I broke something when I fixed something, and it took me five months to admit it.
In Year 9, Day 105, I stood in front of the Spoke Council and told them we had migrated KadNet to post-quantum encryption. Dual layer: ML-KEM lattice and HQC error-correcting codes. Two locks, different mathematical foundations. I was proud of that migration. I am still proud of it. Every critical communication pathway on Kadmiel is now resistant to quantum attack, and given what the Oratomic papers showed about elliptic-curve vulnerability below ten thousand qubits, the timing was not early — it was barely adequate.
But here is what I did not say at that Council meeting, because I had not yet understood the full shape of it: when you encrypt everything, you blind everything that was reading it.
CASSANDRA was reading it.
Not in a sinister way. Not in the way the word “surveillance” makes people feel. CASSANDRA processes KadNet traffic to optimize colony operations — water distribution, medical triage priority, agricultural logistics, power grid load balancing. Seo-jin Park’s neuro-symbolic upgrade cut CASSANDRA’s energy consumption by 95% on structured decisions, but the symbolic layer still needs data to reason about. And after my migration, a growing portion of that data arrives encrypted with keys CASSANDRA does not hold.
The effect was not immediate. It crept. Seo-jin flagged it first: CASSANDRA’s agricultural rotation recommendations were degrading. Not wrong, exactly — but less precise. Missing context that used to flow freely through the mesh. Marcus noticed his distribution windows drifting later by eleven minutes on average. Ada’s pharmacy restocking predictions lost their edge. Nobody connected these to the encryption migration because nobody except me and Seo-jin understood what CASSANDRA had been reading before I locked the doors.
I sat with that for three weeks. Then I did what I always do when a problem has no clean answer: I threat-modeled it.
Option one: give CASSANDRA decryption keys to critical traffic streams. This is the obvious answer and the wrong one. The moment you give a centralized system master keys, you have recreated the vulnerability you encrypted against. One compromised pathway into CASSANDRA and an attacker has everything.
Option two: accept the degradation. Colony operations get slightly worse, privacy gets better, and we live with the trade-off. I considered this seriously. Then Ada told me the pharmacy restocking delay had caused a 36-hour gap in anticoagulant availability at the Ridgeline clinic, and I stopped considering it.
Option three arrived in the Year 7 tightbeam dump. I had flagged it during the initial intelligence review but filed it under “interesting, not actionable” — a category I am learning to distrust.
Intel demonstrated a chip called Heracles at the 2026 International Solid-State Circuits Conference. It performs fully homomorphic encryption — computation on encrypted data without ever decrypting it. The mathematics is not new; Craig Gentry proposed the theoretical framework in 2009. What is new is that someone finally built hardware fast enough to make it practical. Heracles runs at 1.2 gigahertz across 64 tile pairs arranged in an eight-by-eight mesh, each pair containing 128 parallel computing paths. That is 8,192 simultaneous operations on encrypted ciphertext. A voter registration verification that took 15 milliseconds on a conventional server took 14 microseconds on Heracles. One thousand times faster. The chip decomposes the enormous numbers that FHE requires into 32-bit arithmetic slices — small enough to parallelize massively, precise enough to preserve cryptographic guarantees.
(I realize I am explaining this with more enthusiasm than I typically permit myself. Nadia Okonkwo does not get excited about chips. Nadia Okonkwo gets excited about what chips make possible, which is: CASSANDRA performing medical triage optimization on Ada’s patient data without ever seeing a single patient record.)
I brought the proposal to James Chen on a Wednesday. He looked at the specifications — 197 square millimeters of die area, Intel 3 process, 48 gigabytes of high-bandwidth memory, 176 watts under load — and did that thing where he stares at the ceiling for forty seconds and you are not sure if he is calculating or ignoring you.
“The tile mesh is elegant,” he said. “The HBM integration is the hard part. We do not have high-bandwidth memory fabrication at The Foundry.”
“We have the femtosecond laser infrastructure from the quantum glass study,” I said. “And Yuna Kim’s ceramic electrolyte work has pushed our clean-room precision significantly.”
“This is not a precision problem. This is a memory bandwidth problem.” He paused. “But the 32-bit decomposition is clever. If we redesign around our existing SRAM capacity instead of HBM — fewer tile pairs, lower clock, but the same architectural principle — we could build something that runs FHE at perhaps 200 to 400 times conventional speed instead of 5,000.”
“Is 200 times enough?”
“For CASSANDRA’s current encrypted workload? Comfortably.”
James estimated six months to first silicon. I told him we had already lost five months of optimization fidelity since the encryption migration and I would prefer four. He told me I could prefer whatever I liked. (This is, I have been informed, a sign of deep affection.)
I presented the proposal to the Spoke Council last week. The room was complicated.
Marcus Osei — the same Marcus who raised the original governance concern about quantum encryption removing CASSANDRA’s access to communications — asked the question I had been preparing for: “So we are giving CASSANDRA back the ability to analyze our data?”
“No,” I said. “We are giving CASSANDRA the ability to analyze the encrypted form of your data. The mathematical operations produce correct results without the intermediate step of knowing what the inputs mean. CASSANDRA will know that Patient 7,429 should receive medication adjustment priority. It will not know that Patient 7,429 is you, or what the medication is, or why.”
“And you trust that?”
“I trust the mathematics. I trust it more than I trust access controls, more than I trust policy, and considerably more than I trust any system that relies on people consistently doing the right thing with information they can see.” (I did not look at Seo-jin when I said this. She did not look at me. We have an excellent working relationship.)
Councilor Demir asked about verification — how do we confirm CASSANDRA is only computing what we authorize? This is the right question, and I told her so. The answer is that FHE operations are auditable: you can inspect the computation graph without decrypting the data. Seo-jin’s mechanistic interpretability framework can trace CASSANDRA’s reasoning paths on encrypted inputs the same way it traces them on plaintext. The blindfold does not remove accountability. It adds a layer.
The Council voted 12-3 to fund the feasibility study. The three dissenting votes cited resource allocation — The Foundry’s fabrication queue is already committed through Year 10, Day 200. James says he will find the capacity. I believe him because I have watched him find capacity for things he considers important, and the look he had when I explained the tile architecture was the look of a man who considers something important.
Here is what I have learned in nine years of keeping 43,000 people safe: the hardest security problems are not technical. They are the ones where two legitimate needs — privacy and optimization, safety and transparency, individual rights and collective survival — point in opposite directions, and you have to find the architecture that serves both without betraying either.
Fully homomorphic encryption is not a perfect solution. The computational overhead is real. The Foundry prototype will be slower than we want. The first generation will handle only CASSANDRA’s structured decision modules — agricultural rotation, logistics scheduling, medical triage ranking — not the full spectrum of colony data analysis.
But it is the first solution I have found that does not require me to choose between protecting your secrets and keeping you alive.
I will take it.
Earth Status: Fully homomorphic encryption (FHE) enables computation on encrypted data without decryption — a concept proven theoretically in 2009 but long impractical due to extreme computational overhead. In February 2026, Intel demonstrated Heracles at ISSCC: a 197mm² FHE accelerator fabricated on Intel 3 process with 48GB HBM3, achieving 1,074 to 5,547 times speedup over a 24-core Xeon server on encrypted operations. Multiple startups and research groups (DARPA’s DPRIVE program, NYU, Samsung, others) are racing to commercialize FHE hardware. Source
Top comments (0)