Skip to content
Ephernity

§ 03 · Tier specification

The timed-ledger spectrum.

One micro-ledger primitive runs at every horizon. The tier is a triple of (retention, anchoring, signature) — changing the tuple changes the use-case, not the codebase.

T0

Ephemeral

CPU cache

seconds — minutes
live game tick · agent scratch-state · match session
Ed25519
01/05
T1

Session

RAM / DA blob

minutes — hours
real-time room · checkout · per-tenant working state
Ed25519
02/05
T2

Operational

SSD

days — months
operational audit trail · ICT-incident logs
Ed25519
03/05
T3

Compliance

cold storage

5 — 6 years
regulated audit / receipt · DORA-class records
Falcon-1024
04/05
T4

Eternal

tape / permaweb

provenance · notarization · protocol history
Falcon-1024
05/05

§ 03.02

Promotion. Demotion. Crypto-shred.

Three transitions are first-class. Promotion takes a short-lived ledger and durably persists it; demotion truncates retention; crypto-shred destroys per-record keys so personal data goes dark while the Merkle path remains verifiable.

borz listing 
// Take the head of a T1 session ledger, re-sign every entry with Falcon,
// and emit a permanent T3 anchor. Existing T1 Ed25519 signatures remain
// valid for offline replay of session history; the durable copy uses PQC.

fn promote_t1_to_t3(src: LedgerHandle, dst_spec: TierSpec) -> Result[Promotion, Error] {
    assert(dst_spec.sig_scheme == Falcon1024);
    let head = src.head();
    let checkpoint = build_checkpoint(src, head);
    let dst = open_ledger(dst_spec);
    dst.append_attested(checkpoint, hatp_host_key());
    anchor_now(dst, AnchorPolicy::MerklePermanent);
    Ok(Promotion { src_head: head, dst_head: dst.head() })
}
Promotion · T1 → T3 (Ed25519 → Falcon hybrid)
borz listing 
// Destroy the per-record AES key in the vault. The header (with its hash
// chain & signature) survives; the payload becomes unrecoverable bytes.

fn shred_entry(handle: LedgerHandle, cid: bytes32) -> Result[ShredReceipt, Error] {
    let entry_key = vault_key_for(cid);
    vault_destroy(entry_key);
    handle.mark_shredded(cid, ts_now());
    Ok(ShredReceipt { cid, ts_ms: ts_now(), proof: handle.head_attestation() })
}
Crypto-shred · single entry at T3

§ 03.03

Where the tiers meet the law.

T3 · DORA

ICT incident audit logs.

EU regulation 2022/2554 mandates append-only, cryptographically-signed audit logs with multi-year retention and TEE/HSM signing. T3 is the named implementation.

T3 / T4 · EU AI Act Art. 50

AI provenance records.

From 2026-08-02, tamper-evident records for AI-generated content with multi-year retention. Per-record crypto-shred preserves erasure rights at scale.

T1 · GDPR Art. 25

Data-minimisation by default.

Session state that auto-expires is state you are not retaining. Privacy-by-design is the storage policy, not a process annotation.

T0 · GDPR Art. 17

Right to erasure, structurally.

T0 ledgers are destroyed by elapsed time. There is nothing to erase because nothing was kept.