IRLid โ€” Verification Score Breakdown

Current v3 implementation ยท 14 checks ยท weighted as I'd recommend

๐Ÿ” Cryptographic Signatures

ร—2
Initiator signatureECDSA P-256 verify โ€” A signed their payload with their private key
ร—2
Collaborator signatureECDSA P-256 verify โ€” B signed their payload with their private key
ร—2
HELLO offer signatureA's original offer was signed โ€” proves QR wasn't tampered in transit

๐Ÿ”— Hash Integrity

ร—1
Initiator structureA's response has all required fields
ร—1
Initiator hashSHA-256(canonical(a.payload)) matches stored hash
ร—1
Collaborator structureB's response has all required fields
ร—1
Collaborator hashSHA-256(canonical(b.payload)) matches stored hash

๐Ÿงฒ Cross-Session Binding

ร—1
A binds to HELLOA's response references the correct HELLO hash โ€” prevents substitution attacks
ร—1
B binds to HELLOB's response references the same HELLO hash
ร—1
A binds to offerA's response references the offer payload hash
ร—1
B binds to offerB's response references the same offer hash

๐Ÿ”’ Secure Enclave, Bio-metrics & Face Capture v5 planned ยท all optional ยท Settings only

ร—1
Hardware-backed key (Secure Enclave)Key in device TEE โ€” never extractable, even on rooted device. Replaces localStorage.
ร—1
Bio-metric unlockFingerprint / Face ID gates the signing key โ€” proves device owner was physically present
ร—1
A witnessed B's faceAt scan time, A's camera captured B's face + B's QR. Hash signed into A's payload. B cannot deny presence.
ร—1
B witnessed A's faceAt scan time, B's camera captured A's face + A's QR. Hash signed into B's payload. Mutual witness โ€” neither photographs themselves.

All four checks off by default. User enables in Settings. Never prompted during handshake. 100% score without these is valid for all everyday use โ€” maximum score reserved for extraordinary verification.

๐Ÿ“ Co-Presence Proof

ร—2
Time delta โ‰ค 90 secondsBoth devices signed within 90s of each other โ€” proves simultaneous presence
ร—2
Distance โ‰ค 12 metresGPS Haversine distance โ€” both devices reported same location
ร—1
Receipt age โ‰ค limitWidget-enforced โ€” receipt not older than site's configured threshold

Score out of 100 โ€” base 20pts ยท full system 100pts ยท symmetry with % confirmed

๐Ÿ” Signatures (3 ร— 4pts)
12 pts
๐Ÿ”— Hash integrity (4 ร— 1pt)
4 pts
๐Ÿงฒ Binding (4 ร— 1pt)
4 pts
๐Ÿ“ Co-presence GPS + time (2 ร— 2pts)
4 pts
๐Ÿ• Age check (1pt)
1 pt
Base total (v3 now)
20 / 100
+ L2 Trust history (+10pts)
30 / 100
+ L3 v5 Enclave+Bio+Face (+20pts)
50 / 100
+ L4 v6 Trust network (+15pts)
65 / 100
+ L5 v6 Blockchain (+15pts)
80 / 100
+ L6 v6 IoT / Drones (+10pts)
90 / 100
+ L7 v7 Zero Knowledge (+10pts)
100 / 100

Score out of 100 = % confirmed. Symmetry intentional. Base receipt (20pts) is valid for all everyday use. 100pts reserved for extraordinary verification โ€” legal, government, high-security access. Optional enhancements (L2b) take you to 50pts โ€” halfway โ€” with no server changes needed.