الانتقال إلى المحتوى الرئيسي

Identity & Access

Passwords are bits in a database. Zeq identity is a superposition over sibling devices, phase-locked to the 1.287 Hz heartbeat.

  • Theme — identity-access
  • Protocol count — 24 (tether-pair, tether-rotate, challenge, respond, verify, federate, attest, revoke variants)
  • Anchor operatorsKO42 · ZEQ-TETHER-003 · CS87
  • Verification — bit-exact Ed25519 challenge-response with phase_at_sign inside window

What it solves

The central idea: an identity is not a password and not a single keypair. It is a superposition over sibling devices B_sib = ∑_k e^(i·φ_k) |sibling_k⟩, each of which holds a share of the identity and is phase-locked to the HulyaPulse. That buys three things classical identity can't:

  • Recovery without a vault — losing one sibling never destroys the identity; the remaining siblings re-tether at the next Zeqond boundary.
  • Time-bounded challenges — every challenge is issued at a Zeqond with a phase window; responses outside the window are rejected regardless of cryptographic validity.
  • Verifiable multi-device quorum — a high-risk action can require k-of-n siblings to co-sign, and the quorum is witnessable by any verifier via the tether root.

The theme's protocols cover pairing new siblings, rotating the tether, running challenge-response, doing federated sign-on, attesting hardware siblings, and revoking compromised ones.

Operator map

OperatorFormulaRole
KO42.1ds² = g_μν dx^μ dx^ν + α sin(2π · 1.287 t) dt²Mandatory — phase window enforcement
ZEQ-TETHER-003`B_sib = ∑_k e^(i·φ_k)sibling_k⟩`
CS87`Ω(x) = min{p

Runnable worked example — pair a new sibling

curl -s -X POST https://api.zeq.dev/api/playground/compute \
  -H "Authorization: Bearer $ZEQ_DEMO_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "operators": ["KO42", "ZEQ-TETHER-003", "CS87"],
    "inputs": {
      "protocol": "tether-pair",
      "new_sibling_pubkey_b64": "...",
      "device_type": "laptop"
    }
  }'

Expected:

{
  "sibling_id": "laptop-02",
  "tether_root_after": "sha256:...",
  "phase_at_pair": 0.2041,
  "zeqond": 1745124800.221
}

The Zeq Auth app wires this into a browser-friendly flow with a QR-code scan.

Extend it

  • Hardware sibling — register a Zeq Pulse device; every challenge-response is signed by the on-chip secure element.
  • Federated OIDC / SAML — export the tether root as an OIDC-compatible ID token so third-party SaaS can consume it.
  • Step-up auth policy — require k-of-n siblings to co-sign for high-risk operations (bank transfer, production deploy, medical prescription).

Seeds

  • Biometric-as-sibling — register a biometric enclave (Face ID, Touch ID) as a sibling; its signatures are bound to a Zeqond.
  • Social recovery — N trusted contacts each hold a threshold share; any k can recover the tether without trusting a custodian.
  • Post-quantum tether — swap Ed25519 for Falcon; tether superposition is unchanged.

Papers

Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.