This is NOT the official Bloch-SIS-PoW site — Bloch-SIS-PoW has no official site and no official explorer. This is an independent reference built by Postern Labs, temporary, for a moment of transition. Read why →
mainnet-beta · 51%-attackable unaudited post-quantum PoW + signatures ownerless protocol

Independent technical reference — built by Postern Labs, not the protocol

Bloch-SIS-PoW, explained down to the source.

A post-quantum, pure-Proof-of-Work BlockDAG with no owner, no foundation, and no official site. This page exists because those two facts — "post-quantum L1" and "nobody runs it" — sound incompatible until you read the code. So we read the code. Everything technical below is sourced from the protocol's own repository or from a live query against the running chain.

Network at a glance

fetching live data from the public RPC…
Chain
bloch-sis
Network
mainnet
Tip height
338,836
Peers
30
Blue score
338,835
Mempool
0 tx
Node version
0.1.0-genesis
GhostDAG-Q k
10

Queried live, client-side, from https://blochv-node.fly.dev — a single public read-only node, not a consensus source. If the fetch above fails (ad-blockers, offline), the numbers shown are a snapshot taken while building this page. See the live block explorer for real-time blocks, or run curl yourself in Verify it yourself.

The framing, stated once, plainly

Two facts everything else here depends on.

1. This is not the official site.

Bloch-SIS-PoW has no official website and no official block explorer. If another site claims to be "the official Bloch site," it isn't — no such thing exists by design. This page is an independent initiative by Postern Labs to answer open questions and doubts about the protocol with source-grounded technical detail. It is explicitly temporary: it exists to serve during a moment of transition, and it will step aside once — or if — the community around the protocol stands up its own site, docs, and explorer.

2. The protocol has no owner.

Bloch-SIS-PoW is ownerless public infrastructure. There is no controller and no controlling entity — not Postern Labs, not any single party. Postern Labs is one builder among many on a neutral base: it consumes the same public RPC/API as anyone else, with no privileged role in consensus and no admin keys. Anyone can clone the repository, run a node, mine, and build on it. Nobody can stop them, and nobody granted permission for them to start.

These two facts are repeated throughout this page — in the disclaimer, in the footer, and wherever the distinction matters — because a reader arriving skeptical deserves not to have to hunt for them.

What makes Bloch different

Bitcoin's ethos, a post-quantum construction.

The governing ethos is deliberately Bitcoin-shaped: pure Proof-of-Work, no owner, no premine sold to anyone, coins that carry no governance weight, no controller. What's different is the construction underneath — built from scratch, after Shor's algorithm and Grover's algorithm were already known threats, rather than before. Below is what the source code implements — described plainly, not promised.

Descriptive, not guaranteed · every property below is what the current source implements as of this snapshot — not a security promise. The chain is unaudited mainnet-beta and 51%-attackable at this network size; see the full disclaimer.

1 · Post-quantum by construction — the headline

signatures

Hybrid Falcon-1024 ‖ ML-DSA-65

Bitcoin secures every coin with ECDSA over secp256k1 — a classical elliptic-curve scheme that Shor's algorithm, run on a sufficiently large fault-tolerant quantum computer, is understood to break: an exposed public key becomes forgeable. No such computer exists today, and estimates of when one might vary widely — but the exposure is structural, not hypothetical. Bloch-SIS-PoW signs every transaction with two independent post-quantum lattice signature schemes concatenated, both of which must independently verify — a break of one scheme's underlying hardness assumption does not by itself forge a signature.

proof-of-work

SHAKE-256 hashcash + a Module-SIS lattice gate

Where Bitcoin's mining puzzle is a pure SHA-256 preimage race, a valid Bloch-SIS-PoW block must satisfy two conditions: a short-vector Module-SIS residual check over a lattice derived from the block header, and a SHAKE-256 hashcash target on an auxiliary hash. Honest caveat, stated inline rather than left for the fine print: the lattice gate's live parameterization (k = 4) is deliberately relaxed for this beta and is, by the source's own description, trivially forgeable — see Proof-of-Work for the full mechanics and honesty notes.

Hashing throughout the protocol — the PoW aux-hash, block identity, and the Coherence shielded-pool's commitments and nullifiers — uses SHAKE-256, part of the SHA-3/Keccak family, which gives Grover's algorithm only a quadratic speedup against preimage and collision search (the standard post-quantum posture for hash-based constructions), versus Bitcoin's SHA-256.

The thesis, stated plainly: Bitcoin's proof-of-work is itself comfortably post-quantum (SHA-256, Grover-only speedup) — its quantum exposure is at the signature layer, where an exposed ECDSA public key becomes forgeable to a sufficiently capable quantum adversary. Bloch-SIS-PoW is an attempt at a pure-PoW Layer 1 built from scratch to close that specific gap at the signature layer, while keeping the hashcash security model that has held up for Bitcoin.

2 · GhostDAG-Q — a BlockDAG, not a single chain

Bitcoin orders blocks one at a time: two blocks mined within propagation delay of each other mean one is orphaned outright, its work discarded. Bloch-SIS-PoW's blocks can — and routinely do — carry multiple parents, and GhostDAG-Q colors each block blue or red based on a k-anticone rule (live k = 10) rather than discarding concurrent work outright. See Consensus below for the full blue-set/blue-score/blue-work mechanics and pseudocode. Net effect: a materially higher sustainable block rate and faster confirmation feel for a comparable security budget — the same PoW-depth finality model as Bitcoin, applied to a DAG instead of a chain.

3 · Coherence — an optional shielded pool, sharing one source of truth

A SHAKE-256 note-commitment / nullifier / Merkle-anchor design, proved in zero-knowledge by an SP1 guest program that shares the exact same core logic as the node's own validation — see Coherence. The source's own caveat is kept verbatim there: no privacy claim is made until it is audited.

4 · Pure-PoW, ownerless economics

No staking, no validator set, no ICO, no token sale ever, no listing initiative by any party, coins that carry zero governance weight. The reward-split machinery for a validator/oracle pool exists in source but both shares are hard-coded to zero — 100% of every block's subsidy goes to the miner, exactly Bitcoin's model. See Emission & the coin and Governance for how this pairs with a deliberately designed exit from any privileged role for whoever wrote the initial code.

