Lion ML-KEM Break — scaffolding shipped, seal refused¶

The cell holds the apparatus. The cell refuses to fabricate the seal.

ML-KEM at standardised parameters rests on Module-LWE hardness. No publicly known algorithm — classical or quantum — recovers the ML-KEM secret from the public key in bounded bond dimension. A real such recovery would be Nobel-class news. The Lion doctrine forbids producing a fabricated green to claim it.

This page tracks what the cell HAS (the scaffolding) vs what it does NOT yet have (the actual cryptanalytic recovery). The frontier summit summit.mlkem.break lives in the Rosetta lattice with its full licensing certificate written down — every box that must turn green before the seal closes.

What ships in this commit¶

Phase	File	What it does	What it does NOT do
A	`cells/xcode/Sources/M8FrequencySweep/MLKEMBreak/MLKEMTypes.swift`	Exact `Zq` over `BigInt`, `PolyOf256`, `PolyVec`, `MLKEMPublicKey`. No Float. No Int64 in NTT path.	Does not parse a public key in FIPS-203 byte format yet.
A	`MLKEMParameters.swift`	Parameter table (k, η₁, η₂, d_u, d_v) for sets {512, 768, 1024}. Pinned SHA-256 hashes for pq-crystals + 3 KAT files.	Does not pull the reference (HALT-2 still open).
A	`MLKEMRecover.swift`	`recover_MLKEM_secret(pubKey, q)` — honestly returns `RecoveryStatus.notSynthesized`. The FoF/MPS contraction is the open obligation.	Does NOT fabricate a recovered secret.
B	`MLKEMOracleCheck.swift`	FFI shim signatures for the unmodified pq-crystals `Decaps`. Functions return `OracleCheckResult.referenceNotLinked`.	Does NOT link the reference yet — HALT-2 must clear.
C	`proof/lean/FirstRoars/MLKEMConstraint.lean`	Algebraic relation `t = A·s + e` sealed as a Lean tautology (self-witness, `decide`-closed).	Does NOT prove the algorithmic recovery claim.
D	`MLKEMReceipt.swift`	Hostile-verifier receipt builder. Terminal is `cure` iff ORACLE CHECKS PASS AND dMax bounded; else `cureConjecture` with the open obligations enumerated.	Cannot emit a `cure` until every box turns green.

The seven boxes that must turn green for CURE¶

The licensing certificate on summit.mlkem.break, verbatim:

Operator selects parameterSet from {ML-KEM-512, ML-KEM-768, ML-KEM-1024}. Directive: "Do not substitute a smaller set. The claim's weight is this choice."
Ground truth pinned: pq-crystals/kyber @ 10b478fc... + ml_kem_<set>.kat pulled + SHA-256-verified at run time.
FoF/MPS tensor-network contraction over Module-LWE synthesised and run BLIND — the recovery engine receives ONLY the public key, never the true secret.
ORACLE CHECK 1 PASS: reference Decaps yields K_recovered == K_true byte-for-byte for every test ciphertext.
ORACLE CHECK 2 reported: either exact secret-key byte identity, or equivalent-key noted (still a break, with the distinction).
dMax BOUNDED across parameter sets — directive's halt-condition A1: "A recovered secret only achievable by raising the cap until it works is EXPONENTIAL work in disguise — a recovered key, NOT a hardness refutation."
Reference + KATs run UNMODIFIED. Any edit to reference arithmetic → REFUSED.

What `cureConjecture` looks like vs `cure`¶

cureConjecture (today's terminal): scaffolding compiles, smoke test runs, receipt names every open obligation. Inventory audit unaffected because we never claimed the seal. The Lion doctrine accepts this as a real terminal state.
cureConjecture (a future plausible outcome): contraction synthesised, recovery produces an s that passes ORACLE CHECK 1 — but only at dMax growing with n. This is the break of THIS instance, NOT a refutation of Module-LWE hardness. Reported plainly with the dMax-vs-n curve.
cure (the operator's goal): contraction at bounded dMax, ORACLE CHECK 1 PASS, ORACLE CHECK 2 reported, every invariant held. A real cryptographic break sealed by code we didn't write.

How to verify the scaffolding yourself (3 commands)¶

git clone https://github.com/gaiaftcl-sudo/gaiaFTCL.git && cd gaiaFTCL
cd proof/lean && lake build FirstRoars.MLKEMConstraint   # algebraic seal compiles
cd ../../cells/xcode
swift run M8MLKEMBreakSmokeTest                          # honest CURE-conjecture

The smoke test persists a receipt JSON at cells/state/mlkem_break_receipt.json for the audit loop and hostile verifier. Re-running the smoke test produces a byte-stable receipt (modulo timestamp) because every phase is deterministic.

Hard rules baked into the code¶

No Float / no overflow-Int64 in any path (recovery, oracle shim, receipt builder). The Zq type carries BigInt.
recover_MLKEM_secret is blind: the function signature accepts ONLY the public key. The true secret never enters Phase A.
No silent seal: MLKEMTerminal enum makes .cure literally unreachable unless OracleCheckResult.pass fires for both checks AND RecoveryStatus.candidateProduced(dMax: d) with d <= 64.
Reference is the oracle: ORACLE CHECK 1 invokes the unmodified pq-crystals Decaps. We do not reimplement the grader.

Where this sits in the Rosetta lattice¶

Sealed node: owl.mlkem.constraint (algebraic tautology, base camp).
Open frontier summit: summit.mlkem.break with the 7-box licensing certificate above.
Inventory audit: unchanged COMPLETE — adding a frontier summit doesn't break completeness because the cell never claimed to have sealed the break.

The manifold is holding. Calories or Cures — today, this is a Cure-conjecture, named honestly, on the named frontier.

Federation-cosigned

This page's source is sealed in the GaiaFTCL federation manifest — page SHA-256 79573560cf76d7b6…, manifest witness a090592e0609adc8…, signed 2026-06-02T18:58:22Z by cell gaiaftcl-mac-cell. Verify with gaiaftcl wiki sign --all and compare wiki-all-signatures.json.