Protocol · v1.0

How It Works

Eight-step protocol breakdown. Cryptographic primitives. Bilateral exchange flow. Key rotation and hash-chain audit.

● Encrypted ● Bilateral ● FIPS 140-2

Flow · 8 Steps

The bilateral protocol

◆ Sender · ● Recipient · ○ Bilateral

Normalize Identifiers

Raw identifiers are normalized — phone numbers to E.164 format, emails to lowercase and trimmed. Both parties produce identical hashes from identical underlying identifiers.

■ E.164 · RFC 3966

SHA-256 Hash

Each normalized identifier is hashed with SHA-256 client-side. Output is the only data that will be exchanged — never the raw identifier. One-way function; cannot be reversed.

■ FIPS 180-4 · RFC 6234

HKDF Key Derivation

A derived key is computed using HKDF-SHA256 over the Sender's master, the Recipient's public commitment, and a per-segment salt. Unique to this exchange. Neither party derives alone.

■ HKDF-SHA256 · RFC 5869

AES-256-GCM Wrap

Each SHA-256 hash is encrypted with AES-256-GCM using the derived key + unique nonce + segment metadata as AAD. Output is a wrapped token with no recoverable identifier information.

■ AES-256-GCM · FIPS 197 · NIST SP 800-38D

Ed25519 Sign

The Sender signs the bundle metadata with Ed25519. The signature proves origin and integrity. 64-byte deterministic signature. 10× faster than RSA-2048.

■ Ed25519 · RFC 8032

mTLS 1.3 Transmit

Signed, wrapped bundle is transmitted over mutual TLS 1.3. Both parties authenticate. No plaintext passes between environments at any point in the protocol.

■ mTLS 1.3 · RFC 8446

Verify Signature

Recipient verifies Ed25519 signature against the Sender's registered public key. Bundle integrity confirmed. Any tampering is detectable — failed verification terminates the exchange.

■ Ed25519 Verify · RFC 8032

AES-256-GCM Unwrap

Recipient locally derives the session key using their own master material and the Sender's public commitment + segment salt. Wrapped tokens unwrapped bilaterally. Hashes matched against partner cohort.

■ HKDF · AES-256-GCM · RFC 5869

▶ Bundle intercepted in transit. Attacker holds signed wrapped tokens — no derived key material. Cannot decrypt without both parties' master material.

▶ Master key compromised. Derived session keys remain valid for in-flight bundles only within 30-day grace period. Old bundles expire.

▶ Recipient environment breached. Attacker lacks Sender's master material. Cannot unilaterally derive session keys or unwrap bundles.

▶ Signature forged. Ed25519 verification fails. Exchange terminates. Tampering is detectable at step 07 — before any unwrap occurs.

Salts rotate automatically. Master material rotates on a configurable schedule — typically 90 days — with on-demand rotation supported.

Salt Rotation

Automatic

Per-segment, per-exchange

Master Rotation

90 days

On-demand supported

Grace Period

30 days

In-flight bundles complete

Rotation Signal

Audit log

Hash-chain triggers rotation

Time	Action	Result
21:38:11	SHA-256 HASH	Success
21:38:11	HMAC INTEGRITY	Success
21:38:12	AES-GCM WRAP	Success
21:38:12	ED25519 SIGN	Success
21:38:13	BUNDLE TRANSMIT	Success

Summary

No PII on the wire. No exceptions.

Both parties contribute key material. Neither side can unilaterally decrypt the exchange. No third-party middleware required.

Client-side hashing

SHA-256 in the browser via Web Crypto API. Raw identifiers never enter the exchange pipeline. Hash is the only data transmitted.

Bilateral key derivation

HKDF-SHA256 combines both parties' master material + per-segment salt. Neither side derives alone. No credential pool, no central store.

Verified, audited, logged

Ed25519 signature proof on every bundle. Hash-chained audit log records every step. Integrity verifiable post-exchange.