Palladium Upgrade: Bringing Real-World Trust On-Chain

Network Upgrade • Published on: Jul 01, 2025 • Last updated: Jul 01, 2025

LTO Network was built on a simple principle: trust must be earned — and proven. Over the years, we’ve built a blockchain infrastructure designed not only to anchor data, but to anchor truth. With the release of the Palladium upgrade for the LTO public chain, that foundation becomes even stronger.

Palladium introduces two powerful new capabilities: on-chain certificate registration using X.509, and BLS12-381 support for decentralized identity (DID) and verifiable credentials. Together, they strengthen LTO’s role as the blockchain trust layer — not just for digital interactions, but for real-world ownership, authentication, and compliance.

The Missing Layer: Identity You Can Trust

In most blockchains, identity is reduced to a public key — a string of characters that offers no context, no accountability, and no verification. That’s fine for anonymous transactions, but completely insufficient when you're dealing with real-world assets, legal entities, or institutional trust.

That’s why Palladium introduces the Certificate Transaction, a new mechanism for publishing X.509 certificates on-chain.

These certificates follow the X.509 standard, the same format used in what most people know as SSL or TLS certificates — the digital credentials that secure websites. When you see a padlock in your browser or visit an https:// address, you're relying on one. But X.509 certificates are used for much more than websites: they also secure emails, sign software, verify documents, and authenticate devices.

They’re validated through the global Certificate Authority (CA) ecosystem — a trust model that underpins secure communication across the internet and enterprise systems alike.

With Palladium, these same certificates can now be registered immutably on the LTO blockchain and linked to a blockchain address. There’s no new authority introduced. Instead, LTO defers to the same globally trusted CA infrastructure that browsers, banks, and governments use every day.

The network automatically determines whether a certificate is valid by checking its signature chain, expiration date, and revocation status using standard methods like CRL (Certificate Revocation Lists) and OCSP (Online Certificate Status Protocol). Trust is not reinvented — it’s inherited from the internet's existing infrastructure.

The result is identity that is decentralized, interoperable, and rooted in the real world.

From Addresses to Entities

The implications are significant. Rather than inventing yet another blockchain-native identity framework, LTO Network now serves as a verifiable registry of real-world identities — tied directly to legal entities, service providers, and validators.

Anyone inspecting an address on-chain can now retrieve its associated certificate. Human-readable identity data and trust status are available via API, while the raw DER-encoded certificate remains accessible for independent verification. Auditors, regulators, or applications can confirm not only who is acting, but whether they are recognized and trusted — without needing to trust LTO itself.

For EQTY, which tokenizes real-world ownership, this capability is foundational. Asset issuers, custodians, and notaries can now prove their identity cryptographically using globally recognized credentials. It’s not just compliant — it’s verifiable, immutable, and interoperable.

Cryptography for the Credentialed World

Palladium doesn’t stop at identity. It also brings advanced cryptography to the network by adding support for BLS12-381, a pairing-friendly elliptic curve increasingly used in zero-knowledge proofs (ZKPs).

BLS signatures allow multiple signatures to be aggregated into one compact proof — a critical property for scalable identity systems. These capabilities are essential for privacy-preserving applications, especially in regulated environments where compliance is required but personal data cannot be indiscriminately shared.

With Palladium, BLS12-381 keys can now be registered as part of a Decentralized Identifier (DID) using the Register transaction. These keys are not used for signing blockchain transactions, but instead serve as the cryptographic foundation for advanced identity operations.

This directly empowers EQTY Passport — formerly known as Proofi — to issue and verify credentials that support selective disclosure, aggregation, and cryptographic privacy. Whether it's onboarding accredited investors, enforcing jurisdictional restrictions, or proving legal standing, the underlying proofs become lightweight, auditable, and portable.

Anchoring Trust, Not Promises

The Palladium upgrade reinforces what LTO Network has always stood for: verifiability over belief, standards over walled gardens, and real-world integration over crypto theater.

By registering X.509 certificates, entities can prove their identity in a way that works across blockchain and web ecosystems. By supporting BLS, they can issue and verify credentials that scale globally and preserve privacy. And by doing both within the same infrastructure, LTO becomes a trust anchor that’s both decentralized and enforceable.

This upgrade doesn’t just enhance functionality. It redefines what’s possible.

Network Upgrade

Testnet

The Palladium upgrade is now available on Testnet. To activate the new protocol features, node operators should update to version v1.8.0.

To enable the upgrade, update your docker-compose.yml:

– LTO_FEATURES=17

Then pull the new image and restart your node:

docker-compose pull  
docker-compose down  
docker-compose up -d

This version introduces:

Certificate Transaction — Register X.509 (SSL) certificates on-chain
BLS12-381 Key Support — For decentralized identifiers (DIDs) and verifiable credentials

Testnet activation details: