Cryptid Technologies Eclipse Logo

Authenticated provenance for all data.

Cryptid's Theseus verifiable provenance approach simplifies the tracking and verifying the life of your data. Designed using post-quantum cryptography, Theseus provides a simple and straight forward approach to accumulating meta data for any and all data. This makes it possible to know where data came from and that it has not been modified, or if it has, how it was modified and by whom.
Theseus authenticated provenance

Simple Modern Auditability

Use Cases

Asserting Intellectual Property Rights

close icon

Theseus provenance logs offer a simple method for a creator to use cryptography to bind their identity to their creations in such a way that allows for their IP rights to be proven in any setting. This approach makes IP right claims and verification into something easily automated in e-commerce solutions. Because our approach is not bound to any particular blockchain, creators are free to truly own their intellectual property while maintaining maximum flexibility and convenience for monetizing their creations.

Decentralized Change Management

close icon

The Theseus provenance logs track changes to data and validate each change with arbitrarily complex cryptographic rules that allow for change management without any centralized authority. Essentially, whomever can solve the cryptographic validation rules for the next update is the person allowed to add a new update to the provenance log. Accumulation of updates can be done in a decentralized manner over any communication medium but our API automates the process of gathering the necessary data, such as signatures, to create a valid update. It serves as a convenient and secure integration point for multi-signature and threshold signing schemes that leverage all of the identity and capability based authorization found in our Oberon API.

Cryptographic Key Management

close icon

The fundamental unit of cryptographic authority is not a cryptographic key pair but rather a cryptographic key history. In a world with digitally signed data, old data will be signed with old keys and the linking of the old keys with current keys is a critical part of security. The time-oriented nature of the Theseus provenance log makes the perfect solution for managing key histories and securing against key compromise. If your requirements include hardware security modules for storing secrets, our SDK contains support for all of the mobile and PC hardware security modules as well as many of the enterprise grade secrets managment hardware and networks. Theseus provides a simple and straight forward API for abstracting away a lot of the details of your secrets management.

X.509 Alternative

close icon

Theseus is first and foremost designed for the time-oriented nature of authenticated metadata. Clients don't ever have one set of keys forever but instead rotate their keys often. The Theseus provenance log construct is designed to provide a cryptographically verifiable way to accumulate key history along with other authenticated metadata such as KYC/KYB data. This allows for the creation of X.509 compatible "snapshots" of key state and associated metadata at any point in time since the inception of a given provenance log. Provenance logs represent the next step in the evolution of authenicated provenance of cryptographic keys and standardized verified metadata.

Mutually Authenticated TLS Alternative

close icon

Along with Theseus we offer an open source implementation of the Disco extension of the Noise protocol specification as a replacement for TLS. It too is based on the same post-quantum cryptographic constructs for ensuring confidentiality and self-healing session states. Our implementation supports the use of Theseus provenance logs for the source of key material for any identity based handshakes in the protocol making this a next-generation replacement for X.509 and mutually authenticated TLS using post-quantum cryptography for security. The only thing that isn't post-quantum is the key agreement protocol but that is engineered to be replaceable when the emerging standard is finalized.

Our implementation also contains an IND-CCA2 session identification method we call "if you know, you know" (IYKYK). This makes it efficient for the recipient of Disco messages to securely and privately identify which session it is associated with so that the session is instantly resumable. This then becomes an ISO Layer 5 (Session Layer) solution that is transport agnostic and resilient even if there is large amounts of time between messages and also if they are delivered out of order.


What is provenance and how does Theseus provide that for digital data?

close icon

Provenance is the chronology of ownership of anything. Theseus provides a means to track the provenance of any data using the control over cryptographic keys and/or secrets as the means of proving ownership. You can think of it as a cryptographically provable chain of custody that uses everything we have learned about provable ownership from blockchains and cryptography in general over the last 30 years.

Theseus uses a data structure we call a provenance log to accumulate the metadata that documents the changes of ownership over time. The data structure is build using the strobe protocol based on the Keccak/SHA3 post-quantum sponge construction. Each update to a provenance log not only provides solutions to cryptographic validation rules but also defines the validation rules for the next update. This chaining ensures that only the owner(s) of the provenance log are able to update it and supports the many secure protocols for changing ownership.

What happens if my cryptographic keys are lost or stolen?

close icon

Theseus provenance logs use arbitrarily complex cryptographic validation rules for defining what constitutes a valid update. There are several ways to ensure that a compromise of a key anywhere in the key history can be recovered from. Multiple factors as well as anchoring and cross-log linking can all be used as ways to force the recovery of control over a provenance log and allow the rightful owner to prove that they are the rightful owner.

Does Theseus require trusted storage for provenance logs?

close icon

Theseus provenance logs are designed to be tamper evident cryptographic data structures therefore they do not require any trusted storage. This allows for solutions built using provenance logs to leverage any and all existing internet standards for storage, access and linking. Typically provenance logs are stored on IPFS or web servers using HTTP and URLs for access and linking. One notable difference is our use of signed URLs to make linking self-certifying and verifiable by any client that resolves a URL to a provenance log. The signature over the URL is part of the URL and verifiable using the public key found in the provenance log that is downloaded.

The use of untrusted storage allows Theseus to support the widest possible range of use cases while maintaining high scalability by leveraging ubiquitous internet resources.

The fundamental unit of cryptographic authority is authenticated provenance.