INVARIANT

Bittensor's own whitepaper admits it: the digital ledger cannot audit the parameters of each model. Academic analysis of two years of on-chain data confirmed the consequence — rewards are driven by stake, not quality. Every subnet today trusts miner outputs. None of them can prove who produced the output, how it was produced, or whether that miner has been honest across their entire history.

INVARIANT closes all three gaps simultaneously:

INVARIANT is a Bittensor subnet that produces a cryptographically-verified INVARIANT Trust Score (NTS) per miner — derived from three independently unfakeable layers stacked into a complete trust infrastructure Bittensor has never had:

Layer 1 — SHA (Identity): Every miner registers a hardware-bound or hotkey-bound agent_id. For software miners: SHA-256(hotkey + model_hash + registration_block). For DePIN hardware nodes: Keccak-256(eFuse MAC + chip_model). This identity is immutable, clone-proof, and registered on-chain. It answers: WHO is this miner?

Layer 2 — Execution Receipt (Four-Gate Verification): Every tempo, every miner submits a 136-byte cryptographic receipt alongside their output. Four gates run in sequence — agent authorization, model approval, replay protection via monotonic counter, and SHA-256 digest verification. Any gate failure scores zero. No partial credit. It answers: HOW did this miner produce this output?

Layer 3 — OAP Lifecycle Engine: An append-only behavioral ledger that tracks every gate result, every violation, every clean tempo across the miner's entire history. Trust score runs 0–100. Violations accumulate as scars. Catastrophic behavior (3× replay violations) triggers a permanent cap at 40 — no programmatic reset. It answers: WHO HAS THIS MINER BEEN across every tempo they've ever participated in?

The emission formula is direct:weight = output_quality × (NTS / 100) × freshness

A miner with NTS 90 and perfect output earns 90% of maximum emissions. A miner with NTS 40 from prior violations earns 40% — permanently, until they rebuild history through clean behavior. Past behavior is not forgotten. It is priced into every future tempo.

Every major attack vector in Bittensor is structurally closed. Output caching fails because the execution hash includes the tempo ID. Output copying fails because agent IDs are hotkey-bound. Model impersonation fails because model hashes must match an approved registry. Replay attacks fail because the monotonic counter is mathematically airtight. Validator collusion is resisted because all four gates are deterministic — two honest validators on the same receipt always agree, and disagreement is provable on-chain.

This is not a whitepaper. The four-gate model is live on Arbitrum Sepolia at 0xD661a1aB8CEFaaCd78F4B968670C3bC438415615 with 89+ verified transactions, and on TON Testnet at kQBVqAhPv_ANWm0hfjJdLnQmvvC8_rQ_NEryVX3uFOUF05OP with 17+ verified transactions. Cross-layer SHA-256 and Keccak-256 parity is validated across 10,000+ test vectors.

The Rust engine processes 9,000+ receipts per second. 21 pytest tests pass covering all 8 attack vectors.

Execution is the claim. Proof is INVARIANT.

We entered this ideathon carrying three years of infrastructure work built independently across two live chains.

SHA — our hardware attestation primitive — was built to solve identity fraud in DePIN and robotics networks. It binds silicon-level device identifiers to on-chain verification using Keccak-256, deployed on Arbitrum Sepolia with 89+ live transactions and validated against 10,000+ cross-layer test vectors. A $25K Stylus Sprint grant application was submitted in February 2026.

TON-SHA — our agent trust primitive — ported the same four-gate execution model to the TON blockchain in Tact 1.6, achieving SHA-256 native verification at 0.03 TON per operation. It has been live on TON Testnet with 17+ verified transactions. A TON Fast Grants application was submitted alongside it.

OAP — our lifecycle governance engine — was designed because we kept watching DePIN and autonomous systems networks get destroyed by attackers who operated invisibly across time. A single-tempo verification system was not enough. We needed a permanent, append-only behavioral record with adaptive trust scoring, scar accumulation, and catastrophic flagging. OAP's architecture was published at orthonode.xyz before this ideathon began.

During the hackathon, we mapped each of these tools against Bittensor's structural limitations. SHA closes the identity gap — Bittensor cannot verify who a miner is. TON-SHA closes the execution gap — Bittensor cannot verify how an output was produced. OAP closes the history gap — Bittensor cannot verify who a miner has been. The fit was not engineered for this submission. It was already there.

We built INVARIANT — the convergence of all three into a single Bittensor subnet with a unified trust score, a deterministic emission multiplier, and a cross-subnet NTS API that any subnet operator can consume. The Python engine was ported and tested in Phase 1. The Bittensor miner and validator were implemented with full Axon integration. 21 tests were written and passed. The local subnet harness was built and verified. The Rust extension delivers 9,000+ receipts per second with PyO3 bindings.

INVARIANT is currently unfunded and bootstrapped. The project has been built entirely through self-funding by Orthonode Infrastructure Labs.