Skip to main content

TimeChain Protocol Cheatsheet

The TimeChain Standard presents a family of cryptographic protocols for collaborative documentation that provide mathematical proof of document integrity, access patterns, and authorship without trusting the platform operator.

Protocol Comparison Matrix

DimensionVESTAEGISForkNode-VESTWEAVETNP
Full NameSigned Evidence Audit LedgerAuthenticated Evidence Guard with Integrated SecurityForkNode + VEST SynthesisWeb-scale Edge-Aware Verifiable ExchangeForking Latency-Unified eXchange
Primary InnovationCryptographic operation chains with non-repudiationZero-knowledge access control with selective disclosureHomomorphic CRDTs with encrypted conflict resolutionMesh-native topology with content addressingTime-travel consensus with timeline divergence
Core Problem Solved”Can we prove who edited what and when?""Can we audit access without revealing content?""Can we collaborate in real-time with E2E encryption?""Can we collaborate without server dependency?""Can we enable non-linear document history?”
Unique Selling PropositionCourt-admissible cryptographic proof of authorshipServer verifies permissions without learning document IDsServer merges edits without decrypting contentPeer-to-peer operation chains with server accelerationInfinite undo with branch/merge for documents

Technical Characteristics

CharacteristicVESTAEGISForkNode-VESTWEAVETNP
Transport LayerUDP + DTLS 1.3UDP + DTLS 1.3UDP + DTLS 1.3UDP Mesh + DTLSUDP + DTLS 1.3
Cryptographic PrimitivesEd25519, BLAKE3, RoughtimeEd25519, zk-SNARKs (Groth16), CommitmentsEd25519, OPE, AES-256-GCMEd25519, BLAKE3, Content addressingEd25519, BLAKE3, Vector clocks
Data StructureMerkle DAG (operation chain)VEST chain + ZK proof forestVEST chain + homomorphic CRDT stateMerkle DAG (content-addressed)Merkle DAG with timeline branches
Consensus MechanismDistributed timestamps (Roughtime)ZK proof verification + timestampsOPE-based CRDT rules + timestampsGossip protocol + eventual consistencyLamport clocks + causal ordering
Server RoleWitness + chain validatorZK verifier + audit loggerHomomorphic merge engine + witnessOptional accelerator + discoveryTimeline coordinator + branch manager
Privacy ModelServer sees operation contentServer sees nothing (zero-knowledge)Server sees encrypted operations + metadataServer sees content-addressed hashesServer sees operation structure, not content

Performance Characteristics

MetricVESTAEGISForkNode-VESTWEAVETNP
Client Overhead (P95)+15ms+250ms (proof gen)+30ms+10ms+20ms
Server Overhead (P95)+10ms+8ms (verify)+15ms+5ms+12ms
Target P95 Latency<50ms<300ms (first access)<60ms<40ms<55ms
Throughput (ops/sec/node)100K50K (ZK bottleneck)80K150K (distributed)90K
Proof Size1-2KB per operation300 bytes (ZK proof)2-3KB per operation500 bytes (content hash)1.5KB per operation
Chain Verification (1M ops)O(n) with Merkle proofs = O(log n)O(n) but parallelizableO(n) with OPE overheadO(n) distributedO(n) per timeline

Security Properties

PropertyVESTAEGISForkNode-VESTWEAVETNP
Non-repudiation✅ Strong (user signatures)✅ Strong (ZK commitments)✅ Strong (dual signatures)✅ Strong (content-addressed)✅ Strong (causal signatures)
Tamper-evidence✅ Hash chain + Merkle tree✅ VEST chain + ZK proofs✅ Encrypted chain integrity✅ Content addressing✅ Timeline DAG integrity
Forward Secrecy✅ DTLS 1.3✅ DTLS 1.3 + per-access keys✅ DTLS 1.3 + document keys✅ DTLS 1.3✅ DTLS 1.3
Server Blindness❌ Server sees content✅ Server blind to access patterns⚠️ Server sees positions (OPE)✅ Server blind to content⚠️ Server sees structure
Auditability✅ Complete operation log✅ Selective disclosure✅ Encrypted operation log✅ Content-addressed history✅ Complete timeline history
Privacy GuaranteesLow (server sees all)Very High (zero-knowledge)Medium-High (OPE leakage)High (content-addressed)Medium (structure visible)

