ZeqKeyEx — Temporal Key Exchange
HITE encryption, TESC channels, ZeqProof, firewall primitives.
- Protocol ID —
zeq-keyex - Category — Security
- Endpoint —
POST /api/security/keyex/init - Auth — api-key
- Rate limit — 20/min
- Version —
1.0 - Precision — ≤0.1% (KO42-enforced)
What it does
Diffie-Hellman key exchange over the Zeqond grid. Both parties derive a shared secret synchronized to the same HulyaPulse phase — temporal key agreement.
Signature
Request
POST /api/security/keyex/init
| Param | Type | Required | Default | Description |
|---|---|---|---|---|
publicKey | string | ✓ | — | Initiator's public key (hex). |
targetZid | string | — | Target ZID for directed exchange. |
Response
{ sessionId, publicKey, zeqond, phase, expiresAt, protocol }
Runnable example
curl -sS -X POST \
-H "Authorization: Bearer $ZEQ_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"publicKey": "<value>",
"targetZid": "<value>"
}' \
"https://api.zeq.dev/api/security/keyex/init"
Integrate
- E2E channel — pair with HITE/TESC for encryption that locks to the HulyaPulse.
- Integrity stamp — hash-bind every message to its Zeqond for replay-resistant audit.
- Key rotation — tie rotation windows to pulse multiples for deterministic policy.
Seeds
- Near — wrap
/api/security/keyex/initin a language SDK so builders can call it in three lines. - Medium — publish a reference integration demonstrating ZeqKeyEx — Temporal Key Exchange alongside a real workload, with pulse-aligned metrics.
- Far — propose ZeqKeyEx — Temporal Key Exchange as an open reference standard so other runtimes can implement it verbatim against the Zeq paper.
Papers
- Zeq paper — https://doi.org/10.5281/zenodo.18158152
- Framework paper — https://doi.org/10.5281/zenodo.15825138
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.