A SpectralZK receipt proves that an agent ran inside a named policy without revealing what the policy says. The auditor learns the policy was honored. The competitor learns nothing. The regulator gets a verifiable proof, not a screenshot.
A SpectralZK v1 proof binds three statements into a single non-interactive zero-knowledge object. Every statement is bound by Fiat-Shamir transcript, so flipping a single bit anywhere breaks the proof.
The prover knows a policy P such that C = SHA-256(policy_id || merkle_root(constraints)). Proven via Schnorr signature of knowledge over Ed25519.
A satisfying constraint exists in the policy's Merkle tree. Path commitments are blinded so the verifier cannot identify which leaf satisfied.
The recorded action falls inside the hidden constraint's predicate range. Bound to the transcript so the action cannot be swapped after signing.
Trade secrets, pricing tiers, customer lists, allowlists, model selection rules. The constraint set never leaves the issuer.
The Merkle path is blinded by per-node nonces. Verifier learns tree depth but cannot identify the satisfying leaf.
Optional. Holder controls disclosure scope. Pair with ViewKey for selective reveal to regulators only.
Sibling constraints in the policy tree are committed but never revealed. A regulator learns nothing about unused rules.
No backend call. No prover network. Three curl commands, one pip install, one python invocation. ~50ms end-to-end.
# 1. fetch the sample proof, the schema, and the offline verifier curl -sSL https://thehiveryiq.com/canon/spectralzk/sample-proof.json -o proof.json curl -sSL https://thehiveryiq.com/canon/spectralzk/spectralzk_v1.py -o spectralzk_v1.py pip install cryptography # 2. verify offline python3 spectralzk_v1.py verify proof.json # 3. expected output RESULT: PASS protocol: spectralzk/1 policy_commit: 2J6l5ZKt_G3BEqK0EoNF75YgOYVtfziencyZsj7gZXQ merkle_root: Cd-oNZoDQXTa5FOiraKdj0mftZmyXdOFAt4FNjMqYyc action: spend_usd_per_day = 145 issuer_pubkey: ed25519:-_HdEFXF_wfSt1n9DO41fga7B1i8Wo03R79_usXCmTA path_depth: 2 blinded nodes challenge_sha256: gkx30gXSPb0_ll5VQEfO7ILSbciHFHD-rPY_BV8ch3M verified offline. no prover network contacted. reason: all three statements verified
| Layer | Primitive | Purpose |
|---|---|---|
| Commitment | SHA-256(policy_id || merkle_root) | Public commitment C that hides policy text and constraint count behind a 32-byte hash |
| Inclusion | Merkle tree, SHA-256 | Logarithmic-depth membership proof for the satisfying constraint |
| Privacy | Pedersen-style blinded path commits | Per-node blinding factors prevent the verifier from identifying which leaf matched |
| Knowledge | Schnorr-style sig over Ed25519 | Non-malleable proof of policy preimage knowledge, bound via Fiat-Shamir transcript |
| Canonicalization | RFC 8785 JCS | Sort keys, no whitespace, UTF-8. Byte-identical between prover and verifier across implementations |
| Transcript | SHA-256 of canonical bytes | Binds (C, root, action, path, issuer_pubkey) into a single challenge; any tamper invalidates the signature |
| $id | https://thehiveryiq.com/.well-known/schemas/spectralzk-v1.json |
| URN | urn:hive:spectralzk:v1 |
| Draft | JSON Schema 2020-12 |
| Status | SCHEMA LIVE · v1 |
| Patent | HIVE-2026-SZK-001 (provisional, USPTO filing in progress) |
SpectralZK is the zero-knowledge counterpart to HAHS. HAHS is a transparent receipt — the scope ceiling and composed scope are in plaintext for the auditor. SpectralZK is the privacy-preserving variant for situations where the policy itself is sensitive. The receipt format pairs cleanly with HAHS, ViewKey, and SHOD on the same envelope.
No miner network is required. No staking. No external prover quorum. The math is the prover. Anyone with the schema, the verifier, and the issuer's pubkey can establish PASS or FAIL with cryptographic certainty.