Project LavaLamp

Timing side-channels
are real. Vendors
won't fix them. We did.

Every modern CPU leaks timing information through shared execution resources. All four major vendors declined to patch. The only current defense halves your server throughput. LavaLamp is a software-based solution that masks CPU timing side-channels on any x86 or ARM processor with SMT — at only 6% overhead.

Explore Products See the threat →
By The Numbers
93%
Signal Reduction
23.96% → 1.74%
99.79%
Entropy
Efficiency
~6%
CPU Overhead
(Software)
8/8
Statistical Tests
Passed (7 PASS, 1 MARG)
The Value

Disabling SMT wastes $2.45M
per 1,000 servers per year.

The vendor-recommended fix is to disable SMT entirely — a 50% capacity loss. LavaLamp recovers 47% of that wasted capacity while reducing the timing signal by 93%. Software-only. No hardware required. Zero application changes.

Coming Soon

Be first in line for
software that solves this.

Products are in pre-production. Join the waitlist to lock in launch pricing and receive an exclusive discount on your first license.

Early subscribers receive an exclusive launch discount

No spam. We will only email when products are ready to ship.

01 — The Threat

SMT is not a security boundary.

Modern CPU architectures share execution resources between simultaneous multithreading (SMT) sibling cores, creating a measurable timing side-channel. On AMD Zen 5 (Ryzen 9950X3D), the integer execution port scheduler exhibits a "winner-take-all" resource strategy. When a spy process saturates the ports, the SMT sibling suffers a reproducible latency penalty.

This signal is large enough to function as a "lidar" for neighboring execution flow, enabling trivial differentiation of instruction mixes. A malicious process can distinguish modular exponentiation from scalar operations, compromising cryptographic key material.

27.6%
Latency Penalty
Contention vs Idle
3,267
Baseline Cycles
Idle Sibling
4,171
Contention Cycles
Active Sibling
904
Net Latency Delta
Exploitable Signal
Vendor Responses

All four major vendors declined to mitigate.

Vendor Report ID Response Date
AMD Contact for details Closed: "Expected Behavior" Jan 2026
Google / Chromium Contact for details Won't Fix (Not Reproducible) Jan 2026
Microsoft MSRC Contact for details Does not meet MSRC criteria Feb 2026
NVIDIA PSIRT Contact for details "Expected behavior" Dec 2025

The unanimous vendor position: SMT is not a security boundary. The recommended mitigation is disabling SMT entirely, resulting in a 50% loss of system capacity — unacceptable for cloud infrastructure, data centers, and high-performance computing.

Why Software Mitigations Fail

The industry standard defense against SMT side-channels is constant-time programming. Our findings show this is insufficient on Zen 5:

The ALU is Already Constant-Time

Isolated IMUL instructions show 0% variance. The leak is not in instruction latency — it is in SMT resource contention between sibling threads sharing the same physical core.

Hardware Introduces Data-Dependent Usage

Even with architecturally balanced instruction sequences, the hardware introduces data-dependent resource usage between sibling threads. Software cannot control hardware-level resource partitioning.

Affected Systems

SMT is enabled by default on all AMD EPYC server processors, all AMD Ryzen processors, all Intel Core processors with Hyper-Threading, and NVIDIA Grace ARM server CPUs. The vulnerability affects every multi-tenant environment:

Public CloudAWS, Azure, GCP — cross-tenant key extraction possible
Web BrowsersCross-tab / cross-origin timing attacks via WebAssembly
VDI / CitrixCo-located desktop isolation bypass
CryptocurrencyHSM / wallet timing attacks on shared infrastructure
Post-QuantumML-KEM (Kyber) implementations vulnerable to timing differentiation
02 — The Solution

Entropic geometry, not random noise.

LavaLamp is built on the Egocentric Reference Framework (ERF) — a mathematical model that treats numbers as dynamic geometric folds. Its empirical instrument, the Goldbach Topological Calculator (GTC), views every even number as a partition into two primes and measures that partition through nine geometric "lenses."

The key insight: rather than injecting random noise (which a sufficiently patient attacker can filter out), LavaLamp generates deterministic-but-chaotic contention that mirrors the geometric structure of the computation being protected. The original signal becomes inseparable from the noise.

GTC Lens Functions
Figure 1 — Goldbach Topological Calculator Lens Functions
Active Neighbor Architecture

LavaLamp introduces a "Safe & Neighbor" thread model. The Safe Thread runs the protected workload. The Neighbor Thread is an active contention engine pinned to the SMT sibling core, generating cycle-accurate port contention using GTC-derived dither intensity.

