Technical Documentation

How It Works

A cryptographic presence attestation system that cannot be shut down, censored, or faked.

The Problem We Solve

Political movements need to verify real participation. Who actually shows up? Who is a real member versus a bot or astroturf? Traditional systems rely on central databases that can be seized, corrupted, or shut down.

We built something different: a cryptographic proof-of-presence system where every attestation is signed, verifiable, and permanently stored on IPFS. Even if our servers go dark tomorrow, the membership record survives.

The Attestation Flow

Here's how proving presence works:

1

Event QR Generated

A time-limited QR code is created for each event. It contains a unique secret and is cryptographically signed by the regime key. This proves the QR is legitimate—not forged by a third party.

2

Member Scans QR

At the physical event, you scan the QR with your phone. The app validates the time window (not expired, not too early) and verifies the regime signature.

3

You Sign the Attestation

Your app signs the QR payload with your private key. This creates an attestation: proof that you (holder of that key) saw this specific QR (which only existed at that event).

4

Published to IPFS

Attestations are batched, signed, and published to IPFS—a decentralized storage network. Each batch links to the previous one, forming an immutable chain.

Cryptographic Guarantees

The system provides mathematical guarantees, not just promises:

Unforgeable Attestations

Every attestation requires your private key. Without the key, no one can create an attestation in your name. Not us. Not the government. Not anyone.

Verified Events

QR codes are signed by the regime key. You can verify any attestation came from a legitimate event, not a phishing attempt or fake QR.

Immutable Record

Once published to IPFS, attestations cannot be modified or deleted. The content hash is the address. Change anything, and the hash changes—the tampering is obvious.

Publicly Auditable

Anyone can verify any attestation. Download the IPFS data, check the signatures. No trust required—only math.

The IPFS Chain

Batches form a linked list on IPFS. Each batch contains the Content ID (CID) of the previous batch. This creates an append-only chain:

Batch 3 (CID: Qm...)
├── previousCid: Qm... (Batch 2)
├── timestamp: 1706234567
├── attestations: [...]
└── regimeSig: 0x...

    ↓ links to

Batch 2 (CID: Qm...)
├── previousCid: Qm... (Batch 1)
├── ...

    ↓ links to

Batch 1 (CID: Qm...)
├── previousCid: null (genesis)
├── ...

Starting from the latest batch CID, anyone can traverse the entire history. Every link is verified by the regime signature—you can't insert a fake batch into the chain.

Your Identity

Your identity is a cryptographic keypair (the same type used by Ethereum). You control a private key; the public key is your address.

What You Control

  • Private Key: A 64-character hex string. Never share this. It proves you are you.
  • Public Address: Derived from your private key. This is your identity in the system.

We never see your private key. It's generated and stored locally on your device. You can export it to back up or move to another device.

Disaster Recovery

What happens if New Regime is shut down? Our domain seized? Our servers taken offline?

The attestation record survives.

What You Need to Recover

1

The Latest Batch CID

A single IPFS content identifier. From this, you can traverse the entire chain backwards to genesis. We recommend members save this periodically.

Example: QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG

2

The Regime Public Address

To verify batch signatures. This is public knowledge—publish it widely. Anyone can verify that batches were signed by the legitimate regime key.

3

Your Private Key

To prove which attestations are yours. Export and store this securely (offline, encrypted).

Recovery Process

With these three pieces, anyone can:

  1. Fetch the batch from any IPFS gateway: ipfs.io/ipfs/[CID]
  2. Verify the regime signature on the batch
  3. Follow the previousCid link to get earlier batches
  4. Repeat until reaching the genesis batch (previousCid: null)
  5. For each attestation, verify both the regime signature on the QR and the member signature
  6. Filter for attestations matching your public address to find your own

The data is distributed across thousands of IPFS nodes. Shutting it down would require taking down the entire IPFS network—a decentralized global infrastructure.

Practical Tip

Bookmark this information somewhere that won't disappear with us. Save the latest batch CID after each event you attend. Store your private key in a password manager or write it down and keep it safe.

Using the App

First Time Setup

  1. Go to /app
  2. Tap Generate New Identity (or import an existing key)
  3. Your address is now displayed—this is your identity
  4. Important: Tap Manage → Export Key and save your private key securely

At an Event

  1. Open the app and tap Scan QR Code
  2. Point your camera at the event QR
  3. Review the details and tap Create Attestation
  4. Done—your presence is now cryptographically recorded

Viewing History

Tap View History to see all events you've attested to. You can export this data for your own records.

Resurrection

The regime key is just a keypair. The infrastructure is open source. The membership record lives on IPFS. This means the movement can be fully resurrected even if the current organization is destroyed.

A Hypothetical

Imagine the worst case: New Regime is shut down. Domain seized. Founders arrested or scattered. The website goes dark.

Here's what happens next:

  1. Someone with the latest batch CID (which members have been saving) posts it publicly—on Twitter, a forum, anywhere.
  2. Members independently verify they can still access their attestation history via IPFS. Their participation record is intact.
  3. A trusted community member—someone with high reputation, many verified attestations, known in meatspace—generates a new regime keypair.
  4. They publish the new regime public address and stand up a fresh instance of the app (it's just a web app anyone can deploy).
  5. Members migrate by simply pointing to the new app. Their existing private keys still work. Their identity is unchanged.
  6. The new regime key starts a new batch chain. The first batch can reference the old chain's final CID as a historical anchor.
  7. The movement continues. New events. New attestations. New batches published to IPFS.

No central authority can prevent this. The cryptographic primitives are public. The code is open. IPFS is global. As long as members retain their keys and someone steps up to coordinate, the regime lives.

The Key Insight

Your identity belongs to you, not to us. The attestation record belongs to the network, not to any server. We are stewards of a system designed to outlive us.

This is what "decentralized" actually means: not a buzzword, but a structural guarantee. The movement is the people, their keys, and the immutable record of their participation. Everything else is replaceable.

Ready to Join?

Get your identity set up and attend your first event.

Open App Apply to Join