Lineage is enforced cryptographically via HKDF-SHA256 chains.
HMR_secret → HKDF(info="<mhr_label>") → MHR_secret
MHR_secret → HKDF(info="<enr_label>") → ENR_secret
ENR_secret → HKDF(info="<kind>/<name>") → Entry_signing_secret
Verification
A resolver verifies an entry by:
- Validating the entry's signature against
Entry_signing_pubkey. - Confirming
Entry_signing_pubkeyis the HKDF expansion of the ENR's master key with the documented info. - Recursing — ENR's master key derived from MHR/HMR.
- Confirming the HMR (or MHR) is anchored on Sigil and not revoked.
If any step fails, resolution fails closed.
Why HKDF and not direct subkeys?
HKDF is deterministic and reversible only with the parent secret. A resolver verifying lineage doesn't need the parent secret — they only need the parent's public key and the info parameter, both of which are in the registry record.