Market Positioning

DimensionVESTAEGISForkNode-VESTWEAVETNP
Target CustomerLegal, Healthcare, Finance (compliance)Intelligence, High-security legalAll of the above (premium)Distributed teams, offline scenariosGit-style document workflows
Primary Use CaseContract negotiations, audit trailsClassified documents, sensitive M&AReal-time encrypted collaborationField operations, disaster recoveryComplex document versioning
Competitive AdvantageFirst cryptographic audit for docsUnique zero-knowledge + audit”Impossible trinity” achievedServer-optional resilienceGit for documents
Pricing Strategy3x base ($45/user/month)10x base ($150/user/month)Included in premium tier2x base ($30/user/month)2x base ($30/user/month)
Market MaturityReady (clear demand)Emerging (ZK trending)Speculative (validate first)Niche (specific needs)Niche (power users)

Implementation Complexity

FactorVESTAEGISForkNode-VESTWEAVETNP
Cryptography DifficultyMediumVery High (ZK-SNARKs)High (OPE + homomorphic)MediumMedium
Integration ComplexityLow (extends Relay)Medium (adds ZK verifier)High (replaces CRDT)Medium (mesh topology)Medium (timeline management)
Development Timeline9 months12 months18 months12 months10 months
Team Size Required6-8 engineers8-10 engineers12-15 engineers7-9 engineers6-8 engineers
Required ExpertiseProtocol design, RustCryptography, ZK circuitsHomomorphic crypto, CRDTsP2P networking, gossipVersion control systems
Maintenance BurdenMediumHigh (crypto updates)Very HighMediumMedium

Packet Structure Comparison

VEST Packet (Simplified)

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  Type | Flags         | Session ID                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length                | Document ID                   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Operation Hash (32 bytes)                                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Parent Hash(es) (variable)                                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lamport Clock                 | Timestamp (8 bytes)           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| User Signature (64 bytes Ed25519)                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Server Signature (64 bytes Ed25519)                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Merkle Root (32 bytes)                                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp Proof (variable, Roughtime format)                  |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload (variable)                                            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

AEGIS Packet (Simplified)

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  Type | Flags         | Session ID                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| User Commitment (32 bytes, hidden identity)                   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Document Commitment (32 bytes, hidden document ID)            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp Commitment (32 bytes, hidden time)                  |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ZK Proof (Groth16, ~192 bytes)                                |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Public Inputs (variable)                                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VEST Chain Reference (32 bytes, links to audit chain)         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encrypted Audit Details (for auditor, variable)               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Consistency Proof (proves audit matches commitments)          |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

ForkNode-VEST Packet (Simplified)

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  Type | Flags         | Session ID                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VEST Header (as above)                                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Encrypted Payload (AES-256-GCM)                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPE Position (8 bytes, order-preserving encrypted)            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Fully Encrypted Position (for client decryption)              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Operation Type (visible: INSERT/DELETE/FORMAT)                |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Causal Metadata (visible for CRDT merging)                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Document Key Fingerprint (32 bytes, not the key)              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Pseudo-Sequence Diagrams

