EpochCore · Tamper Test

Proof the verifier catches forgery

Fetch a real signed response, then flip a single byte in the body. Watch the chain break.

This page fetches https://q-routed.com/q/shor?N=15 once, then runs the verifier twice: once on the original response, and once after corrupting a single byte of the response body. A working verifier must pass the first and fail the second.

① Untouched response

    ② One byte flipped

      Why this matters. The response body is committed by SHA-256, which is committed by the seal, which is signed by both Ed25519 and ML-DSA-65 (FIPS 204). Changing any byte of the body causes the body hash to mismatch x-epoch-dkap-resp-hash — step 1 fails. An attacker who also rewrote the hash header would then need to forge a valid signature over a new seal, which requires the private keys. That's the chain. Try it.
      ← Back to main verifier