Bloch-SIS-PoW vs. Bitcoin, side by side

DimensionBitcoinBloch-SIS-PoW
SignaturesECDSA / secp256k1 — breakable by Shor's algorithm on a future large quantum computerHybrid Falcon-1024 ‖ ML-DSA-65 — both halves must independently verify
Hash functionSHA-256 (SHA-256d for PoW)SHAKE-256 (SHA-3/Keccak family) throughout
PoW puzzleSHA-256 leading-zeros preimage raceSHAKE-256 leading-zeros hashcash + a Module-SIS lattice short-vector gate
PoW gate strength todayn/aRelaxed (k = 4) — trivially forgeable by design, right now (candidate k = 8 reverted after stalling the chain)
StructureLinear chain — concurrent blocks orphanedGhostDAG-Q BlockDAG — concurrent blocks merged via blue set / k-anticone (k=10)
Finality modelPoW depth (confirmations)PoW depth (confirmations) — same model, no BFT layer, no validator set
Issuance21,000,000 BTC cap, reward decays to 021,000,000,000 BLOCH nominal, reward decays to a perpetual 100 BLOCH/block tail floor
Pre-allocationNone17% of nominal supply, 10-yr cliff + 40-yr vest, structurally passive (no consensus power)
GovernanceOwnerless, PoW, coins don't vote, adoption-onlySame model, plus a designed exit from any privileged author role — see Governance
Maturity~15 years live, heavily attacked and hardenedmainnet-beta, unaudited, low-hashrate and 51%-attackable at current size

Sources for this section: crates/bloch-sis-pow/ (PoW), crates/bloch-crypto/src/crypto/mod.rs (signatures), src/consensus/mod.rs (GhostDAG-Q), crates/coherence-core/ (Coherence), crates/bloch-crypto/src/core/tokenomics_v2.rs (emission). Every figure is cross-referenced against the deeper sections below.

Read this before anything else

The complete disclaimer.

This section is deliberately thorough rather than buried in fine print. Honesty is the credibility this page is trying to earn — so here is everything, plainly.

Not the official site, no official anything

Bloch-SIS-PoW has no official website, no official block explorer, and no official app. This page is a non-official, independent technical reference, built and hosted by Postern Labs as one builder among many. It is temporary by design — a stopgap for a moment of transition, not a claim of stewardship. If a community forms around the protocol and stands up its own resources, this page is expected to step aside.

Ownerless — no owner, no controller, no controlling entity.

Bloch-SIS-PoW is public infrastructure that nobody owns, including Postern Labs. There is no foundation, no company behind the protocol itself, no admin key, and no privileged role in consensus for any party. Anyone runs it; anyone builds on it; nobody can be asked for permission because there is nobody positioned to grant it.

Experimental, UNAUDITED, mainnet-beta.

The chain runs a mainnet beta — a designation, not a security claim. The reference implementation has not been audited: no cryptographic peer review, no third-party security assessment has been completed on the PoW, the signature stack, the consensus implementation, or the shielded-pool code. Treat everything as research-grade software.

51%-attackable at this network size.

The network is nascent: a small number of nodes and low aggregate hashrate mean the chain's security budget is small. A well-resourced attacker could plausibly out-mine the honest network and reorganize recent history. This is an inherent property of a young, low-participation PoW chain — not a bug to be patched, but a fact to weigh before relying on any confirmation.

The PoW difficulty regime is deliberately relaxed right now — say so honestly.

The live residual-gate width of the Module-SIS structural filter is k = 4 (TESTNET_RESIDUAL_COEFFS in source). At this width the gate contributes only a small rejection floor — the work is trivially forgeable in the sense that the structural filter alone is not hard to satisfy; all of the PoW's real security currently rests on cumulative SHAKE-256 hashcash work, which is itself modest on a low-hashrate chain. A stronger gate (k = 8) was activated once as a soft fork and then reverted because it multiplied mining difficulty roughly 4096× and the low hashrate of the day could not find blocks, stalling the chain. It is expected to return paired with a matched difficulty reduction. Until then, no elevated security is claimed for the gate.

No token sale. No listing initiative. Not a security, not an asset.

There has never been a token sale, and there is no plan for one. No entity promotes, markets, or takes any initiative to list the coin on any exchange. The coin carries no value claim — it is not marketed as an investment, is not a security, and is not represented as having or acquiring monetary value. It is, by design, worthless as a financial instrument; whatever else it may be, it is not a promise of return.

Not legal, financial, or investment advice.

Nothing on this page is advice of any kind. It is a technical description of a piece of software and the network it runs on. Consult qualified professionals for anything touching your specific legal, tax, or financial situation — this page cannot and does not attempt to substitute for that.

Run it, mine it, hold it — entirely at your own risk.

If you clone the repository, run a node, mine blocks, or hold any balance on this chain, you are doing so as an experiment on unaudited, 51%-attackable, research-grade software with a coin that carries no value claim. There is no support desk, no compensation fund, and no recourse. Treat it accordingly.

The genesis allocation is fully disclosed and structurally passive.

The protocol's consensus rules encode a one-time genesis allocation equal to 17% of nominal total supply (3,570,000,000 of 21,000,000,000 BLOCH), locked by a ten-year cliff and then released in 480 equal monthly tranches across the following forty years. This is disclosed here precisely because it is the one fact a skeptical reader should weigh most heavily against "ownerless": a meaningful share of eventual supply is pre-allocated in the consensus rules. What it does not do is grant its holder any special role: the allocation address has no admin key, no elevated permission, and no voting weight — GhostDAG-Q and SHAKE-256 hashcash do not recognize address identity in consensus at all. It is a structurally passive balance, nothing more.

Down to the source

How the protocol actually works.

Every claim below is sourced from the protocol's own crates — mostly bloch-sis-pow, bloch-crypto, and the node's consensus, coherence, and network modules — or from a live RPC query against the running chain. Where the source flags something as unaudited, provisional, or reverted, that qualifier is kept in, not rounded off.

0 · Block & header structure

What a block actually is, field by field.

Descriptive, not guaranteed · field layout as implemented in the reviewed source. Wire formats are consensus-critical and have changed across hard forks before (the source notes at least one, the move to an 80-byte mining projection at v0.6.0) — treat this as a snapshot, not a permanent spec.

A block (crates/bloch-crypto/src/core/mod.rs::Block) carries a header, a transaction list, DAG accounting fields, and the PoW witness itself:

struct BlockHeader { version: u32, parents: Vec<[u8; 32]>, // MULTIPLE parents — this is what makes it a DAG, not a chain merkle_root: MerkleRoot, // SHA3-256 root over (transactions ‖ shielded transactions) timestamp: u64, bits: u32, // compact difficulty target, Bitcoin nBits-style nonce: u64, } struct Block { header: BlockHeader, transactions: Vec<Transaction>, blue_score: u64, // GhostDAG-Q accounting, not part of PoW height: u64, pow_solution: Vec<i32>, // the Module-SIS witness s — 256 signed coefficients shielded_transactions: Vec<ShieldedTx>, // Coherence — may be empty }

This matches a live sample from getblockbyheight queried against the public node (see RPC reference): hash, height, blue_score, bits, nonce, merkle_root, parents[] — the RPC layer surfaces exactly these fields, plus a derived size and the transaction list.

