ZME1 container ZeroThink CLI .ztz ZEQ-256 equation AES-GCM-256 Separate recovery factors Password + pattern image Restored on talktoai.org

Protect a file locally. Keep both recovery factors under your control.

ZMath is a dual-key encryption system that combines your password with a pattern image to derive strong keys and produce encrypted artifacts in the ZME1 container format. Portable mode also decrypts ZeroThink CLI .ztz files locally, so Agent Zero encrypted files can be restored from the web when you need it. The old external links are no longer required: Portable and Exclusive are now hosted directly under talktoai.org.

Automatic without an AI dependency

One-action protected profile

ZMath generates a strong passphrase and unique 512-pixel pattern image locally. The pattern downloads separately, the passphrase appears once, and the trusted browser copy is encrypted under a non-exportable device key.

Automatic protect, restore and verify

After setup, selecting a file can create its container automatically and selecting a matching container restores it locally. Another device requires the separately stored passphrase and exact pattern image. A built-in authenticated round-trip self-test checks the local file path.

ZMath Dual-Key Encryption: ZME1 container, ZEQ-256 derivation, Portable and Exclusive modes.

The two systems

Both tools run under this domain now. No more dependency on the lost external domains.

Portable Mode - decrypt anywhere

Encrypt and decrypt in your browser using the correct password plus the exact pattern image. Portable containers are self-contained, so they can be moved between machines.

  • Client-side ZEQ-256 style derivation from password and pattern image.
  • AES-GCM-256 authenticated encryption.
  • Outputs downloadable ZME1 JSON containers.
  • Decrypts ZeroThink CLI .ztz files and encrypted folder bundles as ZIP downloads.
  • No server policy token required to decrypt.

Exclusive Mode - server-bound access

Exclusive containers use the same password and pattern image model, plus a same-domain ZMath policy token. If the policy endpoint is missing, disabled, or moved away from talktoai.org, decryption fails.

  • Server-bound key factor generated outside public_html.
  • Still encrypts and decrypts file bytes locally in the browser.
  • Designed for controlled, on-site workflows.
  • ZME1 file records that it belongs to the talktoai.org Exclusive lane.

How ZMath protects data

Dual-key derivation

The password and pattern image are processed separately, mixed through a ZEQ-256 style SHA-256 equation, then finalized through HKDF to create an AES-256 key.

ZME1 container

Each ZME1 file stores the encrypted payload, salts, IV, algorithm labels, mode, and metadata required to verify and decrypt later with the same factors.

Authenticated encryption

AES-GCM detects wrong passwords, wrong pattern images, damaged files, and tampering before a bad plaintext file is written.

Client-side first

File bytes are encrypted and decrypted locally in the browser. Exclusive mode contacts the server only for a policy key factor, not to upload your plaintext file.

Important: if you lose the password, exact pattern image, or ZeroThink CLI Z-Pepper, ZMath cannot recover the file. Keep backups of the required factors before using this for anything important.

Customer-funded quantum lane

Real IonQ job evidence

A customer deployment can submit a container commitment to IonQ using that customer's own Quantum Cloud project and budget, retaining the returned job ID, backend, status, and timing as external provenance evidence.

What it does not claim

IonQ Cloud jobs do not secretly deliver encryption keys through a classical API and are not QKD. ZME1 security continues to come from reviewed local cryptography; quantum execution is an optional auditable evidence lane.