One-action protected profile
ZMath generates a strong passphrase and unique 512-pixel pattern image locally. The pattern downloads separately, the passphrase appears once, and the trusted browser copy is encrypted under a non-exportable device key.
ZMath is a dual-key encryption system that combines your password with a pattern image to derive strong keys and produce encrypted artifacts in the ZME1 container format. Portable mode also decrypts ZeroThink CLI .ztz files locally, so Agent Zero encrypted files can be restored from the web when you need it. The old external links are no longer required: Portable and Exclusive are now hosted directly under talktoai.org.
ZMath generates a strong passphrase and unique 512-pixel pattern image locally. The pattern downloads separately, the passphrase appears once, and the trusted browser copy is encrypted under a non-exportable device key.
After setup, selecting a file can create its container automatically and selecting a matching container restores it locally. Another device requires the separately stored passphrase and exact pattern image. A built-in authenticated round-trip self-test checks the local file path.
Both tools run under this domain now. No more dependency on the lost external domains.
Encrypt and decrypt in your browser using the correct password plus the exact pattern image. Portable containers are self-contained, so they can be moved between machines.
Exclusive containers use the same password and pattern image model, plus a same-domain ZMath policy token. If the policy endpoint is missing, disabled, or moved away from talktoai.org, decryption fails.
The password and pattern image are processed separately, mixed through a ZEQ-256 style SHA-256 equation, then finalized through HKDF to create an AES-256 key.
Each ZME1 file stores the encrypted payload, salts, IV, algorithm labels, mode, and metadata required to verify and decrypt later with the same factors.
AES-GCM detects wrong passwords, wrong pattern images, damaged files, and tampering before a bad plaintext file is written.
File bytes are encrypted and decrypted locally in the browser. Exclusive mode contacts the server only for a policy key factor, not to upload your plaintext file.
A customer deployment can submit a container commitment to IonQ using that customer's own Quantum Cloud project and budget, retaining the returned job ID, backend, status, and timing as external provenance evidence.
IonQ Cloud jobs do not secretly deliver encryption keys through a classical API and are not QKD. ZME1 security continues to come from reviewed local cryptography; quantum execution is an optional auditable evidence lane.