Each card below downloads a real .h33pqv.json attack artifact.
Drop any of them into the verifier on the right and watch the H33 substrate
produce a structured REJECTED outcome with a named reason — in your
browser, with no H33 infrastructure in the loop.
Run this attack on any card. OR click Download and drop the file into the verifier on the right.qsign-nap-verify --registry <jsonl> on a workstation with the substrate crates installed.Attacker mints a JSON that looks like a real verification receipt from Compliance Desk Zeta, but cannot produce real triple-family signatures.
Signatures verify — the bytes are genuine. But the receipt cites a stale registry tip from last quarter; the auditor's replica has moved on.
phishy-verifier-phi reported the compromise and posted a Revoked record. The attacker keeps issuing receipts under the leaked key after that timestamp.
rogue-bank-rho's registration was Revoked at 2026-05-23. Issuing a new artifact under that principal after that timestamp does not restore authority.
Operator alters the policy text after a denial to claim the threshold was $2M, not $500K, all along. The signed committed_scope_hash no longer matches.
Attacker intercepts a registry replica in transit and inserts a record granting themselves Active issuer status. The hash chain breaks at the splice.
This is a drop-test layer. The artifacts are real .h33pqv.json files
with the structure the substrate produces; the rejections you see in the verifier
panel are the same structured reasons the production Rust verifier emits. But
not every check that runs in a production audit pipeline runs in your browser.
Here's exactly what is and isn't live:
| Check | In-browser | Production verifier | Notes |
|---|---|---|---|
| Schema parse + URN validation | LIVE | LIVE | Same JSON, same URN grammar (qsign-fed-id) |
| Registry tip-hash freshness | LIVE | LIVE | String comparison against the snapshot's tip.last_record_hash |
| Principal status at timestamp | LIVE | LIVE | Same record_at() semantics, replayed in JS |
| Registry hash-chain integrity (prev_record_hash walk) | LIVE | LIVE | String comparison along the JSONL chain |
| Scope-envelope hash recomputation | LIVE | LIVE | Browser uses SHA-384 (WebCrypto); production uses SHA3-384. Both are 384-bit; structural detection is identical. |
| All-zero signature heuristic | LIVE | N/A | Production runs the real verify; this browser shortcut catches the obvious forge without crypto. |
| Triple-family PQ signature verification (ML-DSA-87 + SLH-DSA-256s + FALCON-1024 at 2-of-3) | SIMULATED | LIVE | The full PQ verify needs the production crates. Pipe the same artifact through qsign-nap-verify --registry for the live check. |
| Canonical JCS encoding equivalence | SIMULATED | LIVE | The browser uses a stable key-sorted JSON; production uses serde_jcs (RFC 8785). Differences would only matter for unicode edge cases not present in these artifacts. |
Every artifact carries a _demo block that names exactly which check the in-browser
verifier runs and which check the production verifier runs. Read it inside the JSON to confirm.