Bearer coins & the wallet
Every compute mints one ZEQ envelope — a signed, deterministic proof-of-compute receipt (the operators that ran, their equations, the result and its zeqProof). A paid-funded envelope is wholly yours and transferable. This page is about that transferable form: how a coin leaves your wallet as a self-contained bearer instrument, travels anywhere offline, and comes back — without ever being live in two places at once.
The one rule that keeps it safe
A file can always be copied. So a bearer coin's safety does not come from
"the file can't be duplicated." It comes from the rule real bearer instruments
use: the ledger settles single-spend — first to redeem wins; every copy is
worthless the instant one is redeemed. A coin is live in exactly one place
at any moment — either (a) live in your online wallet, (b) checked out as a
bearer file/link (escrowed on its issuing domain), or (c) redeemed elsewhere. A
monotonic spend_seq per coin enforces it: every hop bumps it, so a stale copy
carries an out-of-date height and is rejected as superseded.
Export — turn a coin into a bearer form
You can export a coin two ways. Both escrow it on its issuing domain (your online wallet can't spend it while it's escrowed) and both are PIN-locked (encrypted with HiteCrypto, so a lost file or scanned code is useless without the PIN).
.ZEQfile — a compact, encrypted binary you can save, email, or drop on a USB stick.POST /api/tally/envelopes/:tokenId/export, then encrypt the returned package.- QR / NFC claim link — the coin rides inside the URL fragment:
https://<issuing-domain>/claim#zeqcoin:v2:<encrypted>. It scans like an ordinary link and opens the claim page, but the fragment (everything after#) is never sent to any server — so the coin stays a true offline bearer instrument, and NFC is just that URL written to a tag.
Escrow uses an atomic UPDATE … SET status='bearer', spend_seq = spend_seq + 1
so a coin can never be exported twice from the same height.
Move it — fully offline
The .ZEQ file or zeqcoin:v2: payload is pure bytes. Put it on a USB stick,
email it, print the QR, or write the link to an NFC tag and hand it over. No
network, no account needed to carry it.
Redeem — pull it onto your machine
Present the coin to any domain and it is pulled into your wallet:
- Same issuing domain → the coin is un-escrowed straight back to you.
- A different domain → migrate: the issuing domain burns the coin
(marks it migrated, bumps
spend_seq) and signs an authorization; the destination domain mints a fresh coin re-homed to you. Atomic and idempotent — a retry (even seconds later) resolves to the same minted coin, so a re-home can never double-mint. Trust is per-domain Ed25519 node keys, no shared secret.
Any copy of the file carries the old spend_seq → the second redeem sees a
mismatch → rejected. Double-spend at the ledger is impossible; the residual
risk is purely social (handing copies to two people, whoever redeems first wins
— exactly like cash).
Three ways to redeem: upload a .ZEQ file, paste a zeqcoin: string or
claim link, or simply open the claim link — all ask for the PIN and pull the
coin in.
Bundles — many coins, one file
Tick several coins in the wallet and export them as one PIN-locked .ZEQ
bundle (or one claim link). Redeeming the bundle redeems every coin inside it,
reporting N / M on success. A bundle is just a set of individually-escrowed
bearer coins wrapped together — so double-spend protection stays per coin.
The unified vault
Envelopes are owned by your ZID, not a machine. Sign in on any domain and your vault shows every coin you own across the mesh, each tagged with its issuing domain — via an Ed25519-signed peer read, so a coin minted on one domain is visible from all of them.
Verify anything
Every envelope is publicly inspectable and verifiable — no login:
- Envelope viewer —
/envelope/?token=<token_id>shows the value, the operators with their equations, the zeqProof, the result digest, the Zeqond tick, and links to the State Observer and the verifier. - Verifier —
/verify/?token=<token_id>(or paste a receipt) recomputes the hash-link and checks the issuing domain's Ed25519 signature. It is a hosted page that also runs fully offline — hit Save for offline to keep a copy. A re-homed (migrated) envelope is proven by its signature.
Where to do it
- Wallet —
/vault/credits/→ the ZEQ envelope coins section: per-coin ↓ .ZEQ and QR / NFC, multi-select bundle, and Upload / Paste to redeem. Each coin links to its/envelope/viewer. - Web CLI —
zeq.coin.download('ZT-…','PIN'),zeq.coin.qr('ZT-…','PIN'),zeq.coin.upload('PIN'),zeq.coin.paste('<link|payload>','PIN'). - Extensions — the Chrome side-panel embeds the live wallet; VS Code has Zeq: Wallet / Coins and Zeq: Claim a coin.
API
| Action | Endpoint |
|---|---|
| Export (escrow → bearer package) | POST /api/tally/envelopes/:tokenId/export |
| Redeem (pull back / migrate-in) | POST /api/tally/coins/redeem |
| Migrate-out (issuing domain burns + signs) | POST /api/tally/coins/migrate-out |
| Unified vault (peer read) | GET /api/tally/peer/envelopes/:zid |
| Public receipt (for the viewer/verifier) | GET /api/chain/:slug/tally/token/:tokenId |