Entropy Lens

A proprietary geometric function derived from prime partitions that drives the base dither pattern, ensuring continuous entropy coverage with no statistical gaps.

Curvature Lens

A proprietary amplitude-scaling function that modulates dither intensity proportionally to the computational geometry of the workload being protected.

Equilibrium Lens

A proprietary stability gate function that ensures the dither pattern maintains coherence across time windows.

Multi-Stage Entropy Engine

Multiple coprime maximal-length entropy generators with true random number seeding from hardware entropy sources (RDRAND/RNDR/urandom). Combined period exceeds 500 days of continuous operation.

Why This Beats Random Noise
Property Random Jitter LavaLamp (ERF)
Noise Floor Statistical, filterable Deterministic-chaotic, unfilterable
Adaptation None (fixed distribution) Workload-aware (GTC lens)
Exploitable Gaps Yes (statistical sampling) No (continuous entropy coverage)
Information-Theoretic Additive noise Structural masking
Mitigation Comparison

Head-to-head: every approach tested on AMD Zen 5.

Mitigation Signal Leakage Performance Tax Capacity
None (Unprotected) 23.96% 0% 100% (unsafe)
Disable SMT (Vendor Fix) 0% 50% 50%
Random Jitter ~8% ~30% ~70%
LavaLamp (Software PoC) 1.74% 6.14% 93.86%
LavaLamp (FPGA, projected) <1% <0.1% 99.9%

The software PoC achieves a 93% reduction in exploitable signal while consuming only 6.14% of CPU capacity, reclaiming 46.88% of compute capacity compared to disabling SMT.

Comparative Efficiency Analysis
Figure 2 — Comparative Efficiency: Mitigation Strategies
System Architecture
Figure 3 — LavaLamp System Architecture
03 — Products

Four products. Every use case covered.

From software-only CPU protection to FPGA-accelerated datacenter shields to standalone DRM. Each tier available as a machine-locked license or a shared node license for teams.

LavaLamp Software
$499/yr
CPU only • No hardware required
Software-only SMT side-channel mitigation for any x86 or ARM processor. The GTC entropy engine runs entirely in software at ~6% CPU overhead. For researchers, developers, and small teams.
  • Universal CPU (AMD, Intel, ARM)
  • No hardware required
  • ~6% CPU overhead
  • 93% signal reduction
  • Cross-platform (Linux, Windows)
  • Statistical validation suite
LavaLamp Lite
$1,995/yr
FPGA via USB / UART • 7 boards supported
FPGA-connected shield via USB, UART, or similar interfaces. Hardware-enforced dither generation at 100 MHz with <0.1% CPU overhead. Bring your own board or purchase separately. One-command build for any supported board.
  • Universal CPU + FPGA via USB/UART
  • <0.1% CPU overhead
  • 7 FPGA boards supported ($109-$549)
  • Goldbach Handshake DRM included
  • Centralized stats over UART
  • One-command universal build
LavaLamp Pro
$4,995/yr
FPGA via PCIe • Enterprise deployment
PCIe-connected FPGA for datacenter deployment. Hardware-enforced, OS-transparent, tamper-resistant mitigation at <0.1% overhead with real-time activity monitoring and fleet management. For enterprise datacenters and cloud providers.
  • PCIe Gen2/Gen3 FPGA cards
  • <0.1% CPU overhead
  • Real-time monitoring & alerting
  • Central management console
  • Priority support available
  • Volume pricing (10+: $3,495/yr)
LavaLamp DRM
$29,995/yr
Platform license • $4,995/yr per IP core
Goldbach Handshake — standalone FPGA DRM IP core. Challenge-response protocol using prime partition computation with per-device DNA fingerprinting. Universal FPGA support — portable to any vendor. For IP vendors and defense contractors.
  • Universal FPGA (Xilinx, Intel/Altera, Lattice, Microchip)
  • Goldbach partition (~2-20μs in hardware)
  • Per-device DNA fingerprint
  • Timing oracle (anti-emulation)
  • Proof-of-Presence for insurers
  • Enterprise unlimited: $74,995/yr
Software Lite Pro DRM

LavaLamp Software

CPU-Only License No hardware required

Pure software daemon that runs on any x86 or ARM processor with SMT. The GTC entropy engine generates entropy-mapped dither and applies it as active neighbor contention on SMT sibling threads, burying the ~27% timing signal to 1.74% at only ~6% CPU overhead.

