Sign-in tiers, .ZEQ recovery & ZeqPM

Identity on a ZeqVM node is still an equation — the server only ever stores one irreversible HMAC hash, and the cleartext never leaves your device. ZeqAuth v4 adds three ways to hold that identity and a real password manager on top of it. There is no new server auth surface: every tier resolves to the same register-v3 / login-v3 the equation flow already uses.

The three methods appear as one chooser — Simple · Expert · .ZEQ file — on both /auth/ and the homepage spin-up wizard (step 3). Only one is shown at a time; your last choice is remembered.

Expert — the equation

The original flow. Four+ words → the 7-step wizard mints a unique equation bound to the current Zeqond. You save the equation; you sign in with your Zeq ID + equation. This is the sovereign path — the equation is your key, copyable into any password manager or downloadable as a .ZEQ file.

Simple — email + four words (the credential is derived, never random)

The Simple tier trades the ZID for an email you'll remember, and turns four pre-filled words into the credential for you. It is deliberately not a random password generator — the words seed it and the Zeqond is the timer, exactly like the Vault's Generate-Site-Password flow:

// client-side; the same recipe as vault.js handleGenpwDerive
const TAU = 0.777000777;                 // 1 Zeqond = 777,000,777 ns
const zeqonds = (Date.now() / 1000) / TAU;
const seed = phrase + ":" + zeqonds.toFixed(6) + ":" + Date.now() + ":" + Math.random();
const password = await ZeqEqPassword.derive(seed, email, length, 1);
//   → an equation-style password that starts "Zeq", of the chosen length
//     (24 / 32 / 48 / 64 / 96 / 128 — the "how secure" option)

The four words are pre-filled from a chip pool (tap shuffle or type your own) so the user can just hit Generate — frictionless by design. They are used once and never needed again; the saved credential is the short Zeq… password.

Email is a deterministic salt, never stored or sent:

salt          = SHA-256("HULYAS.HITE.simple-salt.v1|" + normalizedEmail)
equation_hash = HMAC-SHA256(key = "HULYAS.HITE.f=1.287Hz.tau=0.777s" ‖ salt, msg = password)
zid           = "ZEQ07" + (firstBytes(SHA-256(equation_hash)) mod 1e9, padded 9)

The browser POSTs only { equation_hash, equation_salt, display_name, hash_version } to register-v3, and { zid, candidate_hash } to login-v3. The password, the email, and the words never cross the wire. You sign in next time with your email + that password.

.ZEQ file — the recovery / portability path

A .ZEQ is a PIN-encrypted recovery file (HITE / AES-256-GCM). It packs the credential inside the ciphertext, so it is self-contained and works on any Zeq domain:

{ "kind": "zeq-cred", "v": 1, "equation": "<password-or-equation>", "salt": "<salt>" }

Encrypted with HiteCrypto.encrypt(payload, pin). To sign in, the .ZEQ file method decrypts in your browser, recomputes hmacHite(equation, salt) → derives the ZID → login-v3 (or register-v3 if that identity isn't on this domain yet). The PIN never leaves the device; a wrong PIN fails the GCM auth tag.

You can download a .ZEQ:

at registration (Simple shows a Download .ZEQ action with the password),
from your Vault (/vault/ → Identity → Download a fresh .ZEQ; re-enter email + password, which is verified to derive your ZID before the file is produced — Simple/email accounts; equation accounts download from /auth/).

There is no password reset. Lose the credential and hold no .ZEQ, and the account is irrecoverable by design — the server cannot read your equation any more than an attacker can.

ZeqPM — the password manager

/apps/zeqpm/ is the standalone password manager (also in the App Store). It has two generators and a vault:

Generate password — an equation-style site password via ZeqEqPassword.derive (words seed it, Zeqond timer, length selector). Starts Zeq, uses only universally-accepted characters.
Login equation — the public 7-step wizard, bound to the Zeqond.
My vault — your saved passwords, encrypted locally.

The local encrypted vault

Entries (site, username, password, notes) are stored only in your browser (localStorage["zeqpm_vault_v1"]), AES-256-GCM encrypted via HITE under your Zeq password:

const blob = await HiteCrypto.encrypt(JSON.stringify(entries), zeqPassword, "ZeqPM Vault");
localStorage.setItem("zeqpm_vault_v1", base64(blob.blob));   // ciphertext only

Nothing is sent to a server; the stored blob is ciphertext (no plaintext labels or passwords). Unlock once per session with your Zeq password; Lock clears the in-memory key. Export / Import an encrypted .ZEQ backup to move the vault between devices (local-only means a cleared browser loses an un-exported vault — keep a backup).

Save-from-generate

After you generate a site password, Save to My vault stores it under the site label in one click if the vault is already unlocked this session; if it's locked, an inline your Zeq password field unlocks-and-saves in one step — no tab-hopping.

Honest boundaries

The Simple credential's entropy is the generated Zeq… password (24–128 chars), not the four words — the words plus the Zeqond and fresh randomness seed it, so two people with the same words get different passwords. Save the output, not the words.
Email-as-salt is deterministic (anyone who knows your email knows your salt). That is fine: salts are not secret, and the secret is the high-entropy password. Per-IP rate limiting protects login-v3.
The ZeqPM vault is single-device unless you export a .ZEQ backup.
No password reset, no recovery questions, no admin override — the .ZEQ file is the only backup, by design.

Expert — the equation​

Simple — email + four words (the credential is derived, never random)​

.ZEQ file — the recovery / portability path​

ZeqPM — the password manager​

The local encrypted vault​

Save-from-generate​

Honest boundaries​