The Stateless Pattern: Ephemeral Coordination as the Third Pillar of Digital Sovereignty

For the past three decades, the architecture of the internet has rested on two primary pillars - communication on the World Wide Web and Value such as Bitcoin/Distributed ledgers. However, a third critical pillar, Private Coordination has remained dependent on centralised intermediaries, effectively creating a surveillance architecture by default. This paper introduces the ‘Stateless Pattern’, a novel network topology that replaces the traditional ‘Fortress’ security model (database-centric) with a ‘Mist’ model (ephemeral relays). By utilising client-side cryptography and self-destructing server instances, we demonstrate a protocol where the server acts as a blind medium rather than a custodian of state. We present empirical data from a live deployment (https://signingroom.io), analysing over 1,900 requests and cache-hit ratios to validate the system’s ‘Zero-Knowledge’ properties and institutional utility. The findings suggest that digital privacy can be commoditised as a utility, technically enforcing specific articles of the universal declaration of human rights not through policy, but through physics.

💡 Research Summary

The paper argues that the modern Internet rests on two well‑established pillars—Web‑based communication and value transfer via distributed ledgers—but that a third pillar, private coordination, remains dependent on centralized intermediaries that create a de‑facto surveillance architecture. To address this gap, the authors introduce the “Stateless Pattern,” a network topology that replaces the traditional “Fortress” security model (databases surrounded by firewalls) with a “Mist” model built on ephemeral relays.

The core idea is to make the server a blind, stateless conduit that never sees plaintext data. Clients generate a 256‑bit AES‑GCM key inside the browser, embed it in the URL fragment (the part after ‘#’), and share a UUID‑based room identifier with peers. The key never leaves the client; the server only receives encrypted blobs. A Cloudflare Durable Object is spun up for each room, acting as an in‑memory message broker. When the room is closed or after a hard‑coded 24‑hour inactivity timeout, the object executes a deleteAll() operation that wipes both RAM and any persisted storage, guaranteeing forward secrecy through physical erasure.

In practice the system—implemented as SigningRoom.io—enables real‑time collaborative signing of Partially Signed Bitcoin Transactions (PSBTs) for multisig workflows. Participants upload encrypted PSBT fragments, the server broadcasts them to all connected peers, and each client locally merges signatures and validates the transaction. No private keys ever leave the hardware wallet or browser, and the server holds no persistent logs, user accounts, or databases.

Empirical data from a live deployment show over 1,900 PSBT exchange requests with a cache‑hit ratio effectively zero, confirming that the server never stores transaction data. Traffic analysis resistance is achieved by randomising packet sizes and timing, and by the absence of long‑term identifiers that could be correlated across sessions.

Beyond technical merits, the authors discuss regulatory implications. Under Basel III, custodial holdings of crypto assets attract high risk‑weight capital charges. Because the Stateless Pattern never custodialises private keys, it sidesteps the definition of “custody,” allowing financial institutions to facilitate multisig settlements without incurring prohibitive capital requirements.

The paper also frames the design as a concrete enforcement of human rights: it maps UDHR Article 12 (privacy) and Article 17 (property and security) onto the system’s architecture, arguing that privacy must be guaranteed by physics (the impossibility of data existence) rather than by policy promises.

In summary, the Stateless Pattern provides a pragmatic, physics‑based solution to the missing third pillar of digital sovereignty. By combining client‑side end‑to‑end encryption, ephemerally instantiated blind relays, and automatic data destruction, it delivers the reliability of a central server while preserving the privacy guarantees of peer‑to‑peer networks. The authors suggest that this approach can be extended to other domains requiring confidential coordination, such as electronic voting, medical data sharing, and cross‑institutional finance, thereby advancing both security and regulatory efficiency.