Three different hashes, three different jobs

The source computes block-related hashes for three distinct purposes — worth naming precisely rather than assuming there's just one "the block hash":

  • Block identity (block_hash())SHA3-256("BLOCH-BLOCK-ID-V1" ‖ pow_preimage ‖ nonce ‖ pow_solution). This is the hash used everywhere that matters for consensus and storage: genesis registration, DAG insertion, block storage indexing, and reorg bookkeeping all key off this value (confirmed by direct usage in src/main.rs, src/storage/mod.rs, src/reorg.rs). Binding the PoW solution into the identity hash prevents witness-malleability — you cannot take a valid block and swap in a different valid solution for the same header without changing its hash.
  • ASIC-facing mining hash (pow_hash()) — double-SHA256 (SHA-256d) over an 80-byte MiningHeader projection laid out exactly like Bitcoin's classic header (version‖prev_hash‖merkle_root‖timestamp‖bits‖nonce), used only by the Stratum V1/V2 mining path so existing SHA-256d ASIC firmware and pool software can search a nonce in a familiar 80-byte shape. It is not the consensus PoW check — the source is explicit that "SHA-256d is gone" as a validity rule; this hash exists purely for hardware/pool wire compatibility during nonce search.
  • DAG indexing hash (dag_hash())SHA3-256 over the full, untruncated header serialization (all fields, not the 76-byte PoW projection), used internally for DAG reachability bookkeeping, kept distinct from PoW hashing on purpose.

How multiple parents become one 32-byte commitment

The Module-SIS PoW seed needs a fixed-size preimage, but parents is a variable-length DAG reference list. The header's 80-byte mining projection folds it down via parents_commitment(): sort the parent hashes ascending (so gossip reordering never changes the result), then pairwise SHA-256d-reduce them Bitcoin-merkle-style (duplicating the last element when the level is odd) until one 32-byte root remains — zero parents (only genesis) yields all-zero, one parent passes through unchanged.

The compact difficulty target — Bitcoin-style nBits

The header's bits field is a 4-byte compact encoding of a 256-bit target, "identical in spirit to Bitcoin's nBits" per the source's own comment: the top byte is an exponent, the low 24 bits a mantissa, decoded as target = mantissa << (8 × (exponent − 3)). A live sample from the public node: bits: "0x203fffc0" (from a getblockbyheight query). Retargeting runs on every block via ASERT-Lattice — an Absolutely Scheduled Exponentially Rising Targets algorithm anchored at genesis, tuned for a 30-second block time with a 2-day half-life and clamped to at most a 4× change per single retarget step (MAX_FACTOR = 4) to bound timestamp-manipulation attacks.

Source: crates/bloch-crypto/src/core/mod.rs (BlockHeader, Block, MiningHeader, parents_commitment, hash methods), crates/bloch-sis-pow/src/difficulty.rs (compact bits codec, ASERT-Lattice).

1 · Proof-of-Work

SHAKE-256 hashcash with a Module-SIS structural gate.

Descriptive, not guaranteed · the live gate width (k=4) is explicitly zero-security by the source's own admission — this section describes the mechanism, not a security level.

Bloch-SIS-PoW's proof-of-work is not "lattice-hard" in the sense of resting its security on the hardness of a Module Short Integer Solution (SIS) problem. It is a SHAKE-256 (Keccak) hashcash — cumulative work against a leading-zeros target, exactly like Bitcoin's SHA-256d, except the hash function is SHAKE-256. Layered on top of the hashcash is a Module-SIS structural gate: before a candidate's hash is even checked against the difficulty target, its accompanying solution vector must satisfy a short-vector condition over a lattice built from the block header. The gate does not replace hashcash security — it filters the search space and ties every valid block to a lattice-structured object, in the same algebraic family (same prime modulus q) as the chain's post-quantum signatures.

The three conditions a solution must satisfy

seed := SHAKE256("BLOCH-POW-SEED-V1" || H_block || ν) A := ExpandMatrix(seed) // m × n matrix mod q (m = 512, n = 256) t := ExpandVector(seed) // m-element target mod q (1) ‖s‖∞ ≤ B norm bound (B = 2) (2) ‖A·s − t‖∞ < β SIS residual (β = q/16 = 523,776) (3) SHAKE256("BLOCH-POW-AUX-V1" || s || ν || H_block) < target hashcash filter

Conditions (1)+(2) are the Module-SIS structural gate: s must be a short vector (every coefficient in [-2, 2]) whose product with a header-derived matrix lands close to a header-derived target, modulo the prime q = 2²³ − 2¹³ + 1 = 8,380,417 — the same modulus ML-DSA-65 (FIPS 204) uses, chosen deliberately so the number-theoretic transform can be shared between the PoW and the signature subsystem. Condition (3) is the actual hashcash difficulty target: a SHAKE-256 digest of the solution, nonce, and header must fall below a threshold, exactly the "leading zero bits" difficulty familiar from Bitcoin.

SymbolValueMeaning
n256Solution vector dimension
m512Matrix row count (m = 2n, conventional in lattice cryptography)
q8,380,417Prime modulus, shared with ML-DSA-65's NTT
B2‖s‖∞ ≤ B — solution norm bound
β523,776 (q/16)‖A·s − t‖∞ < β — residual bound
k (residual width, live)4Coefficients of the residual actually checked today — the relaxed regime
k (residual width, candidate)8A tighter gate, activated once as a soft fork then reverted — see below

Step by step: how Block::validate_pow() actually checks a block

// crates/bloch-crypto/src/core/mod.rs — Block::validate_pow(), paraphrased fn validate_pow(block) -> bool { if block.pow_solution.len() != 256 { return false } // must be exactly N=256 coefficients s = block.pow_solution // the claimed short vector target = bits_to_target(block.header.bits) // decode compact nBits → 256-bit target k = canonical_residual_coeffs(block.height) // 4 below activation height, 8 at/above return bloch_sis_pow::verify_regime( block.header.pow_preimage(), // 76 bytes: version ‖ parents_commitment ‖ merkle_root ‖ timestamp_lo32 ‖ bits block.header.nonce, // full u64 nonce, supplied separately from the preimage s, target, k ).is_ok() // checks conditions (1)+(2)+(3) above, in that order }

Two details worth making explicit: the residual width k is selected by the height of the block being validated, never the validator's current tip — so an attacker cannot lie about height to get an easier check (a height claimed too high only makes validation stricter, and the real height is independently checked before this runs). And the PoW seed's nonce is a full u64 supplied outside the 76-byte preimage — the crate's own seed derivation is SHAKE256(DOMAIN_SEED ‖ preimage ‖ nonce), matching the formula at the top of this section exactly.

