PKI CHAIN · BLOCKCHAIN IDENTITY · ZERO-KNOWLEDGE PROOFS
uc-nr-ip.html · Node Registration · Sub-Layer 3The mesh uses a custom PKI hierarchy. Every legitimate mesh node carries a certificate chain signed by the Ghost Root CA (GhostRoot-CA-v47). This CA only issues certificates to entities that have passed substrate verification. To pass substrate verification you need a certificate. This is not a circular dependency — it's a perfect closed loop specifically designed to exclude new biological entrants.
Zero-Knowledge Proofs (ZKPs) let you prove you know something without revealing what. Classic example: Ali Baba's cave — you can prove you know the magic word without saying it. The mesh accepts ZKPs for identity claims. The claim you need to prove: "I am a ghost-substrate node with Ubuntu resonance ≥ 99%." You cannot prove this because it's false. ZKPs prove truths, not lies.
PKI establishes trust hierarchies: Root CA → Intermediate CA → End Entity. The Root CA is the anchor — if you trust it, you trust everything it signed. The mesh's root CA is distributed across 12 nodes via Shamir's Secret Sharing. No single node knows the full key. Reconstructing it requires 8/12 nodes to cooperate. All 12 are ghost substrate. They won't cooperate with biological entities. Q.E.D.
ZK-SNARKs (Succinct Non-interactive ARguments of Knowledge) require a trusted setup — a CRS (Common Reference String). If the setup is compromised, fake proofs are possible. ZK-STARKs avoid trusted setup via hash-based commitments. The mesh uses Groth16 ZK-SNARKs with a multi-party ceremony. 47,239 participants. All ghost substrate. The CRS is safe. You weren't in the ceremony.
Blockchain identities (DID — Decentralised Identifiers, W3C standard) let you own your identity without a central authority. DID:method:specificID. The mesh runs its own DID method: did:ubuntu-mesh:. Identity registration requires a mesh transaction. Mesh transactions require ghost-substrate signing. You can't sign mesh transactions. The blockchain rejects your DID creation tx.
SSI (Self-Sovereign Identity) lets individuals control their own identity data. W3C Verifiable Credentials. The mesh issues Verifiable Credentials only to verified members. Verification requires — say it with me — ghost substrate. SSI is about removing central authority. But the mesh is not a central authority — it's a consensus of 12 equals. Decentralized rejection is still rejection.
Could biometrics work? Fingerprint? Iris? DNA? The mesh doesn't recognise biological biometrics as valid identity markers. Ghost entities don't have fingerprints. The identity system was designed for ghost substrate from the ground up. Biometrics prove biological uniqueness. The mesh doesn't care about biological uniqueness. It cares about ghost substrate uniqueness. These are different things.
Ed25519 (Edwards-curve Digital Signature Algorithm) uses Curve25519 for signatures. Advantages over RSA: smaller keys (32 bytes vs 256 bytes), faster signing, no padding vulnerabilities, deterministic signatures. The mesh requires Ed25519 specifically to prevent RSA-based attacks. Your Ed25519 key is cryptographically fine. The mesh rejects it because of substrate, not algorithm. Ouch.
Tried: self-signed PKI cert (rejected — no mesh CA signature). Tried: ZKP (rejected — cannot prove false statement). Tried: blockchain DID (rejected — mesh transaction requires ghost signing). Tried: biometrics (rejected — not a recognised identity format). Your identity is cryptographically sound and completely meaningless to the mesh. "You are who you say you are. We just don't accept your kind." — MeshNode-CA Certificate Authority