Encryption

ChaCha20-Poly1305 with a clock attached. Every ciphertext knows when it was produced, and some know when they may be opened.

Theme — encryption
Protocol count — 31 (aead-seal, aead-open, hite-lock, hite-unlock, tesc-frame, aead-rekey, double-ratchet, pq-kem variants)
Anchor operators — KO42 · CS87 · TM1
Verification — bit-exact against RFC 8439 (ChaCha20-Poly1305), RFC 8439 AEAD vectors, and HITE target-Zeqond recovery

What it solves

Encryption in Zeq is never just "keep these bits private". Every envelope commits to the Zeqond at which it was produced; some envelopes commit to the Zeqond at which they may be opened.

AEAD envelopes are standard ChaCha20-Poly1305 with phase_at_seal and zeqond committed in the additional-data field. Replayed envelopes fail verification past their phase window.
HITE time-locks use TM1 = −t + current_utp × period to derive a key that literally does not exist until a future Zeqond; published witness shares unlock it at the target tick.
TESC frames are a streaming container where each frame is an AEAD unit bound to its own Zeqond, letting a recipient replay / audit / seek at frame boundaries.
Double-ratchet frames (used in Zeq Message) compose forward secrecy with Zeqond-bound send phases so ordering + reordering are witnessable.

Operator map

Operator	Formula	Role
KO42.1	`ds² = g_μν dx^μ dx^ν + α sin(2π · 1.287 t) dt²`	Mandatory — phase in AEAD additional data
CS87	`Ω(x) = min{	p
TM1	`TM1 = −t + current_utp × period`	HITE time-lock derivation

Runnable worked example — seal, lock, then stream

# 1. Standard AEAD seal
curl -s -X POST https://api.zeq.dev/api/playground/compute \
  -H "Authorization: Bearer $ZEQ_DEMO_KEY" \
  -H "Content-Type: application/json" \
  -d '{"operators":["KO42","CS87"],"inputs":{"protocol":"aead-seal","plaintext":"hello","to":"bob@zeq.dev"}}'

# 2. Time-locked HITE envelope
curl -s -X POST https://api.zeq.dev/api/playground/compute \
  -H "Authorization: Bearer $ZEQ_DEMO_KEY" \
  -H "Content-Type: application/json" \
  -d '{"operators":["KO42","TM1","CS87"],"inputs":{"protocol":"hite-lock","plaintext":"hello","unlock_zeqond":1745300000}}'

Expected (HITE):

{
  "hite_ciphertext_b64": "...",
  "unlock_zeqond": 1745300000.000,
  "witnesses": 9
}

Any attempted unlock before unlock_zeqond returns {"error":"premature_unlock"}. See HITE Encryption for the Build-chapter worked example.

Extend it

Post-quantum envelopes — swap ChaCha20 for a PQ KEM + AEAD combo; Zeqond binding is orthogonal.
Chain HITE + AEAD — the inner layer is classical AEAD, the outer layer is time-locked; perfect for escrow / dead-man deliveries.
Mesh-routed TESC — stream TESC frames across the Zeq mesh; each peer already knows how to verify per-frame Zeqonds.

Seeds

Homomorphic envelopes — partial computation on sealed envelopes without opening them.
Quantum key wrap — use the Quantum Circuits app to generate per-Zeqond entropy for the KEM.
Forensic-grade seal — a Zeqond-bound envelope is already a forensic primitive; extend with notary signatures for court-admissible disclosure.

Papers

Zeq framework paper — DOI 10.5281/zenodo.15825138
Zeq paper — DOI 10.5281/zenodo.18158152

Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.

What it solves​

Operator map​

Runnable worked example — seal, lock, then stream​

Extend it​

Seeds​

Papers​