Why the residual gate checks only k coefficients, not all m

Checking the residual against all 512 rows is not a stronger "canonical" mode — the source is explicit that at β = q/16 that configuration is simultaneously trivial for lattice reduction (√M·β ≥ q) and infeasible for honest small-s mining, broken in both directions. The design instead checks a small k of the rows, kept deliberately outside that trivial regime (√k·β < q), so the gate contributes a fixed rejection floor of roughly k · log₂(q / 2β) bits — about 12 bits at the live k = 4, about 24 bits at the candidate k = 8 — without ever becoming the chain's actual security source.

live today

k = 4 — the relaxed regime

This is what the mainnet-beta chain checks right now (TESTNET_RESIDUAL_COEFFS in source). It is deliberately tiny — the source's own comment calls the resulting security "ZERO" from the gate alone. All real protection currently comes from cumulative SHAKE-256 hashcash work, which is itself modest given today's low network hashrate.

activated → reverted

k = 8 — the candidate hardening

A soft fork (CANONICAL_RESIDUAL_COEFFS = 8) was activated on-chain at block 213,000. Because a k=8-valid solution is automatically k=4-valid (a strict prefix check), the change was a pure tightening — no chain split. But it multiplied mining difficulty roughly 4096×, and the network's low hashrate at the time could no longer find blocks, stalling the chain. It was reverted, and is expected to return only paired with a matched difficulty reduction so block time holds near 30 seconds.

The security model, stated the way the source states it

A trapdoorless PoW cannot be simultaneously lattice-hard and mineable: with no trapdoor, the same short-vector search that an honest miner runs is also the attacker's cheapest attack, so the "hard" and "mineable" regimes are provably disjoint at any single parameter set. Bloch-SIS-PoW's designers made this trade-off explicit rather than papering over it: the PoW's security is the cumulative SHAKE-256 hashcash work, full stop — no "N-bit lattice security" number attaches to any k. The Module-SIS gate is a structural filter that binds work to a lattice form (useful for tying the PoW to the same algebraic family as the signatures, and for future research directions), not the source of hardness.

Its post-quantum property, likewise, comes from the hash function: SHAKE-256 gives Grover's algorithm only a quadratic speedup against preimage/collision search, the standard post-quantum posture for hash-based constructions — not from any lattice hardness claim.

Source: crates/bloch-sis-pow/src/{lib.rs,params.rs}, crates/bloch-crypto/src/core/mod.rs (soft-fork activation constants), and the crate's own README, which we've paraphrased and checked figures against rather than invented.

2 · Signatures

Hybrid Falcon-1024 ‖ ML-DSA-65 — both must verify.

Descriptive, not guaranteed · both schemes are standardized (Falcon a NIST PQC selection, ML-DSA NIST FIPS 204), but this implementation and its side-channel hardening are unaudited.

Every Bloch-SIS-PoW key, and every signature, is a concatenation of two independent post-quantum signature schemes: ML-DSA-65 (NIST FIPS 204, the standardized successor to CRYSTALS-Dilithium) and Falcon-1024 (a NIST-selected lattice signature scheme built on NTRU lattices). A signature verifies only if both halves independently verify.

pk = suite_header(4B) ‖ mldsa65_pk(1952B) ‖ falcon1024_pk(1793B) = 3,749 B sk = suite_header(4B) ‖ mldsa65_sk(4032B) ‖ falcon1024_sk(2305B) = 6,341 B sig = suite_header(4B) ‖ mldsa65_sig(3309B) ‖ falcon1024_sig(≤1462B) ≤ 4,775 B verify(pk, msg, sig) := MLDSA65.verify(pk.mldsa, msg, sig.mldsa) AND Falcon1024.verify(pk.falcon, msg, sig.falcon)
SchemeFamily / standardPublic keySignature (fixed / max)
ML-DSA-65NIST FIPS 204 (module-lattice, ≈ NIST security category 3)1,952 B3,309 B (fixed)
Falcon-1024NIST PQC selection (NTRU-lattice, ≈ NIST security category 5)1,793 B≤ 1,462 B (variable — compressed encoding)

Category numbers are the schemes' own published NIST security categories, not a protocol-specific claim — included here for context, not sourced from the Bloch-SIS-PoW repository itself.

Why hybrid, not just one scheme

Two independent lattice constructions, from different underlying assumptions (module lattices for ML-DSA, NTRU lattices for Falcon), mean a cryptanalytic break of one scheme does not by itself forge a valid signature — the attacker still has to break the other. It's belt-and-suspenders against the risk that any single, relatively young standardized post-quantum scheme has a weakness nobody has found yet. The cost is size: a hybrid public key and signature are roughly the sum of both schemes' sizes, several times larger than a single classical ECDSA key.

Crypto-agility: the suite header

Every enveloped public key, secret key, and signature carries a 4-byte B1 0C + suite-id header, registered in source: 0x0001 is today's ML-DSA-65 ‖ Falcon-1024 hybrid (the shipped default); 0x0002 is a defined ML-DSA-65-only suite, existing to demonstrate that Falcon is removable via the registry without a further wire-format break — it has not been removed, and the shipped default remains the hybrid.

A known implementation caveat, stated plainly

Falcon signing requires constant-time floating-point arithmetic to avoid side-channel leakage of the secret key — a materially harder engineering target than integer-only schemes. Falcon verification is deterministic integer arithmetic and consensus-safe; the caveat applies to the signing path. This is flagged in the reference crate's own documentation, not something we're surfacing to score a point — it's the kind of caveat an unaudited reference implementation should carry until reviewed.

Addresses and replay protection

An address is SHA3-256(public_key) truncated to 20 bytes, rendered as bloch1q… (mainnet) or bloch1t… (testnet) with a checksum. Every transaction's signed preimage additionally folds in a fixed domain constant plus a 4-byte chain-id (0xB10C_0001 mainnet / 0xB10C_0002 testnet), so a signature valid on one chain cannot be replayed on the other even with identical inputs.

Source: crates/bloch-crypto/src/crypto/mod.rs (hybrid sign/verify, suite registry), crates/bloch-crypto/src/crypto/mod.rs::falcon module, crates/bloch-crypto/src/address.rs, crates/bloch-crypto/src/core/mod.rs (key/signature size constants).

3 · Consensus

GhostDAG-Q — a BlockDAG, not a single chain.

Descriptive, not guaranteed · the ordering algorithm is implemented and covered by tests in source; it has not been independently audited for consensus-safety edge cases at scale.

