Identity & Access
Passwords are bits in a database. Zeq identity is a superposition over sibling devices, phase-locked to the 1.287 Hz heartbeat.
- Theme — identity-access
- Protocol count — 24 (tether-pair, tether-rotate, challenge, respond, verify, federate, attest, revoke variants)
- Anchor operators —
KO42 · ZEQ-TETHER-003 · CS87 - Verification — bit-exact Ed25519 challenge-response with
phase_at_signinside window
What it solves
The central idea: an identity is not a password and not a single keypair. It is a superposition over sibling devices B_sib = ∑_k e^(i·φ_k) |sibling_k⟩, each of which holds a share of the identity and is phase-locked to the HulyaPulse. That buys three things classical identity can't:
- Recovery without a vault — losing one sibling never destroys the identity; the remaining siblings re-tether at the next Zeqond boundary.
- Time-bounded challenges — every challenge is issued at a Zeqond with a phase window; responses outside the window are rejected regardless of cryptographic validity.
- Verifiable multi-device quorum — a high-risk action can require
k-of-nsiblings to co-sign, and the quorum is witnessable by any verifier via the tether root.
The theme's protocols cover pairing new siblings, rotating the tether, running challenge-response, doing federated sign-on, attesting hardware siblings, and revoking compromised ones.
Operator map
| Operator | Formula | Role |
|---|---|---|
| KO42.1 | ds² = g_μν dx^μ dx^ν + α sin(2π · 1.287 t) dt² | Mandatory — phase window enforcement |
| ZEQ-TETHER-003 | `B_sib = ∑_k e^(i·φ_k) | sibling_k⟩` |
| CS87 | `Ω(x) = min{ | p |
Runnable worked example — pair a new sibling
curl -s -X POST https://api.zeq.dev/api/playground/compute \
-H "Authorization: Bearer $ZEQ_DEMO_KEY" \
-H "Content-Type: application/json" \
-d '{
"operators": ["KO42", "ZEQ-TETHER-003", "CS87"],
"inputs": {
"protocol": "tether-pair",
"new_sibling_pubkey_b64": "...",
"device_type": "laptop"
}
}'
Expected:
{
"sibling_id": "laptop-02",
"tether_root_after": "sha256:...",
"phase_at_pair": 0.2041,
"zeqond": 1745124800.221
}
The Zeq Auth app wires this into a browser-friendly flow with a QR-code scan.
Extend it
- Hardware sibling — register a Zeq Pulse device; every challenge-response is signed by the on-chip secure element.
- Federated OIDC / SAML — export the tether root as an OIDC-compatible ID token so third-party SaaS can consume it.
- Step-up auth policy — require
k-of-nsiblings to co-sign for high-risk operations (bank transfer, production deploy, medical prescription).
Seeds
- Biometric-as-sibling — register a biometric enclave (Face ID, Touch ID) as a sibling; its signatures are bound to a Zeqond.
- Social recovery — N trusted contacts each hold a threshold share; any k can recover the tether without trusting a custodian.
- Post-quantum tether — swap Ed25519 for Falcon; tether superposition is unchanged.
Papers
- Zeq framework paper — DOI 10.5281/zenodo.15825138
- Zeq paper — DOI 10.5281/zenodo.18158152
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.