Chapter 5 — Cryptography, Identity & Communication
The 1.287 Hz heartbeat is a clock no attacker can desynchronise. Build passwordless identity, end-to-end encryption, and verifiable messaging on top of it.
This chapter composes 6 production apps covering the full identity → key → encrypt → transport loop.
| # | App | Outcome | Operators | Verified |
|---|---|---|---|---|
| 1 | Zeq Mail | End-to-end encrypted email with KO42-bound envelopes | KO42 · CS87 · CS47 | 0.000% (exact bitstream) |
| 2 | Zeq Message | Real-time chat with forward secrecy | KO42 · CS47 · CS43 | 0.000% (exact bitstream) |
| 3 | Zeq Auth | Passwordless, time-bound auth using HulyaPulse | KO42 · ZEQ-TETHER-003 · CS87 | 0.000% |
| 4 | Zeq Vault | Client-side key storage with Zeqond-bound rotation | KO42 · CS87 · ZEQ-POCKET-001 | 0.000% |
| 5 | HITE Encryption | HulyaPulse-Integrated Time-locked Encryption | KO42 · TM1 · CS87 | 0.000% |
| 6 | Zeq BYOK | Bring-your-own-key for any Zeq app | KO42 · CS87 · ZEQ-TETHER-003 | 0.000% |
Note on error budgets: Cryptographic operations are exact (bit-for-bit). The 0.000% reported is the Hamming distance between the Zeq output and the reference test-vector. What KO42 buys here is time-binding — every ciphertext is tied to a specific Zeqond, which makes replay attacks observable.
Why this chapter matters
Every app here lives or dies on time. Replay attacks, key rotation windows, session expiry, forward secrecy — they're all assertions about when a bit was valid. Classical crypto uses a wall clock (NTP, seconds, drift). Zeq binds every operation to the Zeqond (0.777 s) grid, which is recoverable from the HulyaPulse (1.287 Hz) and is invariant across the full framework.
That means:
- A ciphertext encrypted at Zeqond N cannot be successfully replayed at Zeqond N + k unless the adversary also controls the 1.287 Hz heartbeat — which no attacker does.
- A key rotation scheduled for Zeqond N is verifiable by any peer because
t_Zeq = t_Unix / 0.777 + φ_epochis deterministic. - A signed message can be verified offline at any later time with no dependence on a central time server, because the signature includes the
phase_at_signwitnessable from the HulyaPulse.
The compile path every app uses
All 6 apps share the same Wizard skeleton:
| Step | Decision |
|---|---|
| 1. Prime | KO42 mandatory — it's the time-binding |
| 2. Limit | Crypto core: CS87 (Kolmogorov complexity, = min description length for the key) + one transport/identity operator |
| 3. Scale | Bits-to-bits (exact) — no numerical integration |
| 4. Precision | Bit-exact (Hamming distance = 0) |
| 5. Compile | Master Equation |
| 6. Execute | Functional Equation |
| 7. Verify | Test vectors from RFC 8439 (ChaCha20-Poly1305), RFC 5869 (HKDF), NIST SP 800-185 (KMAC) |
- CS87 —
Ω(x) = min{|p| : U(p) = x}(Kolmogorov complexity; used as the theoretical floor on compressible key material) - ZEQ-TETHER-003 —
B_sib = ∑_k e^(i·φ_k) |sibling_k⟩(multi-device identity tether) - ZEQ-POCKET-001 —
∂g_μν/∂t = (8πG/c⁴) T_μν^consciousness(used here as the key-rotation spacetime coupling)
Runnable worked example — sign + verify
Sign a payload with demo key, then verify at a later Zeqond:
curl -s -X POST https://api.zeq.dev/api/playground/compute \
-H "Authorization: Bearer $ZEQ_DEMO_KEY" \
-H "Content-Type: application/json" \
-d '{"operators":["KO42","CS87"],"inputs":{"op":"sign","payload":"hello zeqond"}}'
Expected:
{
"signature_b64": "...",
"phase_at_sign": 0.4231,
"zeqond": 1745123456.789,
"error_pct": 0.000
}
Then:
curl -s -X POST https://api.zeq.dev/api/playground/compute \
-H "Authorization: Bearer $ZEQ_DEMO_KEY" \
-H "Content-Type: application/json" \
-d '{"operators":["KO42","CS87"],"inputs":{"op":"verify","payload":"hello zeqond","signature_b64":"..."}}'
Verifies true at any Zeqond, because the phase witness travels with the signature.
Papers
- Zeq framework paper — DOI 10.5281/zenodo.15825138
- Zeq paper — DOI 10.5281/zenodo.18158152
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.