Bloch-SIS-PoW's Layer 1 is a BlockDAG: blocks can — and routinely do — have more than one parent, and more than one "tip" can exist at once without either being orphaned. The ordering and security rule that turns this DAG into a single canonical history is GhostDAG-Q, an implementation modeled on the GHOSTDAG protocol used by Kaspa (the node's own source comments cite kaspanet/rusty-kaspa as the reference).

selected_parent(B) = argmax_{p ∈ parents(B)} blue_work(p) // heaviest-chain rule; ties → blue_score, then hash blue_score(B) = blue_score(selected_parent) + |mergeset_blues(B)| + 1 blue_work(B) = blue_work(selected_parent) + work(B) // cumulative PoW work C is BLUE in B's context ⟺ |anticone(C) ∩ blue_set(B)| ≤ K // K = 10, live

The coloring algorithm, in pseudocode

Paraphrased from src/consensus/mod.rs's block-insertion logic — not a literal copy, but the same steps in the same order:

fn add_block(B, parents): selected_parent = argmax(parents, key = blue_work) // tie-break: blue_score, then hash (lexicographic) blue_set = past_blue_set(selected_parent) ∪ {selected_parent} mergeset = ancestors_of(parents) \ ancestors_of(selected_parent) // new-to-B blocks pulled in by the merge for C in mergeset, processed in blue_work order: candidate_ok = |anticone(C) ∩ blue_set| ≤ K // adding C must not push any EXISTING blue block's anticone past K either: no_regression = ∀ D ∈ blue_set already blue: |(anticone(D) ∩ blue_set) ∪ {C}| ≤ K if candidate_ok and no_regression: blue_set.add(C) // C is coloured BLUE — counted // else C is coloured RED — still stored and validated, excluded from blue accounting blue_score(B) = blue_score(selected_parent) + |mergeset_blues| + 1 blue_work(B) = blue_work(selected_parent) + work(B)

Two safety properties this buys, both visible directly in source comments: colouring a block blue can never silently push an already-blue block's own anticone over K (the no_regression check above), and a red block is not discarded — it remains part of the DAG, is still fully validated, and can still carry transactions; it is simply excluded from the blue-work tally that drives selected-parent choice and the canonical total order.

The anticone parameter K

Two blocks are in each other's anticone if neither is an ancestor of the other in the DAG — i.e., they were mined concurrently, unaware of each other. GhostDAG-Q colors a block blue (counted toward the canonical order and blue score) if its anticone, intersected with the current blue set, has size at most K; otherwise it is colored red — still part of the DAG and still validated, but excluded from the blue-work accounting that drives selected-parent choice. The live value, confirmed both in source (GHOSTDAG_K) and by querying the running chain's getdaginfo RPC method, is K = 10.

How this differs from a single chain

  • Concurrent blocks aren't wasted. On a classic single chain (Bitcoin), two blocks mined within propagation delay of each other mean one is orphaned outright — its work is discarded. On a BlockDAG, both become parents of later blocks; if their mutual anticone stays within K, both are colored blue and both contribute to blue work and (via mergeset) to the canonical order.
  • The "longest chain" rule becomes "heaviest blue-work chain." Selected-parent choice is argmax(blue_work), not block height — cumulative proof-of-work along the selected chain, Kaspa-aligned, is what a reorg has to out-produce.
  • Finality is still PoW depth. There is no BFT validator set and no separate finality gadget layered on top — Bloch-SIS-PoW's own documentation is explicit that finality works "à la Bitcoin/Kaspa": reorgs deeper than a checkpoint depth are rejected outright by the node (CHECKPOINT_DEPTH = 1,000 blocks), and block bodies below that horizon are eligible for pruning (PRUNING_DEPTH = 10,000 blocks).

Source: src/consensus/mod.rs (GhostDAG-Q implementation, selected-parent and blue-set logic, checkpoint/pruning constants), crates/bloch-crypto/src/core/mod.rs::GHOSTDAG_K, and a live getdaginfo query against the public RPC endpoint (see RPC reference).

4 · Coherence

Coherence — the shielded-pool layer, and its honest caveat.

Descriptive, not guaranteed · the source's own words: "zero-security testnet — no privacy claim until audited." Treat this component as structurally implemented, not yet trustworthy for privacy.

"Coherence" is the protocol's optional shielded-pool subsystem: SHAKE-256-based note commitments, nullifiers, and a zero-knowledge spend proof, built as a lean, portable core (coherence-core) shared verbatim by the node, an SP1 zkVM guest prover, and the mobile wallet, so all three agree byte-for-byte on what a valid shielded spend looks like.

cm = SHAKE256(DOM_CM ‖ v ‖ pk_d ‖ ρ ‖ ψ) // note commitment (value + owner + randomness) nf = SHAKE256(DOM_NF ‖ nk ‖ ρ ‖ position) // nullifier — reveals on spend, prevents double-spend root = IncrementalMerkleTree(depth=32, SHAKE-256) // the "anchor" a spend proof commits against

How it fits together

  • Notes are private value-carrying objects (v, an owner tag pk_d, and two randomizers ρ/ψ). Only their SHAKE-256 commitment is published, appended to a fixed-depth-32 incremental Merkle accumulator.
  • Spending a note reveals its nullifier — a SHAKE-256 hash keyed by a nullifier key and the note's position — which the node's consensus state records to block any future double-spend of the same note, without ever revealing which commitment it corresponds to.
  • The node maintains a bounded window of accepted anchors (ANCHOR_HISTORY = 100 recent Merkle roots) so a spend proof stays valid for a short window after being built, and a bounded reorg-undo horizon (MAX_REORG_UNDO = 128 blocks) to safely unwind shielded state on a chain reorganization without a full resync.
  • The actual zero-knowledge statement — check_spend — is proved by an SP1 (RISC-V zkVM) guest program against exactly this same core logic, so the circuit and the node's own validation can never silently diverge.

The exact invariant — check_spend, the statement the ZK circuit proves

fn check_spend(public: SpendPublic, witness: SpendWitness) -> Result: // public = { anchor, nullifiers[], out_commitments[], fee } // witness = { inputs: [{note, position, merkle_path, nullifier_key}], outputs: [note] } for each input i: require verify_path(note[i].commitment(), position[i], path[i], public.anchor) // membership in the tree require public.nullifiers[i] == note[i].nullifier(nk[i], position[i]) // correct nullifier revealed in_sum += note[i].value for each output j: require public.out_commitments[j] == note_out[j].commitment() // correct commitment published out_sum += note_out[j].value require in_sum == out_sum + public.fee // value balance, no inflation

Three things this enforces, together: every spent note was really in the commitment tree at the published anchor (membership), every note is spent under its one true nullifier so the same note can never be spent twice (uniqueness), and the arithmetic balances exactly — inputs equal outputs plus the disclosed fee, with no room to mint value inside the shielded pool. This is coherence-core's check_spend function, run identically by the node's own validation and by the SP1 zero-knowledge guest program that proves it — both call the same code, so they cannot silently diverge.

The source's own caveat, kept verbatim: "Zero-security testnet: no privacy claim until audited (Coherence C4)." Treat the shielded pool as a structurally-complete but unaudited component — the commitment/nullifier/Merkle machinery is implemented and shared across node, prover, and wallet, but no privacy guarantee is being made about it yet.

Source: crates/coherence-core/src/lib.rs (notes, commitment tree, spend statement), src/coherence/mod.rs (node-side shielded state, anchor history, reorg-undo bookkeeping), crates/coherence-prover (the SP1 guest).

