A real $50M restricted Treasury note. The cryptographic computation that actually binds identity to asset content. Three independent post-quantum families sign it. Anchored live on Solana mainnet. Then projected onto every chain that can store 32 bytes.
A canonical bind is the cryptographic operation that makes the asset and its identity one object. The commit is SHA3-256(asset_content || authority || timestamp || policy_state). The four inputs are concatenated and hashed together. Change any one of them — a different commit comes out. This is what makes the asset and the identity inseparable: the identity literally encodes the asset's content into the same hash.
The 32-byte commit then becomes the input to three independent post-quantum signature families (ML-DSA-65, FALCON-512, SPHINCS+-SHA2-128f). Each signs over the commit. To forge the identity, an attacker would have to forge all three signatures simultaneously — three independent hardness assumptions (Module-LWE, NTRU, hash-based) would have to break at the same time. That has no known credible path.
Together: 32 bytes of bound commit + 42 bytes of PQ proof index = 74 bytes of canonical identity. The commit goes on-chain (any chain that can store 32 bytes). The proof bundle index goes off-chain. Both halves are needed to verify. Neither can be forged without the other.
Yes. The demo calls https://api.h33.ai/api/v1/privacy/age — the same endpoint that powers the live Solana-Privacy page. The commitment returned is from a real Solana mainnet program account (program ID 5eAwAv59YqpnSBMj59KeXhDdLqmn99HBYSjrb6jcLbC5, currently live on Solana mainnet). The Solscan and Solana Explorer links in the demo are real block-explorer links — click them and you'll see the on-chain transaction.
H33-Solana is live on Solana mainnet. The cryptographic primitive is identical to the devnet integration that preceded it — the same 32-byte commitment, same three NIST post-quantum signature families (ML-DSA-65, FALCON-512, SPHINCS+-SHA2-128f), same program account binding logic. The mainnet transition was a deploy flag, not an architectural change.
Honest answer: the Solana anchor in the demo is real, just-written to Solana mainnet. The other chain tiles show the same 32 bytes as they would appear on each surface. The architecture for anchoring on Bitcoin Taproot, Ethereum, Polygon, etc. is built and tested (see the H33-74 whitepaper), but live multi-chain anchoring in a 30-second demo would be gas/finality-bound — the visual is honest about which is live (the "LIVE" badge on Solana) and which is architecturally portable ("ARCH" on the others).
H33 anchors on Bitcoin via Taproot (BIP-341) as the production primitive — the commitment is hidden inside an x-only tweaked public key per BIP-341, producing a normal spendable P2TR output indistinguishable from any other Taproot UTXO on-chain. No data-carrier baggage. No soft-fork relitigation. OP_RETURN is supported as an alternative for use cases that explicitly need the data-carrier semantics, but Taproot is the lead. See /bitcoin-privacy/.
Authority is governed by Q-Key — time-bound, state-scoped, computation-bound authority objects. Transfers emit hash-linked continuation receipts. Revocation is a first-class receipt type. KYC privacy is preserved via authority-binding to a hash of the KYC bundle (verifiers see "this transfer was approved by an authority bound to a KYC bundle hashing to X" without seeing the SSN/jurisdiction/name). See /zk-kyc/ for the underlying primitive.