HITE — HulyaPulse-Integrated Thermodynamic Encryption
HITE is the Zeq OS file encryption system. It combines AES-256-GCM authenticated encryption with HulyaPulse phase-synchronized entropy and Landauer's principle thermodynamic security analysis. Every encrypted .zeq file includes a Landauer Certificate proving brute-force decryption is physically impossible.
Architecture
| Component | Implementation | Purpose |
|---|---|---|
| Cipher | AES-256-GCM | Authenticated encryption with 128-bit tags |
| Key Derivation | PBKDF2-SHA256 | 100,000 iterations from passphrase + salt |
| Entropy | KO42 phase-mixed | Multiple entropy sources mixed with HulyaPulse phase |
| Memory | HRO00 MemoryGuard | Multi-pass secure zeroization of sensitive data |
| Proof | Landauer Certificate | Thermodynamic impossibility proof per file |
Active Operators
| Operator | Role |
|---|---|
| KO42 | Temporal synchronization and phase entropy |
| LZ1 | Landauer bound calculation |
| XI1 | Shannon entropy measurement |
| CS87 | Kolmogorov complexity verification |
| HRO00 | Secure memory zeroization |
How Encryption Works
HITE follows a 7-step encryption pipeline:
- Entropy Collection — Multiple entropy sources (user interaction, system randomness, temporal state) are mixed using the KO42 phase to produce a high-quality entropy pool.
- Salt Derivation — A unique salt is derived by combining system randomness with the entropy pool and current temporal state.
- Key Derivation — PBKDF2-SHA256 derives a 256-bit encryption key from the passphrase and salt.
- AES-256-GCM Encryption — Standard authenticated encryption produces ciphertext with integrity verification.
- Metadata Assembly — Temporal state, Landauer certificate, and operator metadata are embedded.
- .zeq File Assembly — All components are packed into the proprietary
.zeqcontainer format. - Memory Zeroization — HRO00 MemoryGuard securely destroys all sensitive data from memory.
.zeq File Format
The .zeq format is a binary container that packages encrypted data with temporal metadata and Landauer certificates. The format supports backward compatibility across multiple versions.
Landauer's Principle
HITE leverages Landauer's principle to provide thermodynamic security guarantees beyond computational hardness.
The Physics
The minimum energy required to erase one bit of information at temperature T:
E_min = k_B * T * ln(2)
Where:
k_B = 1.380649 x 10^-23 J/K (Boltzmann constant)
T = 300 K (room temperature)
ln(2) = 0.6931471805599453
E_min = 2.865 x 10^-21 joules per bit
Applied to 256-bit AES Key
To brute-force a 256-bit key, an attacker must try every possible key. The minimum energy required:
E_attack = 2^256 * E_min = 3.347 x 10^56 joules
For comparison:
- Sun's total lifetime energy output: ~1.2 x 10^44 joules
- Suns required: ~2.79 x 10^12 (trillions of sun-lifetimes)
- This exceeds the total energy output of the observable universe
Verdict: Thermodynamically impossible.
Every .zeq file includes a Landauer Certificate with these exact numbers.
API Gateway Integration
HITE encryption is available as middleware on the API Gateway (port 4000). When ZEQ_HITE_SECRET is set, clients can negotiate encrypted HTTP channels.
Handshake
# 1. Generate a client nonce (32 bytes = 64 hex chars)
CLIENT_NONCE=$(openssl rand -hex 32)
# 2. Initiate handshake
curl -X POST http://localhost:4000/api/hite/handshake \
-H 'Content-Type: application/json' \
-d "{\"clientNonce\": \"$CLIENT_NONCE\"}"
# Returns: { sessionId, serverNonce, phase, zeqond, landauer }
After handshake, both sides derive a shared session key using PBKDF2. Subsequent requests use the application/x-zeq-hite content type with the session ID header. Sessions expire after 1 hour. Standard JSON requests continue to work without HITE headers — zero breaking changes.
Configuration
# .env — leave empty to disable HITE (graceful degradation)
ZEQ_HITE_SECRET=your-hite-secret-here
Service-to-Service Transport
For inter-service communication, framework/lib/hite-transport.js provides an encrypted fetch wrapper with automatic key rotation.
Landauer Certificate Headers
Every API response from the Gateway, Sync Engine, 7-Step Wizard, and Zeqond Daemon includes Landauer thermodynamic proof headers:
X-Zeq-Landauer-Energy: 3.324e+56
X-Zeq-Landauer-Suns-Required: 2.770e+12
X-Zeq-Landauer-Bits: 256
X-Zeq-HulyaPulse-Phase: 0.452100000
X-Zeq-Zeqond: 2277530448
Verify with:
curl -I http://localhost:4000/health | grep X-Zeq
Standalone Application
HITE is a standalone web application for encrypting and decrypting files directly in the browser. The application:
- Uses the Web Crypto API for all cryptographic operations
- Requires no installation — works in any modern browser
- Produces
.zeqfiles compatible with all HITE implementations
See the HITE app for the live encryption tool.