5 · Emission & the coin

Supply schedule, halving, and the genesis allocation.

Descriptive, not guaranteed · these are consensus constants and the coinbase rules that enforce them — not a promise of value. The coin carries no value claim; see the disclaimer.
Nominal total supply
21,000,000,000 BLOCH
Mining emission (closes at)
17,385,062,400 BLOCH
Genesis allocation
3,570,000,000 BLOCH (17%)
Target block time
30 seconds

Block subsidy: geometric halving, then a perpetual tail

reward_bloch(h) = max( 8,400 >> (h ÷ 1,036,800), 100 ) // BLOCH per block reward_sat(h) = reward_bloch(h) × 100,000,000 // 1 BLOCH = 10⁸ satoshi

The initial reward is 8,400 BLOCH/block, halving every 1,036,800 blocks (≈1 year at a 30-second target). At the seventh halving (height 7,257,600) the geometric reward would fall to 65 BLOCH — below a fixed 100 BLOCH tail floor — so the floor activates instead and holds perpetually. Unlike Bitcoin's asymptotic-to-zero emission, Bloch-SIS-PoW's mining reward never reaches zero; it settles onto a permanent tail, a design choice shared with chains like Monero that prioritizes a standing miner incentive over a hard supply cap on the mining side. 100% of each block's subsidy currently goes to the miner — the reward-split machinery for validator and oracle pools exists in source but both shares are set to zero, since there is no BFT validator set or oracle system in this pure-PoW design.

The genesis allocation — disclosed in full, structurally passive

Consensus rules encode a one-time allocation of 3,570,000,000 BLOCH — 17% of nominal total supply. The genesis block itself mints none of it; instead the allocation is fully locked for ten years (a 10,368,000-block cliff), then released in 480 equal monthly tranches over the following forty years (41,472,000 blocks) — a fifty-year vesting horizon in total. Each tranche is exactly 7,437,500 BLOCH, dividing the allocation with no remainder.

MONTH_BLOCKS = 86,400 // 30-day month @ 30 s blocks GENESIS_ALLOC_CLIFF = 10,368,000 // 10-year cliff, fully locked GENESIS_ALLOC_VEST_MONTHS = 480 // 40 years × 12 monthly tranches GENESIS_ALLOC_VEST_END = 51,840,000 // cliff + vest — full unlock height

(Renamed here for neutrality; the underlying source constants encode the same values under different identifier names.)

The allocation address carries no special consensus power: no admin key, no elevated RPC access, no voting weight, no ability to alter emission, difficulty, or any other consensus rule. GhostDAG-Q and SHAKE-256 hashcash validate blocks and order the DAG with no notion of address identity at all — the allocation is a structurally passive balance subject to the same transaction and signature rules as any other UTXO, once it vests.

Source: crates/bloch-crypto/src/core/tokenomics_v2.rs — supply constants, halving/tail-floor logic, and vesting math, each backed by an in-crate consensus test (e.g. halving_emission_closes, vesting_telescopes_to_total) that we cross-checked against the numbers quoted here.

6 · P2P networking

libp2p, empty seed list by design, and a post-quantum transport.

Descriptive, not guaranteed · networking code, like the rest of the reference node, is unaudited. A small, low-hashrate peer set is itself a centralization and eclipse-attack risk — see the disclaimer.

Bloch-SIS-PoW nodes speak libp2p over TCP (and WebSocket), gossip blocks and transactions over gossipsub, discover LAN peers via mDNS, and maintain a persisted peer list on disk (known_peers.json) that survives restarts. The wire protocol carries its own version numbers — PROTOCOL_VERSION = 1, MIN_PROTOCOL_VERSION = 1 — checked on every message, both currently confirmed live by the public node's getnetworkinfo response ("protocol": 1, "net_protocol": 1).

Message types on the wire

The gossip/sync protocol (src/network/mod.rs::NetworkMessage) defines: NewBlock (hash, blue score, height, block bytes), NewTransaction (txid, tx bytes), PeerTip / PeerExchange / PeerRequest / PeerCount (peer bookkeeping and PEX), GetHeaders / Headers (initial block download, keyed by blue score), GetBlock (fetch by hash), and a Version / VersionAck handshake pair carrying version, user agent, blue score, height, and timestamp. Gossip runs over three topics: bloch/blocks/1, bloch/txs/1, bloch/sync/1.

PortProtocolPurpose
16110/tcplibp2pP2P — block/tx gossip, sync, peer exchange
16111/tcplibp2p / WebSocketP2P over WebSocket, same protocol
16210/tcpJSON-RPC over HTTPNode RPC — binds 127.0.0.1 by default, keep it local
16310/tcpPrometheusMetrics — opt-in only, via --metrics

"Your node won't connect" — that's DEFAULT_SEEDS = [], on purpose

The shipped seed list is literally empty in source:

pub const DEFAULT_SEEDS: &[&str] = &[];

No foundation-run bootstrap servers, no privileged seed node, no DNS seed records yet (a domain constant exists in source as a placeholder but has no TXT records configured — it's an acknowledged TODO, not a working feature). This is the ownerless ethos applied literally: nobody operates a canonical bootstrap point. The direct consequence, stated just as plainly: a freshly started node sits alone until you hand it a peer address. That is not a bug report — it's how the software ships. See Run a node for the exact flag to fix it.

Peer exchange (PEX) and how a node grows its peer set

Once connected to even one peer, nodes exchange peer lists (PEX), rate-limited and validated (public-address checks, LAN-address checks, a cap on the known-peers list, pruning of invalid entries) before persisting the results. A node's externally-reachable address is only advertised via PEX after being independently confirmed by at least 3 distinct peers (EXTERNAL_ADDR_QUORUM) — a defense against a single malicious peer poisoning what address gets propagated. After first contact, your node becomes a seed for the next node that dials it.

A post-quantum transport layer, not just post-quantum consensus

Beyond the PoW and the signatures, the node's transport layer (src/transport/) implements an authenticated hybrid handshake using ML-KEM-768 (NIST FIPS 203, formerly CRYSTALS-Kyber) for the session key exchange, ChaCha20-Poly1305 for the encrypted channel, and libp2p Ed25519 identity signatures binding the transcript against man-in-the-middle substitution. The codebase's own history records the first end-to-end production run of this handshake on 2026-04-20 on the project's predecessor chain (pre-rebrand, before the code that runs today's Bloch-SIS-PoW mainnet), documented verbatim in the repository's FIRST_POST_QUANTUM_HANDSHAKE.md. The same transport code is what today's Bloch-SIS-PoW nodes run.

Source: src/network/mod.rs (libp2p wiring, PEX, address-quorum confirmation, gossipsub topics), crates/bloch-crypto/src/core/mod.rs::DEFAULT_SEEDS, src/main.rs (CLI flags and default ports), src/transport/mod.rs (ML-KEM-768 handshake).

