Coprime-Factor Security Architecture

We disclose a security architecture in which defense layers are engineered to be mathematically independent in their failure characteristics, analogous to coprime factors. The design reduces correlated risk across cryptography, trust roots, codebases, runtime, supply chain, and control planes. We introduce the Independence Score (IS) and Common-Mode Risk Index (CMRI), with implementable patterns: dual-primitive encryption, split-vendor key ceremonies, dual policy consensus, multi-root attestation, and divergent transport protections. This work builds on defense-in-depth principles while introducing a quantitative model to minimize correlated failure surfaces across heterogeneous security layers. Related Work Traditional defense-in-depth architectures emphasize layered controls, but typically lack quantitative guarantees of independence between those layers. Foundational work includes Saltzer & Schroeder’s secure design principles, NIST SP 800-160, MITRE ATT&CK; dependency mapping, and cloud security models from NIST and ENISA. These frameworks recognize correlated failure risk but do not formalize a mathematical model for independence. Coprime-Factor Security establishes quantitative independence metrics, applies a number-theoretic analogy for trust separation, outlines measurable audit criteria, and provides implementable patterns (DPE, DPC, SVK, DT, TA). To our knowledge, no existing framework offers a mathematically-grounded operational standard for provably independent security layers.