🔐 SECURITY SYSTEMS

Tokens That Cannot Be Predicted

ZPL corrects entropy at the mathematical level. Even if an attacker injects 99% biased input, the output sequence stays at equilibrium. Provably. Every time.

Try Attack Demo View Code
99%
attacker bias — ZPL still corrects to equilibrium at N≥16
AIN≥0.95
guaranteed neutrality score at N=16
<30ms
token generation at N=16, samples=1000
0 stored
ZPL never stores entropy inputs or outputs
The Problem
Why Standard RNG Fails Under Attack
Traditional token generators rely on entropy sources that can be weakened by hardware defects, VM environments, or active injection attacks.
Standard RNG Weaknesses
VM entropy starvation — virtualized environments have reduced entropy pools, making tokens predictable
Hardware RNG bias — manufacturing defects cause systematic bias in hardware entropy sources (CVE-2019-11090)
Injection attacks — attacker influences entropy source (timing, power, EM) to bias output toward predictable values
No audit trail — impossible to prove a token was generated fairly after the fact
ZPL Approach
Input-independent equilibrium — ZPL output distribution converges to 0.5 regardless of input bias
Mathematical proof — AIN score is a verifiable certificate of token neutrality
Attack resistant — attacker must control the ZPL mathematical structure itself (not just entropy input) to bias output
Auditable — every token has an AIN score that can be verified independently
Live Demo
Simulate a Bias Injection Attack
Attacker vs ZPL Engine
Move the slider to simulate an attacker injecting bias into the entropy source. Watch ZPL correct it in real time.
Attacker Input
85%
injected bias
ZPL Engine
N=16
equilibrium correction
Token Output
0.51
always near 0.5
85%
N=16
Generated Token Sequence
AIN Score
0.95 ✓ CERTIFIED
Precision Levels
Choose the Right N for Your Use Case
Higher N means stronger correction but slightly more computation. For most security use cases, N=16 is the sweet spot.
N=3
Basic
AIN ≥ 0.70
~5ms
Demos, low-stakes randomness
N=9
Standard
AIN ≥ 0.85
~15ms
API tokens, session keys
N=16
Security
AIN ≥ 0.95
~30ms
2FA tokens, crypto seeds
N=64
Maximum
AIN ≥ 0.99
~200ms
HSM replacement, key generation
Applications
Where ZPL Hardens Security
🔑

2FA Token Generation

TOTP and HOTP tokens depend on unpredictable secrets. ZPL ensures the underlying sequence cannot be biased even if the PRNG is compromised.

N=16 recommended
🌱

Cryptographic Seeds

Hardware RNG defects (like the Debian OpenSSL bug) cause systematic bias. ZPL acts as an entropy corrector layer on top of any RNG source.

N=64 for key generation
🎫

Session Tokens

Web session tokens must be unpredictable. ZPL-generated tokens have a mathematical certificate (AIN score) proving they cannot be predicted from the input.

N=9 fast enough
🎮

Anti-Cheat RNG

Game servers verify client-side RNG by checking ZPL AIN scores. A cheating client generating biased sequences is immediately detectable.

Server-side verification
🔐

Password Reset Tokens

One-time tokens for password reset must be unguessable. ZPL adds a mathematical layer that prevents brute-force prediction even with partial entropy.

Single-use + AIN cert
🛡️

IoT Device Identity

Embedded devices often have weak entropy. ZPL corrects weak hardware RNG output into cryptographically strong identity tokens.

Lightweight N=9
Integration
Drop-In Token Generator
Replace your existing token generator with ZPL in 10 lines. Works with any language.
// JavaScript — ZPL secure token generator async function generateSecureToken(length = 16) { // Use weak entropy (e.g. Date.now()) — ZPL will correct it const weakEntropy = (Date.now() % 1000) / 1000; const res = await fetch('https://zpl-backend.onrender.com/compute', { method: 'POST', headers: { 'X-Api-Key': 'zpl_your_key' }, body: JSON.stringify({ bias: weakEntropy, N: 16, samples: 2000 }) }); const { sequence, ain_score, zpl_certified } = await res.json(); if (!zpl_certified) throw new Error('Token failed ZPL certification'); // Convert binary sequence to hex token const token = sequence .map((b, i) => (b * (i + 1)).toString(16).padStart(2, '0')) .join(''); return { token, ain_score }; // ain_score ≥ 0.95 at N=16 }
# Python — ZPL entropy corrector for existing RNG import os, requests, hashlib def zpl_secure_token(n: int = 16) -> dict: """Generate a ZPL-certified secure token. Even if os.urandom() is compromised, ZPL corrects the bias.""" raw = int.from_bytes(os.urandom(4), 'big') / 0xFFFFFFFF res = requests.post( "https://zpl-backend.onrender.com/compute", headers={"X-Api-Key": "zpl_your_key"}, json={"bias": raw, "N": n, "samples": 2000} ).json() if not res["zpl_certified"]: raise ValueError("Token failed ZPL certification") seq_str = "".join(map(str, res["sequence"])) token = hashlib.sha256(seq_str.encode()).hexdigest()[:32] return {"token": token, "ain_score": res["ain_score"]}

Start Generating Certified Tokens

Free account — 1,000 token generations/month. No credit card required.

Get Free API Key API Reference All Use Cases
PRICING

Simple, Transparent Pricing

Start free. Scale as your security needs grow. No per-token fees.

PRO
$29/month
35,000 compute calls/month
✓ All security endpoints
✓ N up to 25 (AIN ≥ 0.97)
✓ 3 API keys
MOST POPULAR
STUDIO
$149/month
300,000 compute calls/month
✓ Everything in Pro
✓ N up to 48 (AIN ≥ 0.999)
✓ Priority support (24h)
ENTERPRISE
$499/month
Unlimited compute calls
✓ N up to 64 (AIN ≥ 0.9999)
✓ 99.9% uptime SLA
✓ HIPAA / GDPR BAA
View all 8 plans — including GamePro, Enterprise XL & Max →