I'm back. It's me. You don't know me — but you do know that it is me.
Pseudonymous hardware proof of continuity. A FOSS counter to centralised digital ID.
Adelos is a small, cheap, open-source hardware device that lets you prove you are the same person who was here before — without revealing who you are.
There is no central authority. No issuer. No registry. No name. The device recognises you because you can produce the correct cryptographic response, not because anyone looked you up.
You build it yourself from open hardware and open firmware. Nobody can revoke it. Nobody is notified when you use it. Nobody can correlate your activity across services unless they physically hold both your device and your data.
Governments and corporations are pushing centralised digital identity: a single issuer that vouches for you to everyone else. That architecture lets the issuer revoke you, correlate everything you do, and serve as a permanent point of surveillance and failure.
Adelos inverts it. The "issuer" is an £8 device you made. The proof is yours alone. Recognition without identification — you know it is the same one, you do not know who.
This is recognition without identification. The system can verify continuity (it is the same one) while disclosing no identity (not who). That contradiction is only apparent — the device is exactly what makes "you don't know me but you do know that it is me" simultaneously true.
The device issues a one-time nonce, waits for your fingerprint, then computes HMAC(K, salt ‖ nonce) with a key K burned irreversibly into the chip. The output is delivered over Bluetooth and used immediately. The key never leaves the chip; the nonce ensures the device never returns the same answer twice; the output is zeroed the moment it is used.
A four-part device:
- ESP32-C3 — Bluetooth radio, on-die HMAC engine, and an eFuse-burned key that no software can read.
- Fingerprint sensor — biometric presence; it is your body, not just your device.
- Battery — standalone, no tether.
- Case — protection and tamper-evidence.
Approx. £4–12 per unit. No separate secure-element chip required.
Full parts list, session protocol, pairing channel, and the salt-ratchet design are in the spec.
- ➡️ Hardware spec — parts & reasoning — the device, BOM, session protocol, salt ratchet.
- ➡️ What it does (for everyone) — proving things without revealing who you are, in plain language.
- ➡️ Verified claims — technical architecture — issuer/holder/verifier, delegated self-signing, anonymous credentials, revocation.
- ➡️ Futures — replacing government digital ID scheme by scheme, and the open problem of hosts using the dongle wisely.
A revoke is a doc signed by the key itself, saying "this key is dead." Once seen, the key is cancelled and nothing it ever signed can be trusted — compromise may have happened at any time. Self-revocation uses the same primitive as proof: the key that says "it is me" can sign "it is no longer me." The fingerprint gate is what stops a thief signing it. Users can renounce anything they said; other users choose what to believe. No central arbiter — just provable statements and individual judgement.
It does:
- Prove continuity — you were here before and you are back.
- Bind that proof to your body via biometrics.
- Keep you pseudonymous — no identity is ever disclosed.
- Work with no third party, ever — no issuer, no revocation authority.
It does not:
- Prove who you are to a stranger — only that you control this device.
- Anonymise your network traffic or IP.
- Prevent a government from demanding identity by legal means at a higher layer.
- Commissioning software — built and working. Connects to an ESP32, selects architecture across variants.
- eFuse burning / Secure Boot — specified and ready; deliberately not yet applied (irreversible steps, held until the rest is proven).
- Fingerprint sensor — specified and integrated into the design; not yet sourced or assembled.
- BLE session protocol / web library — designed; implementation is straightforward and in progress.
- Physical prototype — not yet assembled end-to-end.
AGPL-3.0. Use freely; any modifications, including network services built on this code, must also be open.