White papers.

Five short technical papers for researchers, journalists, and curious readers. Each is 3–8 pages. Available as HTML here; PDF and signed PDF coming with v1.0.

WP-01 — Threat Model

Three tiers of adversary (local passive, local active, network-level). What Lattice defends against, with citations to specific defences. What Lattice does not defend against, plainly. Honest section on out-of-scope (rooted devices, supply-chain attacks, global passive observation with traffic confirmation).

~8 pages. The most important paper if you only read one.

WP-02 — The Invite Protocol

The cryptographic mechanic of Lattice Invites. Ephemeral X25519, the deterministic four-word verification phrase, the two-channel principle, the trust ladder. Includes the entropy maths for the four-word claim, and a discussion of the threat model specifically for the invite flow (what does compromise of WhatsApp mean? of a phone call? of both?).

~5 pages.

WP-03 — Dormancy Design

The four-state lifecycle (Active / Standby / Dormant / Hibernating). How Lattice can be installed for 18 months without use and still wake correctly. Wake conditions. Empirical battery measurements per state.

~4 pages.

WP-04 — Density and Crowd Behaviour

Cluster-bounded neighbour selection. Geographic routing hints. Wi-Fi Aware promotion in dense environments. The three reference environments (supermarket, airport, Glastonbury festival). Simulator results — delivery ratio and latency distributions for each.

~6 pages.

WP-05 — What Lattice Doesn't Do

An explicit list of limits, each one explained. Density-dependent. Range-limited. iOS background notification reliability. Endpoint compromise wins. Global passive observation possible. Lost seed = lost identity. The most unusual paper, possibly the most important for trust.

~3 pages. Read this before you commit to using Lattice.

Format and tooling.

• Source: Markdown in docs/papers/ in the Matrix room.
• HTML rendered statically here; PDF + signed PDF land with v1.0.
• License: CC-BY-4.0 for the prose. Reuse with attribution.
• Signatures: every paper signed with the project's Ed25519 release key. Public key fingerprint published once generated.

What we don't publish.

Marketing material masquerading as research. "Lattice for [vertical]" papers. Anything that overstates capabilities. Anything we can't technically defend. A bad white paper is worse than no white paper.