Zeq Auth
Passwords are bits stored in databases. Zeq Auth is a phase in the heartbeat. No database to breach.
- Live app →
/apps/zeq-auth/ - Source →
apps/zeq-auth/index.html+apps/zeq-auth/tether.js(≈ 630 lines) - Operators →
KO42 · ZEQ-TETHER-003 · CS87 - Error budget → 0.000% (bit-exact challenge-response)
What it solves
Passwords leak, TOTP seeds live forever, WebAuthn requires a platform authenticator. Zeq Auth is a simpler primitive: a challenge-response where the challenge is a Zeqond and the response is a signature over it using a private key held in a sibling-tethered device.
The identity itself is ZEQ-TETHER-003 — a superposition over sibling devices:
B_sib = ∑_k e^(i·φ_k) |sibling_k⟩
Each sibling (phone, laptop, hardware key) holds a share of the identity. The tether is phase-locked to the HulyaPulse, so if any sibling is compromised, the others can re-tether and excise it at the next Zeqond boundary.
The challenge-response itself is bit-exact (Ed25519 over the Zeqond); the 0.000% error refers to the Hamming distance against the reference. What KO42 buys is: each response commits to phase_at_sign, so the server can reject replays precisely.
The math — 7-step Wizard applied
| Step | Decision |
|---|---|
| 1. Prime | KO42 mandatory |
| 2. Limit | ZEQ-TETHER-003 (multi-device identity) + CS87 (Kolmogorov floor on key) + KO42 = 3 |
| 3. Scale | Bit-exact; challenge 32 B, response 64 B |
| 4. Precision | Hamming = 0 |
| 5. Compile | Master Equation with tether |
| 6. Execute | Functional Equation |
| 7. Verify | Server checks Ed25519 + phase_at_sign inside the Zeqond window |
Verbatim formulas:
- KO42.1 —
ds² = g_μν dx^μ dx^ν + α sin(2π · 1.287 t) dt² - ZEQ-TETHER-003 —
B_sib = ∑_k e^(i·φ_k) |sibling_k⟩ - CS87 —
Ω(x) = min{|p| : U(p) = x}
Runnable worked example — challenge + respond
# 1. Server issues challenge
curl -s -X POST https://api.zeq.dev/api/playground/compute \
-H "Authorization: Bearer $ZEQ_DEMO_KEY" \
-H "Content-Type: application/json" \
-d '{"operators":["KO42","ZEQ-TETHER-003"],"inputs":{"op":"challenge","user":"zeq@zeq.dev"}}'
Expected:
{
"challenge_b64": "...",
"issued_at_zeqond": 1745123510.000,
"expires_at_zeqond": 1745123520.000,
"phase_window": [0.000, 0.128]
}
# 2. Client signs
curl -s -X POST https://api.zeq.dev/api/playground/compute \
-H "Authorization: Bearer $ZEQ_DEMO_KEY" \
-H "Content-Type: application/json" \
-d '{"operators":["KO42","CS87"],"inputs":{"op":"respond","challenge_b64":"..."}}'
Expected:
{
"response_b64": "...",
"phase_at_sign": 0.0624,
"sibling_id": "laptop-01",
"error_pct": 0.000
}
Verify by POSTing {"op":"verify", ...} — server returns {"verified":true} iff the signature is valid and phase_at_sign ∈ phase_window.
Extend it
- Hardware sibling: register a Zeq Pulse device as a tether sibling; it signs using its on-board secure element.
- Step-up auth: require multiple siblings to co-sign a high-risk action. ZEQ-TETHER-003's superposition makes this a one-line policy.
- Federated sign-on: export the tether public key as an OIDC ID token claim.
Seeds
- Consciousness-field identity — ZEQ-POCKET-001 coupling makes the sibling tether itself a field object, not just a set of keys.
- Quantum sibling — swap Ed25519 for Falcon; phase-binding is unchanged.
- Mesh recovery — lose all siblings at once, recover via the
zeqMeshpeer recovery protocol.
Papers
- Zeq framework paper — DOI 10.5281/zenodo.15825138
- Zeq paper — DOI 10.5281/zenodo.18158152
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.