Decentralized identity through Proof-of-Trajectory. One Ed25519 key for authentication, messaging, and payments. No passwords, no intermediaries, no biometrics.
GNS replaces the username/password model with cryptographic identity derived from physical movement in the real world. Three primitives do the work.
A single elliptic curve keypair serves as your identity, your message signing key, your encryption key (via X25519), and your Stellar wallet address. No accounts to create. You are your key.
Your device emits cryptographically-signed, H3-quantized location breadcrumbs chained by hash. Each breadcrumb links to the previous, forming an unforgeable trajectory through the physical world.
The Trajectory Criticality Engine computes trust from three axes: entropy (diversity of locations), regularity (consistent patterns), and span (duration over time). Bots can't fake months of real-world movement.
type Breadcrumb { index: Uint64 timestamp: Moment cell: H3Cell // Hexagonal grid, res-9 (~174m) context: Hash // WiFi + cell + IMU digest previous: Hash // Chain link to prior breadcrumb signature: Signature // Ed25519 proof of authorship invariant signature.valid(for: self, by: owner) invariant cell.reachable(from: previous.cell, within: timestamp - previous.timestamp) }
Human-readable handles (@camilo, @wincom) resolve to Ed25519 public keys. Claiming a handle requires 100+ breadcrumbs and a trust score of 20+ — Proof-of-Trajectory prevents handle squatting.
Because Ed25519 identity keys are simultaneously Stellar wallet addresses, payments are native to the protocol. Send money to @handle. No payment processor, no intermediary fees.
Uber's H3 hexagonal grid converts exact GPS coordinates into ~174m cells. Verifiers learn "this person was in this area" without ever seeing the raw location. Privacy by math, not by policy.
The GNS White Paper v0.3 covers the complete protocol: identity, breadcrumbs, trust scoring, handles, messaging, payments, and organization namespaces.
TrIP formalizes Proof-of-Trajectory as an IETF Internet-Draft, extending GNS from human identity to devices, satellites, and IoT ecosystems.
Trajectory-based Identity Protocol submitted to the IETF RATS (Remote ATtestation procedureS) working group. Defines attestation records, trust computation, and the three-tier architecture for verifying identity through physical behavior.
Read specification →TrIP extended to Low Earth Orbit. 15,000+ satellite identities with trust scores derived from orbital trajectory data. CelesTrak pipeline, insured fleet tracking, three-tier attestation for space objects.
Live satellite catalog →Cryptographic social relationships for IoT devices. Proves co-location (CLOR), ownership (OOR), parental (POR), co-work (CWOR), and social (SOR) relationships through breadcrumb chain intersection. Transforms 14 years of SIoT academic theory into deployable protocol.
Read extension paper →Provisional patent filed for the Proof-of-Trajectory mechanism — proving identity through cryptographically-signed physical movement rather than biometrics, passwords, or centralized databases.
COSS licensing details →A programming language purpose-built for spatial-identity computing. Location is a primitive type, not a library call. Encryption happens automatically. Privacy violations fail at compile time.
// Collect breadcrumbs to prove humanity identity me = Keychain.primary every 10.minutes when battery > 20% { let crumb = breadcrumb( cell: here.h3(10), context: sensors.digest, previous: me.trajectory.last ).signed(me) me.trajectory.append(crumb) } when me.trajectory.count >= 100 { print("Ready to claim @handle!") }
The equivalent in Swift + CoreLocation + CryptoKit would be 200+ lines with manual coordination between frameworks. ULissy collapses the entire GNS protocol into native language constructs.
| ULissy Type | Description | Cryptographic Basis |
|---|---|---|
| PublicKey | Ed25519 public key | 32 bytes |
| Signature | Ed25519 signature | 64 bytes |
| H3Cell | Hexagonal grid cell | 64-bit identifier |
| Breadcrumb | Signed location proof | Chained by SHA-256 hash |
| Trajectory | Chain of breadcrumbs | Append-only Merkle structure |
| Handle | @identifier | Bound to PublicKey via PoT proof |
| Coordinates | Raw GPS (internal only) | Cannot be serialized or transmitted |
The last row is the key innovation: Coordinates cannot leave the device. The type system enforces that raw location data never gets serialized, transmitted, or logged. Privacy is a compile-time guarantee, not a runtime hope.
Lexer, parser, and type checker implemented in Rust. Contributions welcome.
GNS isn't theoretical. These systems are running in production today.