VEST: Document Edit with Audit Trail

Client                     Relay                    Redis                Timestamp
  |                          |                        |                      |
  |--[1. Edit "Hello"]------>|                        |                      |
  |   Sign with user key     |                        |                      |
  |                          |                        |                      |
  |<-[2. Operation received]-|                        |                      |
  |                          |                        |                      |
  |                          |--[3. Verify signature]-|                      |
  |                          |   Check chain parent   |                      |
  |                          |                        |                      |
  |                          |--[4. Request timestamp]------------------>|
  |                          |                        |                      |
  |                          |<-[5. Timestamp proof]---------------------|
  |                          |   (Roughtime, 3 servers)                     |
  |                          |                        |                      |
  |                          |--[6. Add server signature]                   |
  |                          |   Compute operation hash                     |
  |                          |   Update Merkle tree                         |
  |                          |                        |                      |
  |                          |--[7. Persist to Redis]-|                      |
  |                          |                        |                      |
  |<-[8. Witnessed operation]|                        |                      |
  |   with proof chain       |                        |                      |
  |                          |                        |                      |
  |                          |--[9. Broadcast to other clients]             |
  |                          |                        |                      |

Result: Cryptographically verifiable audit trail stored

AEGIS: Zero-Knowledge Access Request

Client                     AEGIS                    Shield               Auditor
  |                          |                        |                      |
  |--[1. Request access]---->|                        |                      |
  |   Generate ZK proof:     |                        |                      |
  |   "I have permission"    |                        |                      |
  |   (hides document ID)    |                        |                      |
  |                          |                        |                      |
  |                          |--[2. Verify ZK proof]--|                      |
  |                          |   Server learns NOTHING|                      |
  |                          |   about document/user  |                      |
  |                          |                        |                      |
  |<-[3. Access granted]-----|                        |                      |
  |   Encrypted doc key      |                        |                      |
  |                          |                        |                      |
  |--[4. Decrypt locally]--->|                        |                      |
  |   Read document          |                        |                      |
  |                          |                        |                      |
  |                          |--[5. Log access event]-|                      |
  |                          |   Encrypted for auditor|                      |
  |                          |   Server can't decrypt |                      |
  |                          |                        |                      |
  |                          |                        |                      |
  [Later: Audit Request]     |                        |                      |
  |                          |                        |                      |
  |                          |<-[6. Request audit logs]-------------------|
  |                          |                        |                      |
  |                          |--[7. Export encrypted logs]---------------->|
  |                          |                        |                      |
  |                          |                        |   [8. Decrypt logs]  |
  |                          |                        |   Verify VEST chain  |
  |                          |                        |   Confirm access     |
  |                          |                        |                      |

Result: Access audited without server learning what was accessed

ForkNode-VEST: Encrypted Collaborative Edit

User1                    User2                    Server                Other Users
  |                        |                        |                        |
  |--[1. Type "Hello"]---->|                        |                        |
  |   Encrypt locally      |                        |                        |
  |   OPE position         |                        |                        |
  |                        |--[2. Type "World"]---->|                        |
  |                        |   Encrypt locally      |                        |
  |                        |   OPE position         |                        |
  |                        |                        |                        |
  |                        |                        |--[3. Compare OPE]--    |
  |                        |                        |   pos1 < pos2          |
  |                        |                        |   Merge WITHOUT decrypt|
  |                        |                        |                        |
  |                        |                        |--[4. Sign merged ops]- |
  |                        |                        |   VEST witness         |
  |                        |                        |                        |
  |<-[5. Broadcast encrypted merge]----------------|                        |
  |                        |                        |                        |
  |--[6. Decrypt locally]->|                        |                        |
  |   Result: "Hello World"|                        |                        |
  |                        |<-[7. Decrypt locally]--|                        |
  |                        |   Result: "Hello World"|                        |
  |                        |                        |                        |

Result: Real-time collaboration with E2E encryption maintained

Integration Requirements

VEST Integration with Materi

Existing: Browser → WebSocket → Relay → Redis → PostgreSQL
Modified: Browser → VEST Client → DTLS → Relay (VEST module) → Redis (chain) → PostgreSQL

Changes:
- Relay: Add VEST protocol handler (~2K LOC Rust)
- Client: Add signature generation (Ed25519, ~500 LOC TypeScript)
- Shield: Key management for user signing keys
- Redis: Store operation chains (existing Streams + new hash structure)
- Minimal: ~15ms added latency, 100K ops/sec maintained