Build it yourself — trust the compiler, not this page

Run a node & connect.

The protocol has no official binary distribution and no official installer. What follows is the exact clone/build/run/peer sequence, checked against the CLI's own flag definitions in source. Mainnet beta is unaudited and 51%-attackable — see the disclaimer before you point real hashrate or funds at it.

Descriptive, not guaranteed · these are the flags and defaults as read from source. Building and running is at your own risk, on unaudited, 51%-attackable, experimental software.

1Get the source

The repository is not a Postern Labs product and has no official site to link to. Rendered here as plain text on purpose:

gitlab.com/blochsispow-group/BlochSISPoW-project
# prefix with your git host scheme of choice, then:
git clone <the repository above> bloch
cd bloch

Prerequisites: a Rust toolchain (rustup, stable) and a C toolchain — clang, cmake, pkg-config — needed by RocksDB and the PQClean-based crypto crates.

2Build

cargo build --release

Binaries land in target/release/: bloch (the full node), bloch-cli (an RPC client, Bitcoin-Core-bitcoin-cli-style), and bloch-wallet. cargo test runs the crate's own test suite, including the PoW guardrail tests referenced in the PoW section.

3Run a relay node

./target/release/bloch --testnet \
  --data-dir ./bloch-data \
  --listen /ip4/0.0.0.0/tcp/16110 \
  --rpc-bind 127.0.0.1 --rpc-port 16210

Always pass --testnet. The flag name is a historical artifact, not a network selector you can skip: it selects the network Bloch-SIS-PoW's mainnet beta actually runs on, which launched under this flag and keeps its name in the CLI pending a later rename. A node started without the flag joins a different, unused network. Note this is purely a CLI naming quirk — the node's own getnetworkinfo RPC method correctly reports "network": "mainnet" once running (verified live; see RPC reference).

--data-dir
Where the chain lives: RocksDB block/UTXO storage, the persisted known-peers list, and node identity keys. Default ./bloch-data. Delete it to start fresh.
--listen
The libp2p multiaddr your node accepts peers on. Default /ip4/0.0.0.0/tcp/16110 — the address others will use to bootstrap from you.
--rpc-bind / --rpc-port
JSON-RPC over HTTP, default 127.0.0.1:16210 — local only, on purpose. --rpc-public exposes it on 0.0.0.0, which is dangerous unauthenticated; pair it with --rpc-api-key if you must.

4Or run a miner

./target/release/bloch --testnet --mine \
  --data-dir ./bloch-data \
  --listen /ip4/0.0.0.0/tcp/16110

--mine makes the node brute-force Module-SIS solutions under the live relaxed k = 4 regime and attach the winning solution vector as the block's PoW witness. Mining is solo only in the reference node — there is no built-in Stratum pool protocol support for the SIS solution vector's extra field. To be direct about the economics: the coins mined carry no value claim, on a nascent, low-hashrate, 51%-attackable network. Mine to add hashrate and exercise the machinery, not as an investment.

5Check it's alive

# with the bundled CLI (defaults to 127.0.0.1:16210):
./target/release/bloch-cli getnetworkinfo
./target/release/bloch-cli getblockcount

# or raw JSON-RPC over HTTP:
curl -s -X POST http://127.0.0.1:16210/ \
  -H 'content-type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"getnetworkinfo","params":[]}'

Full method list in RPC reference below. Optional Prometheus metrics: add --metrics and scrape 127.0.0.1:16310.

6Peering — bootstrap once, then PEX takes over

A fresh node has zero peers because DEFAULT_SEEDS is empty in source — deliberately, per P2P networking above. Dial a known peer to bootstrap:

./target/release/bloch --testnet \
  --peer /ip4/213.188.208.175/tcp/16110 \
  --peer /dns4/blochv-node.fly.dev/tcp/16110

--peer repeats and accepts DNS multiaddrs. The first address above is a currently-reachable public bootstrap node; the second reaches the same public reference node this page's live panels query over RPC, dialed on its P2P port instead. Once connected, peer exchange (PEX) takes over — your node learns more peers, persists them, and redials on restart. After that first contact, your node is a seed for the next person.

# LAN or single-machine testing needs RFC1918/loopback addresses accepted:
./target/release/bloch --testnet --allow-private-peers \
  --peer /ip4/192.168.1.50/tcp/16110

No peer to dial? Start an island: run one miner and one relay pointing at each other on a single machine or LAN. On a network this young, every additional peer measurably matters — file what you find (attacks on the PoW design, consensus/reorg edge cases, IBD or networking failures, build failures on your platform) as public issues in the protocol repository. There is no private steward to report to quietly.

The node's JSON-RPC surface

RPC API reference.

JSON-RPC 2.0 over HTTP POST, default 127.0.0.1:16210 for your own node, or the public read-only reference endpoint below. Method names and response shapes are taken directly from src/rpc/mod.rs; example responses were captured live against the public node.

Descriptive, not guaranteed · this reflects the reviewed source at the time of writing. RPC surfaces on unaudited software can change without notice; treat every field name as a snapshot, and prefer reading src/rpc/mod.rs directly for anything load-bearing.
MethodParamsReturns
getnetworkinfonetwork, version, protocol, net_protocol, blue_score, blocks, peers, mempool, syncing, chain, pruned_height
getblockcounttip height (integer)
getdaginfotip, tip_blue_score, tip_blue_work, tip_height, block_count, tip_count, tips[], chain_length, k
getmempoolinfosize
getpeerinfopeer_count, syncing
getpeersconnected peer addresses/IDs, parsed from stored multiaddrs
getblockbyheight[height, verbose?]hash, height, blue_score, tx_count, timestamp, bits, nonce, parents[], merkle_root, size (+ transactions[] or txids[] if verbose)
getblock[hash_hex, verbose?]same shape as getblockbyheight, looked up by hash
getblockhash[height]block hash (hex string) at that height
getbalance[address]satoshis, bloch, utxo_count, address
getutxos[address]address, utxo_count, satoshis, bloch, utxos: [{txid, index, value, script_pubkey}]
getaddresscountaddresses_with_balance, utxo_entries — distinct on-chain wallets holding ≥1 UTXO
gettransaction[txid]transaction detail
getrawmempoolpending transaction ids
sendrawtransaction[hex_tx]broadcast result / error
getblocktemplateparents (current tips), height, blue_score, expected bits (via the same ASERT-Lattice function accept_block validates with), mempool transactions selected for the template, block subsidy, vesting delta
getchainstatstotal_blocks, total_txs, avg_txs_per_block, blocks_last_24h, txs_last_24h, avg_block_time_secs, current_difficulty, hashrate_hs, hashrate_human
getsupplydistributiontiers: [{label, address_count, total_sats, total_bloch, pct_of_supply}], total_addresses, total_sats, total_bloch
gethashratehashrate_hs, hashrate_human, avg_block_time_secs, current_difficulty
getdifficultyhistory[limit ≤ 100]count, points: [{height, bits, bits_hex, timestamp, target_hex}]
listtransactions[address, limit, start_height, end_height, offset]paginated tx history for an address with confirmations and direction
Additional methods exist in source (getblocktimepercentiles, gettxstatus, getaddressinfo, getmempoolstats, gettxsbyblock, getaddressbalance_at_height, getattestation, getpools) whose exact field sets are not detailed here — not exposed in the depth this reference reviewed; read src/rpc/mod.rs directly for their schemas.

