TollBooth

Deterministic non-ML admission-control primitive
Argon2id PoW Β· 6 invariants Β· Ghost Verify in 24–72hrs
47238
Humans Verified
14891
Bots Blocked
8.2ms
p95 Verify Latency
99.85%
Bot Reduction

πŸ” Live Demo β€” Try It Now

Click below to execute the full protocol in your browser. WASM Argon2id solves the proof-of-work, server (this page) verifies it, returns a signed admission token. Two seconds end-to-end.

// Click a button above to run the protocol...

Six Named Invariants (The IP)

1. Bounded Verifier CostO(1) per verify regardless of client effort. One CBOR parse + one Ed25519 verify + one Redis lookup + one SET NX + one Argon2id recompute.
2. Server-Authoritative Difficultyd = clamp(base + Ξ±Β·logβ‚‚(1+abuse/baseline), d_min, d_max). Client cannot negotiate.
3. Atomic Replay PreventionRedis SET NX tb:used:{cid}:{jti} with TTL=token exp. Each token consumed exactly once.
4. Session Bindingsb = SHA256("__vg_sid=" || cookie_b64url). Only permitted derivation. Cross-session = reject.
5. Canonical Signed AdmissionCTAP2 canonical CBOR + Ed25519. Byte-identical across all encoders.
6. Human-Safe Ceilingd_human_safe_max caps p95 Pixel-6 solve time to <2.7 seconds. Humans don't notice.

Protocol Flow

πŸ“₯ Challenge
POST /v1/challenge
β†’
βš™οΈ Solve PoW
Argon2id WASM
β†’
πŸ“€ Submit
POST /v1/submit
β†’
🎫 Token
gft1.cbor.sig
β†’
βœ… Verify
POST /v1/siteverify

Memory Profiles

ProfileMemoryPixel-6 p95Use Case
p88 KiB~30msLow-friction (homepage)
p1616 KiB~100msProduction default
p3232 KiB~250msHigh-risk (login/checkout)
p6464 KiB~600msEmergency ceiling

Token Format

gft1.<b64url(CBOR_CANONICAL(payload))>.<b64url(Ed25519_sig)>

payload = {
  ver: 1, kid: "k2025-01", sk: site_key,
  cid: ULID, oh: SHA256(origin), act: action,
  sb: 32_bytes_session_binding,
  iat: unix_seconds, exp: iat + 60,
  mode: "standard", params: "p16", d: 9,
  jti: UUID_128bit
}

Verification Chain (12 Steps, Cheapest-First)

Always returns HTTP 200. No protocol-level oracle for attackers. Response body identical shape regardless of failure path.

  1. Parse gft1.payload.sig format
  2. CBOR canonical decode
  3. Validate kid against active rotation
  4. Ed25519 signature verify
  5. Time skew Β±120s + exp check
  6. Origin hash match: oh == SHA256(request_origin)
  7. Session binding match against __vg_sid cookie
  8. Redis cid lookup
  9. Rate limits per IP/sb/sk
  10. Global budget cap + concurrency semaphore
  11. Argon2id recomputation + d-leading-zeros verify
  12. Atomic SET NX tb:used:{cid}:{jti} EX=exp-now

Ghost Verify on Your Traffic

Single shell script. Buyer subdomain. 24–72 hour observation. Independently verifiable KPIs: bot reduction %, human latency delta, CostPerSuccess multiplier, false positive rate. Zero blocking, zero modification.

hello@usetollbooth.com Β· Frozen IP Β· Pre-employment capital asset

For Acquirers

Frozen at v1.0.0-pre-employment-frozen. SHA-256 manifest. Reproducible Docker. Zero-GPL SBOM (CycloneDX). GPG-signed commits. RFC 3161 notarized.

Diligence package: 9 documents, 36 pages β€” Technical Specification (12pp), Protocol + 6 Invariants (6pp), Source Tour (5pp), Ghost Verify Methodology (4pp), Reproducible Build Proof (3pp), CycloneDX SBOM, KEY_LIFECYCLE.md (2pp), CHAIN_OF_TITLE.md (3pp), PRE_EMPLOYMENT_NOTICE.md (1pp).

Acquisition surface: source repo, Go verifier, Rust Argon2id core, WASM module, JS widget, Redis schema, Ghost Verify harness, KPI generator, reproducible Docker, pinned dependency manifests, SBOM, signed release manifest, domain usetollbooth.com, GitHub repo, signing-key handoff procedure (YubiKey at closing).

Under mutual NDA: full source, Ghost Verify deployment on your infrastructure, KPI validation against your traffic samples.