01
Character-Flicker Hashing
SHA-256 / FIPS 180-4 · 256 BITS
▢ STAYS LOCAL · NOT TRANSMITTED
NAME
—
DOB
—
ADDRESS
—
MRN
—
CONDITION
—
→ ENTERS PROTOCOL · HASHED CLIENT-SIDE
PHONE
—
EMAIL
—
↓ These two fields are the ONLY data that enter the THIIC protocol
Waiting for hash...
02
HMAC Integrity Check
HMAC-SHA256 / RFC 2104
IDLE · 32 BYTES READY
03
AES-256-GCM Encryption
NIST SP 800-38D · 256-BIT KEY
● SENDER · SUMMIT
PHONE
—
EMAIL
—
MTLS 1.3
——
idle
● RECIPIENT · VANTAGE HEALTH
PHONE HASH
—
EMAIL HASH
—
NO NAMES · NO PII ON RECIPIENT
AES-256-GCM parameters: 96-bit nonce (IV) · 128-bit auth tag · 256-bit key
Key not yet generated
Key not yet generated
04
Ed25519 Identity Token Signing
RFC 8032 · 32-BYTE KEYSStep 1 — Key Pair
Public Key (JWK · x)
Not yet generated
Private Key
●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●
Step 2 — Message (SHA-256 from Moment 01)
Generate hash in Moment 01 first...
Step 3 — Signature (64 bytes / 128 hex chars)
⚿
▣
✓
Awaiting signing...
THIIC uses EdDSA for identity token signing.
32-byte keys, deterministic signatures, ~10× faster than RSA-2048.
Private key stays in browser memory only — never exported.
05
Zero-Knowledge ProofEXPERIMENTAL
ZK Circuit / SimplifiedCommitment
0x————————————
Witness
HIDDEN STATE
●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●
●●●●●●●●●●●●
Proof
π = { a, b, c }
Proves membership in the audience without revealing the underlying data. Commitment binds to the patient hash; witness remains hidden; verifier checks proof only.
AUDIT LOG
● TAILING| TS | ACTION | DATA HASH | IP | RESULT |
|---|