Gate an API so only requests from a genuinely attested, trusted software build are accepted.
Issue anonymous access tokens that a server can verify without linking them back to a specific user.
Build a post-quantum-safe authentication layer that survives future quantum computer attacks.
| maceip/eat-pass | 0xr10t/pulsefi | 404-agent/codes-miner | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | Rust | Rust | Rust |
| Setup difficulty | hard | hard | moderate |
| Complexity | 5/5 | 4/5 | 3/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Real use requires genuine hardware attestation (e.g. a confidential VM), native builds are Linux x86_64 only.
This project is a security system for proving that a request comes from a trusted, verified piece of software, without ever revealing which specific device or user sent it. It combines two advanced cryptographic techniques, both designed to stay secure even against future quantum computers, which could otherwise break many of today's standard encryption methods. The first technique checks hardware evidence, a cryptographic proof generated by the device itself confirming it is running genuine, unmodified software in a secure environment. Only after that proof passes a policy check does the system issue a short-lived authorization. The second technique then uses that authorization to blindly sign an anonymous access token, meaning the part of the system issuing the token never actually sees the finished token a client later uses. This separation is what makes the tokens unlinkable: a server can trust that a request came from an approved, attested piece of software, while having no way to tell which particular client sent it. In practical terms, think of it as a bouncer who checks that you are wearing the right kind of wristband, without ever learning your name. A server using this system only needs the issuer's public cryptographic key to check tokens, with no callbacks, no shared secrets, and no per-request re-verification needed. The project ships as a single program that can act as four different roles: the attester that checks hardware proof, the issuer that blind-signs tokens, a central authority that prevents a token from being spent twice, and an example origin server that accepts tokens. There is deliberately no insecure or development mode in the shipped software, since real hardware attestation is always required, though a hidden test-only mode exists purely for automated testing. This is deep infrastructure-level security software, written in Rust, aimed at engineers building systems that need strong anonymous authentication, not something a typical developer would use casually. It requires a genuine hardware attestation environment such as a confidential virtual machine to run for real, and currently builds natively only on Linux.
A post-quantum security system that issues anonymous, unlinkable access tokens gated on genuine hardware attestation, so servers trust the software without knowing who sent the request.
Mainly Rust. The stack also includes Rust, FAEST, PoMFRIT.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.