Personal autonomous Root of Trust β deterministic identity and cryptographic document chain based on RFC 8785 (Canonical JSON), Ed25519, BIP-39, logical time, and fork detection.
- Project Overview
- Key Features
- Project Status
- Quick Start
- Installation
- Documentation
- Usage Examples
- Security
- Testing
- Contributing
- License
- Support
nzcore is a cryptographic library for creating a personal autonomous Root of Trust. It provides deterministic identity and maintains an immutable chain of signed documents without relying on external services or system time.
- Deterministic Identity: Your identity is derived solely from a BIP-39 mnemonic phrase
- Cryptographic Document Chain: Each document is signed and linked to the previous one via hash
- Logical Time: Monotonic counter instead of system time for security decisions
- Fork Detection: Automatic detection of chain divergences
BIP-39 Mnemonic β Seed β Master Key β Identity
β
Document Chain (Ed25519)
β
RFC 8785 Canonical JSON
β
Logical Time (monotonic)
| Feature | Description |
|---|---|
| π Deterministic Identity | Identity derived solely from 24-word BIP-39 mnemonic phrase |
| π Canonical JSON (RFC 8785) | Deterministic serialization for reproducible signatures |
| β° Logical Time | Monotonic counter without system clock dependencies |
| π Fork Detection | Automatic detection of chain divergences |
| π‘οΈ Secure Memory | Zeroization of sensitive data after use |
| π Multi-layer Trust | Structural β Cryptographic β Policy validation |
| π Cross-platform | Works in Node.js and browsers |
| π¦ Minimal Dependencies | Only audited cryptographic libraries |
| Parameter | Value |
|---|---|
| Version | 1.0.0 |
| Status | β Production Ready |
| Minimum Node.js | 18.0.0+ |
| TypeScript Types | β Included |
| License | MIT / Apache-2.0 (dual) |
npm install nzcoreimport { generateIdentity, NewZoneCore } from 'nzcore';
// Generate new identity (24-word BIP-39 mnemonic)
const { mnemonic, core } = await generateIdentity();
console.log('Mnemonic:', mnemonic); // β οΈ Store securely!
console.log('Public Key:', core.getPublicKeyHex());
console.log('Chain ID:', core.getChainId());const doc = await core.createDocument('profile', {
name: 'Alice Johnson',
email: 'alice@example.com'
});
console.log('Document ID:', doc.id);
console.log('Signature:', doc.signature);const result = await core.verifyDocument(doc);
console.log('Valid:', result.final); // true if valid// Export chain state
const state = core.exportState();
// Create new instance and import
const newCore = await NewZoneCore.create(mnemonic);
newCore.importState(state);const forks = core.detectFork();
if (forks.length > 0) {
console.log('β οΈ Fork detected:', forks);
// Core does NOT resolve forks automatically
}// Securely zeroize private key
core.destroy();npm install nzcoregit clone https://github.com/NewZoneProject/nzcore.git
cd nzcore
npm install
npm run build| Component | Requirement |
|---|---|
| Node.js | 18.0.0 or higher |
| npm | 7.0.0 or higher |
| Operating System | Linux, macOS, Windows |
| Memory | Minimum 256 MB RAM |
Complete documentation is organized into the following sections:
| Document | Description |
|---|---|
| ARCHITECTURE.md | System architecture, component and data flow diagrams |
| API.md | Complete API reference with examples |
| DEPLOYMENT.md | Deployment and integration guide |
| SECURITY.md | Security model and best practices |
| CONTRIBUTING.md | Contributor guidelines |
The specs/ folder contains detailed specifications:
TRUST_MODEL.mdβ Trust model (three validation layers)CRYPTO_SPEC.mdβ Cryptographic stack (nzcore-crypto-01)IDENTITY_MODEL.mdβ Identity modelDOCUMENT_SYSTEM.mdβ Document systemTIME_MODEL.mdβ Logical time modelFORK_MODEL.mdβ Fork detection modelTHREAT_MODEL.mdβ Threat model
npm run example:basicSource: examples/basic-usage.ts
npm run example:advancedSource: examples/advanced-usage.ts
// Create chain of personal data
const profile = await core.createDocument('profile', {
name: 'Alice',
publicKey: '...'
});
const settings = await core.createDocument('settings', {
theme: 'dark',
language: 'en'
});
const activity = await core.createDocument('activity', {
action: 'login',
timestamp: Date.now()
});// Immutable event log
const auditLog = await core.createDocument('audit', {
event: 'data_access',
userId: '123',
resource: '/api/data'
});// Verify document through three trust layers
const result = await core.verifyDocument(document);
console.log('Structural validity:', result.structural_valid);
console.log('Cryptographic validity:', result.cryptographic_valid);
console.log('Policy validity:', result.policy_valid);
console.log('Final result:', result.final);| Component | Implementation |
|---|---|
| Digital Signatures | Ed25519 (@noble/ed25519) |
| Hashing | BLAKE2b-256 (@noble/hashes) |
| KDF | scrypt (N=32768, r=8, p=1) |
| Key Derivation | HKDF-SHA256 |
| Mnemonic | BIP-39 (@scure/bip39) |
| Canonicalization | RFC 8785 Canonical JSON |
- Deterministic Identity: Identity is a function of mnemonic only
- No External Dependencies: No system time dependencies for security decisions
- Secure Memory: All sensitive data is zeroized before garbage collection
- Constant-Time Operations: Comparison operations run in constant time
- Manual Fork Resolution: Core detects but never resolves forks automatically
// β
GOOD: Store mnemonic in secure storage
const { mnemonic } = await generateIdentity();
await secureStorage.save('mnemonic', mnemonic);
// β
GOOD: Destroy instance after use
core.destroy();
// β BAD: Store mnemonic in code or environment variables
const MNEMONIC = process.env.MNEMONIC; // Never do this!npm test# Integration tests
node --test dist/test/integration.test.js
# Debug tests
node --test dist/test/debug.test.js
# Mnemonic tests
node --test dist/test/mnemonic-debug.test.js| Test Type | Description |
|---|---|
| Unit Tests | Testing individual components |
| Integration Tests | Testing complete workflows |
| Security Tests | Verifying security properties |
npx c8 npm testWe welcome contributions! Please see CONTRIBUTING.md.
# Clone repository
git clone https://github.com/NewZoneProject/nzcore.git
cd nzcore
# Install dependencies
npm install
# Build project
npm run build
# Run tests
npm test
# Run linter
npm run lint- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Write tests for new features
- Ensure all tests pass
- Update documentation
- Submit Pull Request
Dual-licensed (your choice):
- MIT License β see
LICENSE-MITfile - Apache License 2.0 β see
LICENSE-APACHEfile
This library uses the following open-source projects:
- @noble/ed25519 β Ed25519 implementation
- @noble/hashes β Cryptographic hash functions
- @scure/bip39 β BIP-39 implementation
- canonicalize β JSON canonicalization (RFC 8785)
| Channel | Link |
|---|---|
| GitHub Issues | Report an issue |
| npm | Package on npm |
| Repository | GitHub |
For reporting security vulnerabilities, please contact project maintainers privately. Do not disclose vulnerabilities publicly before they are resolved.
| Term | Definition |
|---|---|
| Root of Trust | Source of truth for verification |
| Mnemonic | 24-word phrase for identity recovery (BIP-39) |
| Chain ID | Unique identifier for document chain |
| Logical Time | Monotonic counter for document ordering |
| Fork | Situation where two documents reference the same parent hash |
| Canonical JSON | Deterministic JSON serialization (RFC 8785) |
Last updated: February 20, 2026