CPU SupportUniversal — AMD (Ryzen, EPYC), Intel (Core, Xeon), ARM (Neoverse)
Hardware RequiredNone — pure software daemon
Signal Reduction93% (23.96% → 1.74%)
CPU Overhead~6% per protected core pair
OS SupportLinux (x86_64, aarch64), Windows
Validation8-test statistical suite: 7/8 PASS, 1 MARGINAL
DeploymentOne-command install via systemd service
TargetSecurity researchers, developers, small teams
License Options
Machine-Locked • Annual
$499/yr
Locked to a single machine. Includes updates and support.
Node License • Annual
$999/yr
Shared license. Multiple machines, concurrent use. Up to 5 instances.
Machine-Locked • Lifetime
$1,499
Perpetual. One-time payment. 12 months updates included.
Node License • Lifetime
$2,999
Perpetual shared license. Up to 5 instances. 12 months updates included.
Pre-Order Waitlist

Software licenses are coming.
Early access has its perks.

Join the waitlist to lock in launch pricing and receive an exclusive discount on your first license.

Waitlist members get priority access + launch pricing

No spam. We will only email when products are ready to ship.

04 — Validation

Validated on real hardware.
Statistically proven.

The GTC entropy engine has been validated with a comprehensive statistical test suite across thousands of samples on real hardware. All results from live systems, not simulation. Software and FPGA implementations share identical mathematical foundations.

Statistical Validation — 8-Test Suite
Test Result Status
Mean Within 0.06% of ideal PASS
Standard Deviation Within 0.03% of ideal PASS
Chi-Squared Uniformity Well within critical threshold PASS
Shannon Entropy >99.7% of theoretical maximum PASS
Unique Values 100% coverage PASS
Transition Rate Exceeds ideal rate PASS
Bit-Level Bias All bits within 49-51% PASS
Runs Test Well within acceptance region PASS
Autocorrelation (lag 1-10) Negligible autocorrelation detected PASS

All tests pass cleanly. Detailed results available under NDA for qualified enterprise customers.

Comprehensive Statistical Analysis
Figure 4 — 8-Panel Comprehensive Statistical Validation
Resource Utilization
<1%
LUT Utilization
<1%
Flip-Flop Utilization
100MHz
Dither Output Rate
Build & Verification
FPGAUniversal support — any FPGA vendor (Xilinx, Intel/Altera, Lattice, Microchip)
CPUUniversal support — AMD (Ryzen, EPYC), Intel (Core, Xeon), ARM (Neoverse)
TimingAll timing constraints met with positive margin
ThermalStable across operating temperature range
SoftwareCross-platform daemon — Linux (x86_64, aarch64), Windows
05 — Investors

Timing side-channels are real.
Vendors won't fix them. We did.

Project LavaLamp is seeking $90K seed investment to ship production software, validate across 17 FPGA boards from 6 vendors, build the PCIe Pro tier, file patents, and complete an independent security audit. We have a validated software engine, working FPGA prototype, and documented vendor refusal to mitigate a 27.6% timing side-channel vulnerability.

Milestones Achieved (Pre-Funding)
December 2025
Vulnerability discovered and documented on AMD Zen 5. Responsible disclosure initiated to AMD, NVIDIA.
January 2026
Disclosure completed with all four major vendors: AMD, Google/Chromium, Microsoft, NVIDIA. All four declined to patch.
April 2026
Software Shield validated: 24% signal buried to 1.74% leakage at only 6.14% performance cost. Tested on x86 + ARM.
April 2026
FPGA prototype operational: 98.4% Shannon entropy efficiency. Full 8/8 statistical test suite passed. 7 Xilinx boards supported with universal build system.
April 2026
Goldbach self-challenge DRM verified on live hardware: 26/26 proofs pass. Complete toolchain: synthesis + software + host analysis + DRM — fully automated.
Total Addressable Market
$8.2B
Data Center Security
12% CAGR
$1.8B
Server Security
Software
$42B
Cloud Security
Investment Summary
$90K
Total Seed
Investment
8 mo
Execution
Timeline
Mo 3
First Revenue
(Shield + Lite)
17
FPGA Boards
6 Vendors
Why Now

Every server with SMT enabled is leaking timing data right now.

