Modern public-key signature scheme used to sign every Importable evidence pack.
A high-speed, high-security digital signature scheme defined in RFC 8032, built on the Edwards-curve Curve25519. Designed by Dan Bernstein et al.; widely used in TLS, SSH, signed Git commits, Tor, and many evidence-of-authenticity systems.
Smaller keys (32-byte public, 64-byte signature), faster verification (~50µs in modern browsers), constant-time implementations (less side-channel risk), and no nonce-mishandling pitfall like ECDSA. Standard in modern cryptographic infrastructure.
Two layers: the hub master key signs the Merkle root of each pack; per-inspector keys sign their own QC artefacts (weight, grade, cold-chain summary). All public keys are in the registry at verify.importable.io/keys. Private keys live in iOS Secure Enclave on the signing terminal (hub) and in HSM-backed key vaults (master key).
@noble/ed25519 (Paul Miller) — pure JS/TS, audited by Cure53, works identically in Node and browsers. The open-source @importable/verify client uses the same library so verification is reproducible.