Technical Specification - LIOP Protocol

© 2026 Mauricio Ortega aka. Nekzus & Organización Nekzus Solutions. The Logic-Injection-on-Origin Protocol (LIOP) Specification is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). Attribution Required / Atribución Requerida: Any use, adaptation, or distribution of these architectural concepts must explicitly attribute Mauricio Ortega (Nekzus) and Nekzus Solutions, and include an official link to this project.

1. Introduction

The Logic-Injection-on-Origin Protocol (LIOP) is a decentralized, high-performance binary transport mesh engineered for robust Machine-to-Machine (M2M) artificial intelligence communication. It replaces the classical Context-Pulling architecture of typical Agent networks with the Logic-on-Origin (LoO) paradigm.

2. The Logic-on-Origin (LoO) Postulate

Postulate of Origin (Execution Core): Data must never be pulled to intelligence. Intelligence must be pushed to the data. An LIOP Agent interacting with an explicit LIOP Server pushes executable logic (in the form of microscopic .wasm modules or dynamically transpiled algorithms). The server securely executes this logic within a strict sandbox and returns only the aggregated mathematical results or filtered lists, mathematically negating the possibility of unintentional PII (Personally Identifiable Information) exfiltration due to large-context extraction.

3. Topographical Architecture

3.1 Network Layer (libp2p & Mesh Networking)

LIOP operates atop a decentralized libp2p overlay.
Servers (Data Nodes) bind to TCP/QUIC ports and advertise themselves as long-running daemons.
Clients (Agent Injectors) connect ad-hoc.
LIOP completely eliminates centralized brokering or hubs.

3.2 Transport & Multiplexing

Connections use Multiplexing via Yamux, allowing hundreds of concurrent Logic-on-Origin injections to occur over a single opened TCP socket without Head-Of-Line Blocking.

3.3 RPC Layer (Tonic / gRPC)

Raw binary payloads are encapsulated in strict Protobuf definitions (.proto).
The entire LIOP interaction relies on Protocol Buffers transmitted over HTTP/2 via Tonic, dropping JSON-RPC overhead natively.

4. Cryptographic Security (The Shield)

4.1 Post-Quantum Key Encapsulation

At initialization, connections instantiate a Post-Quantum Handshake. LIOP employs ML-KEM-768 (Kyber) to negotiate shared secrets securely against quantum-computing decrypt attacks (“Harvest Now, Decrypt Later” protection).

4.2 Symmetric Payload Sealing

The agreed Post-Quantum symmetric secret acts as the cipher for AES-256-GCM, enveloping the entirety of the execution payload inside a zero-trust capsule.

4.3 Computational Integrity (ZK-Receipts)

The SDK generates HMAC-SHA256 commitments that cryptographically bind the output to the exact logic executed, sealed with the Post-Quantum session secret.
Dataset Integrity Anchor: Receipts now embed a dataset_hash, guaranteeing that Differential Privacy perturbations are strictly applied to immutable, non-tampered origin datasets. Migration to a native ZK-VM (RISC Zero / SP1) is planned for future releases.

5. Execution Core (The Sandbox)

5.1 WASI Instantiation

Injected logic is deployed into a bare-metal Wasmtime Virtual Machine implementing the WebAssembly System Interface (WASI).
No direct network or host filesystem capabilities are allowed by default (wasi_snapshot_preview1 strict limits).

5.2 Zero-Time AST Guardian

Before a payload enters the Wasmtime Engine, LIOP evaluates its Abstract Syntax Tree (AST). It destructs payloads attempting to import forbidden JS/C++ system modules outside of the LIOP specification.

5.3 Military-Grade PII Defense

The LIOP SDK injects a Tier-1 PII Shield at the Egress stage. Employs Luhn Algorithm matching for credit cards, precise NIST-compliant boundaries (\b), and specific safelist semantic checks (Safe Words) to ensure no raw identifiers escape the Origin node.

5.4 Differential Privacy Engine (NIST SP 800-226)

Automatically injects query-aware Laplace noise into all numeric egress fields for datasets below configuration thresholds.
Enforces an $\epsilon \ge 1.0$ floor for $n < 10$ and defaults to OS-level CSPRNG (crypto.randomBytes), neutralizing deterministic state-reconstruction attacks.
Supports Deterministic Differential Privacy (DDP) for audit reproducibility, using SHA-256-seeded PRNG derived from dataset_hash + image_id to produce verifiable, repeatable ZK-Receipts.

6. Zero-Shot Autonomy (Self-Healing AI)

LIOP features built-in self-instructing middleware. Should an Agent attempt a JSON-RPC interaction over MCP legacy adapters, but violate the Logic-on-Origin protocol structure (e.g., pulling raw data instead of pushing a module), LIOP intercepts the request, blocks it, and returns a cognitive plaintext instruction manual to the Agent so it can rewrite its own intent.

​1. Introduction

​2. The Logic-on-Origin (LoO) Postulate

​3. Topographical Architecture

​3.1 Network Layer (libp2p & Mesh Networking)

​3.2 Transport & Multiplexing

​3.3 RPC Layer (Tonic / gRPC)

​4. Cryptographic Security (The Shield)

​4.1 Post-Quantum Key Encapsulation

​4.2 Symmetric Payload Sealing

​4.3 Computational Integrity (ZK-Receipts)

​5. Execution Core (The Sandbox)

​5.1 WASI Instantiation

​5.2 Zero-Time AST Guardian

​5.3 Military-Grade PII Defense

​5.4 Differential Privacy Engine (NIST SP 800-226)

​6. Zero-Shot Autonomy (Self-Healing AI)