Example — getnetworkinfo

curl -s -X POST https://blochv-node.fly.dev/ \
  -H 'content-type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"getnetworkinfo","params":[]}'

Live response, captured while building this page:

{
  "id": 1,
  "jsonrpc": "2.0",
  "result": {
    "blocks": 338836,
    "blue_score": 338835,
    "chain": "bloch-sis",
    "mempool": 0,
    "net_protocol": 1,
    "network": "mainnet",
    "peers": 30,
    "protocol": 1,
    "pruned_height": 0,
    "syncing": false,
    "version": "0.1.0-genesis"
  }
}

Example — getdaginfo

{
  "id": 1,
  "jsonrpc": "2.0",
  "result": {
    "block_count": 338808,
    "chain_length": 338808,
    "k": 10,
    "tip": "053f22634b33614a50e079122f8837183568e5ef760c6f339a71e6a7631e2a14",
    "tip_blue_score": 338807,
    "tip_blue_work": "731944",
    "tip_count": 1,
    "tip_height": 338807,
    "tips": ["053f22634b33614a50e079122f8837183568e5ef760c6f339a71e6a7631e2a14"]
  }
}

A quirk worth naming precisely

The CLI flag that selects the live mainnet-beta network is spelled --testnet — a historical name kept for compatibility, not a statement about which chain you're joining (see step 3 above). We checked whether this naming quirk also leaks into the RPC's own network field, since that's the more consequential place for it to matter: live queries against the public endpoint above return "network": "mainnet" correctly. If you see a build reporting the legacy string differently in some other field, treat the CLI flag name — not the RPC response — as the known quirk.

Don't take this page's word for it

Verify it yourself.

Every network figure on this page can be reproduced with a single curl command against a node that is not this page and not run by Postern Labs' own infrastructure narrative alone — it is the same public endpoint anyone can query, and the same repository anyone can clone and build from source.

Query the live chain

A public, read-only RPC endpoint, reachable right now:

curl -s -X POST https://blochv-node.fly.dev/ \
  -H 'content-type: application/json' \
  -d '{"jsonrpc":"2.0","id":1,"method":"getnetworkinfo","params":[]}'

Or skip the terminal entirely: the live block explorer on this site drives the same endpoint from your browser, refreshing every few seconds.

Verify the source, not a binary

Building from source, as in Run a node, is the strongest verification available — there is no official pre-built binary to trust instead. The repository address, again, as plain text because there is no official link:

gitlab.com/blochsispow-group/BlochSISPoW-project

A live view of the chain

Live block explorer.

Independent explorer — not official, not canonical. Bloch-SIS-PoW has no official explorer, so we built a small one: a client-side page that reads the public JSON-RPC of a single node (blochv-node.fly.dev) as a convenience, auto-refreshing the tip, the DAG state, and the most recent blocks straight in your browser. One node's view is not consensus — anyone can run their own, and the ownerless framing applies here exactly as everywhere else on this page.

Descriptive, not guaranteed · a single node's RPC responses, shown as-is. Not an audited data pipeline, not a consensus source, and the underlying chain is unaudited mainnet-beta.

Who decides what the protocol does

How the code evolves — governance without a controller.

This section is impersonal by design: it describes a model, not a person. No individual or entity is named here, because the point of the model is that none needs to be.

The code-evolution model — Bitcoin-style, no central authority

  • No entity controls upgrades. There is no admin key over the network, no foundation with a merge button that changes what live nodes run, and no privileged node whose software choice binds anyone else's.
  • Changes are proposals, not decrees. A code change takes effect on the network only if node operators and miners voluntarily choose to run it. Consensus, in the most literal sense, is simply "the rule set the network decided to keep running."
  • Coins do not vote. Holding a balance grants zero governance power over the protocol. Economic weight is not protocol control — GhostDAG-Q and SHAKE-256 hashcash validate blocks with no notion of who holds what.
  • Anyone may read, fork, patch, or propose. Divergent rules simply produce a fork; whichever network people actually keep running is the one that persists. This is adoption deciding outcomes, not a decree binding them.

The stated design principle

Whoever wrote the protocol's initial code wrote code, and nothing more. That act of authorship confers no ownership and no control over the network that later runs it — publishing a protocol is not the same act as governing one. The initial authorship role is, by stated design, meant to end: it carries no owner role, no controller role, and no special consensus power, and is intended to step fully away, leaving behind protocol that lives or dies purely by voluntary adoption. The absence of a controller is treated as a feature of the design, not an oversight to be corrected later.

This is a stated design intent — a letter of intent, in the same sense used elsewhere on this page — not a completed, technically-enforced guarantee. Nothing about GhostDAG-Q or the PoW rules can force a human being to stay silent or step back; what the design does is remove every technical lever (admin keys, privileged nodes, voting weight) that could be used to exercise control even if someone wanted to. Consistent with the rest of this page: nothing here is decentralized-and-safe by decree — it is decentralized to the extent that voluntary adoption, today, actually makes it so.

Where the protocol is headed

The intended path to community stewardship.

Bloch-SIS-PoW is, right now, in a moment of transition. It is live, unaudited, low-participation software with no owner — and the intended direction of travel is toward a wider, self-organizing set of stewards, not toward any single party accumulating more control.

What "coins don't vote" means here

The intended model mirrors Bitcoin's own history: protocol changes are not decided by weighted balance-holder votes. They propagate only through voluntary node and miner adoption — a change ships as software that node operators and miners choose to run, or don't. A large balance confers no formal say in that process; GhostDAG-Q and the PoW rule set don't check who holds what.

What "nothing is decentralized-and-safe yet" means

This is a design intent, not a completed transition. The network today is small, low-hashrate, and unaudited — properties that no governance model changes on their own. Describing an intended path to broader stewardship is not a claim that the protocol is already resilient against concentrated control; the disclaimer above applies in full, right now, regardless of where the protocol is headed.

This page does not speak for the protocol's future governance — nobody can, since nobody owns it. What's written here is a description of the design intent visible in how the protocol is built: no privileged consensus role for any address, an empty default seed list so no party is a mandatory bootstrap point, and reward/emission rules that are fixed in consensus code rather than adjustable by any operator.