AEGIS Integration with Materi

Existing: Browser → Shield (JWT auth) → API → PostgreSQL
Modified: Browser → ZK Proof Gen → Shield (ZK verifier) → AEGIS module → VEST chain

Changes:
- Shield: Add ZK proof verification endpoint (~3K LOC Python)
- Client: Add ZK proof generation (WASM, ~1K LOC TypeScript wrapper)
- New: AEGIS service for selective disclosure
- Redis: Store encrypted audit logs
- Moderate: +250ms first access (proof gen), +8ms verify

ForkNode-VEST Integration with Materi

Existing: Browser → Relay (CRDT) → Redis → PostgreSQL
Modified: Browser → Encrypt → ForkNode-VEST → Homomorphic CRDT → Redis (encrypted) → PostgreSQL

Changes:
- Relay: Replace CRDT engine with homomorphic version (~5K LOC Rust)
- Client: Add OPE encryption layer (~2K LOC TypeScript)
- Extensive: Complete CRDT rewrite for encrypted operations
- Significant: +30ms added latency, 80K ops/sec (reduced)

Risk Assessment Summary

Risk TypeVESTAEGISForkNode-VEST
Technical FeasibilityLow risk (proven crypto)Medium risk (complex ZK)High risk (novel combination)
Performance ImpactLow (+15ms)Medium (+250ms first access)Medium (+30ms sustained)
Market ValidationStrong (compliance demand)Emerging (ZK trending)Unvalidated (speculative)
Implementation Time9 months12 months18 months
Team Expertise GapLow (protocol design)High (ZK-SNARK expertise)Very High (multiple domains)
Maintenance BurdenMediumHigh (crypto updates)Very High (complex crypto)
Competitive Response2-3 years to replicate3-5 years to replicate5+ years to replicate

Phase 1: Foundation (VEST)

  • Duration: 9 months
  • Investment: $1.3M
  • Risk: Low
  • Market: Validated
  • Outcome: Cryptographic audit trails, 2-3 year technical moat

Phase 2: Differentiation (AEGIS)

  • Duration: 12 months
  • Investment: $1.8M
  • Risk: Medium
  • Market: Emerging
  • Outcome: Unique zero-knowledge position, 3-5 year moat

Phase 3: Completion (ForkNode-VEST)

  • Duration: 18 months
  • Investment: $4.5M
  • Risk: High
  • Market: Unvalidated
  • Outcome: “Impossible trinity” achieved, but only if Phases 1-2 succeed
Decision Gate: After Phase 1, evaluate market response before committing to Phase 2. After Phase 2, evaluate before committing to Phase 3.

Standards Compliance

All protocols in the TimeChain standard family comply with:
  • RFC 8446: TLS 1.3 (via DTLS 1.3)
  • RFC 9000: QUIC (transport inspiration)
  • RFC 8032: Ed25519 signatures
  • FIPS 140-2: Cryptographic module standards
  • GDPR Article 32: Security of processing requirements
  • SOC 2 Type II: Trust service criteria
  • HIPAA § 164.312: Technical safeguards

Open Questions for Future Research

  1. VEST: Can we reduce Merkle tree update overhead for documents with 10M+ operations?
  2. AEGIS: Can we use lighter ZK systems (STARKs, Bulletproofs) to reduce proof generation time below 100ms?
  3. ForkNode-VEST: Can we use fully homomorphic encryption (FHE) instead of OPE to eliminate position leakage?
  4. WEAVE: Can we achieve Byzantine fault tolerance in mesh topology without consensus overhead?
  5. TNP: Can we use persistent data structures to make timeline branching O(1) instead of O(n)?
Document Version: 1.0
Last Updated: November 27, 2025
Standard Name: TimeChain (Verifiable Evidence and Real-time Integrity Through Authenticated Streams)
Protocol Family: VEST, AEGIS, ForkNode-VEST, WEAVE, TNP
Status: Draft Specification