ZeqAuth — Zero-Knowledge Identity
ZeqAuth is Zeq's authentication system built on zero-knowledge principles. The server stores only three things per user: a ZID (Zeq Identity), a password hash, and a salt. No equations, no personal data, no session replay.
How It Works
When you register, ZeqAuth generates a unique ZID (e.g. zid_abc123...). Your password is hashed client-side before transmission — the server never sees the plaintext password. The resulting hash + salt pair is stored, and the ZID becomes your identity across all Zeq services.
What the Server Stores
| Field | Stored? | Purpose |
|---|---|---|
| ZID | Yes | Unique identifier |
| Password hash | Yes | Authentication |
| Salt | Yes | Hash uniqueness |
| Yes (hashed) | Account recovery only | |
| Equations | No | Never stored |
| PII | No | Never stored |
| Session history | No | Never stored |
Authentication Flow
- Register:
POST /api/auth/registerwith email + password → returns ZID - Login:
POST /api/auth/loginwith email + password → returns session cookie - Session key:
POST /api/auth/session-key→ returns API session key for browser apps - Verify:
POST /api/auth/verifywith session cookie → confirms authenticated ZID
Browser Integration
For browser apps, include COMPONENTS.js which handles auto-authentication:
<script src="/COMPONENTS.js?v=1.287.6"></script>This auto-provisions a session key on login and injects it into all API calls.
Security
All ZeqAuth operations are wrapped in a ZSP envelope. The triple-kernel encryption (K_spectral × K_temporal × K_chaos) protects authentication tokens in transit.
Free Tier
Registration is free. Every ZID receives 10 computations/day and 10 AI chat messages/day. Register at zeq.dev/auth.
Related
Auth API Reference · ZSP · ZID · Account API