• Two's complement thruout — no dedicated sign bit, no bias, unbroken number line; single sentinel exponent replaces IEEE's five special-case categories
• Escaped values (Exploded/Vanished) preserve sign and orientation beyond representable range — unlike IEEE ±∞, they continue participating in absolute operations; multiplicative identity a×b=0 iff a|b=0 preserved, which IEEE violates
• GPU kernels (HIP/WebGPU): division 2.24× faster than native f32 on RX 6800; single runtime-selectable datapath covers 16 precision combinations — ~48% smaller than an equivalent multi-width HardFloat instantiation

Measured on FPGA silicon via CE-gated self-test harness.

• VSF: content-addressed binary serialization — BLAKE3 provenance hash mandatory on every document, ed25519 signatures, EWE variable-width encoding with no ceiling, schema-free wire format; native spectral colour support (AGB primaries)
• TOKEN: passless cryptographic identity — social key recovery, no central authority, device fingerprint attestation; A=1 (authenticate once per device lifetime, never again)
• CLUTCH: twelve-layer post-quantum key exchange

• A=1: passwords prove nothing about identity — only that you know a secret. Photon authenticates once via social attestation (two humans who know you vouch in person), then never again
• Identity is hardware-bound — keys derived deterministically from device fingerprint, never stored; lose your devices, trusted contacts reconstruct your identity via key sharding
• Rolling-chain encryption: each message cryptographically depends on all previous messages — deletion and editing break the chain, making tampering provably detectable for the first time in any messenger
• True P2P — no message servers means no legal vulnerability, no subpoena surface, no surveillance; FGTW DHT provides peer discovery without ICANN or certificate authorities

• Ring memory replaces page tables — two's complement wraparound, 2-instruction bounds check, no TLB, no MMU page walks; continuous per-process offset rotation makes ROP impossible by construction
• Structural elimination, not mitigation — fork, signals, setuid, VFS, OOM killer, ~340 of Linux's ~350 syscalls: these do not exist in the architecture, they are not sandboxed or patched around
• Five kernel responsibilities only: memory (rings + grants), scheduling, capability-gated IPC, boot (vault root scan), interrupt routing — every driver is a restartable userspace process
• Killswitch-ready: hardware power cutoff, no software in the loop; vault root ring restores last committed state in 16 reads (O(log₂ 65536), BLAKE3-chained entries, dual UFS/SD mirror)
• Bare-metal verified on hardware: DWC3 USB controller, SD 4-bit block I/O, 72KB kernel hot-reload over Photon Transport in under 1s — no fastboot required

• Independent power domain: constant current sink makes power draw invariant to computation — shared-rail power analysis eliminated at the hardware level, not managed
• Asynchronous clock: timing correlation provably defeated — pin probing and DPA attacks have no signal to lock onto
• Photonic isolation: EM barrier between secure and host domains — passive and active correlation attacks structurally impossible within the non-photonic threat surface

• Per-process base and limit registers — no MMU, no TLB, no page table walks, no broadcast TLB shootdown on context switch
• Invalid accesses return cipher output derived from a hardware-protected key and the accessed address — indistinguishable from valid data without the key; both paths execute unconditionally on every access, power signature identical for valid and invalid
• Context switch: one clock edge to update current_pid — seL4's 300-cycle world-record becomes irrelevant as a design constraint
• Toroidal address space under two's complement — null pointer dereference class structurally eliminated

• Duplex fiber polarity and loss diagnosis without equipment at the far end — single technician, no loopback, no coordination required
• 605nm / 515nm matched-luminosity LEDs — colourblind-safe by design; direct application to SFP link qualification, duplex A/B polarity, multi-run identification