ZeqCert — Mathematical Certificate
HITE encryption, TESC channels, ZeqProof, firewall primitives.
- Protocol ID —
zeq-cert - Category — Security
- Endpoint —
POST /api/security/cert/issue - Auth — api-key
- Rate limit — 10/min
- Version —
1.0 - Precision — ≤0.1% (KO42-enforced)
What it does
Mathematical certificate authority. Certificates derived from operator coupling strength — not PKI trees. A cert is a ZeqProof chain binding identity to a set of verified computations.
Signature
Request
POST /api/security/cert/issue
| Param | Type | Required | Default | Description |
|---|---|---|---|---|
subject | string | ✓ | — | ZID or entity identifier. |
scope | array | ✓ | — | Array of protocol IDs this cert authorizes. |
ttlHours | number | 168 | Certificate validity in hours (1–720). Default: 168 (7 days). |
Response
{ certificate, subject, scope, issuedAt, expiresAt, zeqProofChain, fingerprint }
Runnable example
curl -sS -X POST \
-H "Authorization: Bearer $ZEQ_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"subject": "<value>",
"scope": [],
"ttlHours": 168
}' \
"https://api.zeq.dev/api/security/cert/issue"
Integrate
- E2E channel — pair with HITE/TESC for encryption that locks to the HulyaPulse.
- Integrity stamp — hash-bind every message to its Zeqond for replay-resistant audit.
- Key rotation — tie rotation windows to pulse multiples for deterministic policy.
Seeds
- Near — wrap
/api/security/cert/issuein a language SDK so builders can call it in three lines. - Medium — publish a reference integration demonstrating ZeqCert — Mathematical Certificate alongside a real workload, with pulse-aligned metrics.
- Far — propose ZeqCert — Mathematical Certificate as an open reference standard so other runtimes can implement it verbatim against the Zeq paper.
Papers
- Zeq paper — https://doi.org/10.5281/zenodo.18158152
- Framework paper — https://doi.org/10.5281/zenodo.15825138
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.