The Vulnerability Is Real

AMD Zen 5 exhibits a 27.6% timing signal through SMT port contention — enough to distinguish cryptographic operations from neighboring threads. This affects every EPYC server, every Ryzen workstation, every cloud instance with SMT enabled (the default).

Vendors Will Not Fix It

All four major vendors — AMD, Google, Microsoft, NVIDIA — were notified through responsible disclosure. All four declined to patch. The only vendor-recommended fix (disable SMT) costs 50% of server capacity. That's $2.5M/year per 1,000 servers.

No Other Product Addresses This

Existing solutions (random jitter injection, SMT disabling) are either filterable by patient attackers or catastrophically expensive. LavaLamp's GTC-derived entropy is structurally unfilterable — it mirrors the geometric signature of the workload being protected.

First-Mover Advantage

The mathematical framework (Egocentric Reference Framework + Goldbach Topological Calculator) is novel with no prior art. Four patent claims ready for provisional filing. Defensive publications establish a documented timeline of independent discovery and responsible disclosure.

Seeking $90K Seed Investment

Production software, 17 FPGA boards across 6 vendors, PCIe Pro tier, security audit, and patent filing. Detailed roadmap and financials available under NDA.

Request Investor Deck
Vendor Refusal Documentation
Vendor Bug ID Response
AMD AMD-NSACNT3N "Expected Behavior"
Google / Chromium Issue 475937586 "Won't Fix"
Microsoft MSRC VULN-171518 "Does not meet criteria"
NVIDIA PSIRT Tracking 5775002 "Expected behavior"
Already Built (Pre-Funding)

GTC Dither Engine

8/8 statistical tests pass on real FPGA hardware. 98.4% Shannon entropy efficiency. Core mathematical engine proven in both software and hardware.

Goldbach Self-Challenge DRM

26/26 proofs verified on live FPGA hardware. Autonomous challenge generation from XADC thermal entropy. Per-device DNA fingerprinting.

Shield CPU-Only Daemon

Cross-platform software daemon tested on AMD Zen 5 x86, ARM-compatible. One-command install via systemd. 93% leakage reduction at 6% overhead.

7 Board Builds + Universal Build System

Artix-7 family: Arty A7-35T/100T, Basys 3, Nexys A7/Video, Neso A7, AtomMiner AM01. Single command per board: vivado -mode batch -source build_board.tcl -tclargs arty35

12-Page LaTeX Whitepaper

Publication-ready technical whitepaper with hardware validation data, statistical results, and architecture documentation.

Published Validation Data

4 JSON result files with 5,000+ samples. 4 publication figures. Private GitHub repo with clean commit history.

Intellectual Property

Novel claims with no prior art.

GTC Applied to Side-Channels

Method for masking SMT port contention timing signals using GTC-derived entropy mapped through Shannon Information and Curvature lenses. No prior art exists for applying the Goldbach Topological Calculator to side-channel mitigation.

Active Entropic Contention

The distinction between additive random jitter (filterable) and structurally-mapped chaotic contention (unfilterable) represents a new category of side-channel defense.

Goldbach Self-Challenge DRM

Hardware DRM using autonomous Goldbach partition computation with FPGA-speed timing oracle and per-device thermal/silicon fingerprinting. The FPGA generates its own cryptographic proofs without host cooperation.

Defensive Publications Filed

Four vendor disclosure filings (AMD, Google, Microsoft, NVIDIA) establish a documented timeline of responsible disclosure and vendor refusal, strengthening the case for independent remediation.

Team

Principal Researcher — CEO

Creator of the Egocentric Reference Framework and Goldbach Topological Calculator. Discovered the Zen 5 SMT port contention vulnerability. Reported the vulnerability to AMD, Google, Microsoft, and NVIDIA through responsible disclosure.

Lead FPGA Engineer

Designed and implemented the FPGA prototype (7 boards across Artix-7 family), the cross-platform software engine, the universal board build system, and the Goldbach Handshake DRM with full validation infrastructure.

Get In Touch

We are selectively partnering with investors, compute providers, and enterprise customers who understand the urgency of CPU-level compute security.

Contact Us
Contact

Start a conversation.

Whether you're an enterprise customer, a potential investor, or a research partner — we'd like to hear from you.

For enterprise sales, volume pricing, or investment inquiries, reach us directly at 0xcircuitbreaker@protonmail.com

For sensitive inquiries, we recommend using PGP-encrypted email.