER (Solar Energetic Particle event) corrections deferred.

Verify a published cassette

Shell
pluck bureau verify <bundle-dir>
cosign verify-blob --key <pubkey.pem> --signature <sig> \
  --type https://pluck.run/CosmicDrift.SerObservation/v1 <body.json>

See also

Edit this page on GitHub
Previous
Neuro-Consent
Next
Graviton-Ghost

Ready to build?

Install Pluck and follow the Quick Start guide to wire MCP-first data pipelines into your agents and fleets in minutes.

Get started →