Moment 1 — Character Flicker Hashing

0 / 512 chars
Waiting for input...

Moment 2 — Zero-Knowledge Proof

Moment 3 — HMAC Integrity Check

Ready to verify

Moment 4 — AES-256-GCM Encryption

Moment 5 — ED25519 Identity Token Signing

THIIC uses Ed25519 (EdDSA curve) as the signing algorithm for identity tokens. 32-byte keys, deterministic signatures, ~10× faster than RSA-2048 — the standard for modern cryptographic protocols.

Step 1 — Generate Ed25519 Key Pair
Public Key (JWK · x)
Not yet generated
Private Key
Hidden until generated ●●●●●●●●
Step 2 — Message (SHA-256 hash from Moment 1)
Generate hash in Moment 1 first...
Step 3 — Ed25519 Signature (64 bytes / 128 hex chars)
Awaiting signing...

Cryptographic Reference

// SHA-256 hashing via Web Crypto API
async function sha256(message) {
  const encoder = new TextEncoder();
  const data = encoder.encode(message);
  const hashBuffer = await crypto.subtle.digest(
    'SHA-256', data
  );
  const hashArray = new Uint8Array(hashBuffer);
  return Array.from(hashArray)
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}
// Usage: sha256(patientRecord).then(hex => ...)
// Simplified ZK proof (simulated browser-side)
// Real ZK would use Groth16/PLONK with WASM

async function generateProof(data, secret) {
  // Step 1: Compute commitment
  const comm = await sha256(data + secret);
  // Step 2: Generate witness
  const witness = await sha256(comm + data);
  // Step 3: Simulate proof generation (2-3s delay)
  await simulateProofCircuit(witness);
  return {
    proof: witness.slice(0, 64),
    commitment: comm,
    // ZK: data never leaves browser
  };
}
// Proof verifies data integrity without revealing content
// AES-256-GCM key exchange + encryption
async function encryptPayload(plaintext, sharedKey) {
  // Generate random 96-bit IV
  const iv = crypto.getRandomValues(new Uint8Array(12));
  // Import AES-256 key
  const aesKey = await crypto.subtle.importKey(
    'raw', sharedKey, { name: 'AES-GCM' },
    false, ['encrypt']
  );
  // Encrypt with AES-GCM (produces ciphertext + auth tag)
  const ciphertext = await crypto.subtle.encrypt(
    { name: 'AES-GCM', iv }, aesKey,
    new TextEncoder().encode(plaintext)
  );
  return { iv, ciphertext };
}
// Decryption: same IV + key → AES-GCM decrypt
// ED25519 signing via Web Crypto API (Chrome 100+, Firefox 105+, Safari 17+)
// Server-side: Node.js crypto.generateKeyPairSync('ed25519') + jwt.sign(..., { algorithm: 'EdDSA' })

async function generateEd25519KeyPair() {
  return crypto.subtle.generateKey(
    { name: 'Ed25519' }, true, ['sign', 'verify']
  );
}

async function signIdentityToken(privateKey, messageHex) {
  const data = new TextEncoder().encode(messageHex);
  const sig = await crypto.subtle.sign({ name: 'Ed25519' }, privateKey, data);
  return Array.from(new Uint8Array(sig))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

async function verifyIdentityToken(publicKey, messageHex, sigHex) {
  const data = new TextEncoder().encode(messageHex);
  const sig = new Uint8Array(
    sigHex.match(/.{2}/g).map(b => parseInt(b, 16))
  );
  return crypto.subtle.verify({ name: 'Ed25519' }, publicKey, sig, data);
}

// Node.js server side (JWT): 
// const { privateKey, publicKey } = crypto.generateKeyPairSync('ed25519', {
//   privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
//   publicKeyEncoding:  { type: 'spki',  format: 'pem' },
// });
// jwt.sign(payload, privateKey, { algorithm: 'EdDSA' });
// jwt.verify(token, publicKey, { algorithms: ['EdDSA'] });

Audit Log

Timestamp Action Data Hash IP Address Result
Awaiting actions — hash data, generate proof, or transfer to populate log.