← ALL PAPERS PAPER IV
PRUF SYSTEMS INC. · WHITE PAPER
Zero-Ledger Transaction Notarization
A Digital Notary That Does Not Know Your Name
PATENT D
Khoi Diep
Founder & CEO, PRUF Systems Inc. · February 2026
© 2026 Khoi Diep. Patent pending — PRUF Systems Inc.

Abstract

Every digital commerce platform in existence operates on the same foundational assumption: to witness a transaction, a platform must take custody — of funds, of identity, of credentials. This paper challenges that assumption.

The Zero Ledger is a non-custodial transaction notarization system built on a single convergence equation. When two verified, PII=0 parties meet at a gate on the PRUF network, that meeting is a convergence event. The Zero Ledger records it — the hashes of both parties, the item, the price, and the time — as a permanent ledger entry. Nothing else is stored. No names. No payment credentials. No personal data of any kind.

The platform is a notary, not a custodian. It witnesses the mathematical truth of the event. It does not touch the money. It does not know who the parties are. It cannot.

KYC obligations live where they have always lived — with the payment rail. PRUF is not the payment rail. The honeypot has not been eliminated from the financial system; it has been correctly assigned to the entity legally required to hold it.

No publicly documented system achieves non-custodial transaction notarization with PII=0 on both sides of every transaction. Existing systems either custody funds and store identity, or sacrifice accountability for privacy. The Zero Ledger does neither.

Keywords: PII=0, Zero Ledger, convergence event, non-custodial notarization, hash convergence, spacetime record, Patent D

1. The Custody Assumption

Every digital marketplace today holds something it does not need to hold. It holds your name. Your payment credentials. Your address. Your identity. It became a custodian not because custody was necessary — but because it was never questioned.

The result is a global infrastructure of honeypots. Centralized databases of financial credentials and personal identities that exist because the custody assumption demands their existence. The 2013 Target breach exposed 40 million payment cards. The 2017 Equifax breach exposed 147 million records. These are not security failures. They are the architectural consequence of custody itself.

This paper presents an architecture in which the platform witnesses commerce without holding anything. The notary does not need to know your name to stamp the document. It never did.

2. The Convergence Equation

Patent D is the forward direction of a single convergence equation shared across the PRUF patent family:

Where N is the set of verified PII=0 participants — each a verified human (Patent G) or registered machine (Patent H). A is the action: a payment confirmation event on the PRUF network marketplace. G is the gate: the registered network device through which the convergence event passes. T is the UTC timestamp binding every hash to a specific instant in time.

Patent D applies this equation in the forward direction:

When all conditions are met — both parties verified, action confirmed, gate registered, timestamp bound — the equation resolves to a permanent ledger entry. That entry is the canonical record of the event. Nothing exists elsewhere that it copies. The notary has stamped the moment.

The companion paper (Convergence-Based Security, PRUF Systems Inc., February 2026) covers the reverse direction — where the same equation resolves to PASS/FAIL at an access gate. Two papers. One equation. Two directions.

3. What a Ledger Entry Is

A Zero Ledger entry is a spacetime coordinate of a convergence event between two PII=0 parties. It contains exactly:

Six fields. No names. No payment credentials. No addresses. No personal data of any kind.

PII=0 is not a policy commitment — it is a structural consequence of the architecture. The notary never received the names. There is nothing to erase because nothing was written.

Price is public by design. The ledger is a record of verified commerce. Participants who require price privacy may route transactions through private listings, in which case the Price field carries a hashed range rather than a precise figure. Item metadata is hashed and irreversible. The ledger reveals that a transaction occurred; it does not reveal what the item was.

The ledger is public. Any party — including courts — can read it. It proves that a convergence event occurred between two verified humans, at a specific gate, at a specific time, for a specific price. It does not prove who those humans are. It cannot.

4. The Network and the Gate

Every convergence event in Patent D occurs on pruf.network, through a registered gate. The gate is the marketplace listing — the registered point through which both buyer and seller pass to complete a transaction.

The gate is registered on the PRUF network via Patent H. It has a hash. It has a known, verified identity on the network. When buyer and seller converge at that gate — both verified PII=0 humans via Patent G — the gate witnesses the moment and the ledger entry is written.

Payment flows directly between parties via Apple Pay or Stripe Connect. The platform never touches funds. When the payment processor confirms a successful charge, it fires a webhook. The platform hashes the confirmation event — not the payment data — and that hash becomes H(A) in the convergence equation. The platform receives cryptographic proof that money moved. It never sees how, or how much, or whose.

Delivery is between the parties. The platform's role is the gate: verified marketplace, listing infrastructure, convergence point. Patent D records the convergence. That is the full extent of what it does.

5. Participant Verification

Both parties in every Zero Ledger transaction are verified PII=0 humans before the convergence equation evaluates. This is Patent G's contribution to the stack.

Patent G's N-factor AND-gate verification (N ≥ 3) confirms each participant is a real, unique, living human without storing any information that could identify them. Biometric signals are captured in volatile memory, hashed via the Authenticate-Hash-Burn protocol, and the raw data is destroyed in milliseconds. What remains is a Participant_Hash — a cryptographic proof that a verified human participated, containing nothing that could reconstruct who that human is.

Each verified human on the network carries a persistent handle — a unique identifier tied to their Participant_Hash and their verification sequence. This handle is the basis for reputation. A seller's transaction history is visible on the network as a record of convergence events attributed to their handle. The handle is pseudonymous: provably unique, provably human, without revealing identity. Correlation attacks against a persistent handle yield no PII because none was ever bound to it.

Patent H registers the KYC obligation correctly. PRUF does not maintain identity mapping. Where identity is legally required, it resides with the payment rail — the entity already legally mandated to hold it. Stripe and Apple Pay operate under full KYC compliance. The PRUF network does not duplicate what they already hold, and does not need to.

6. Physical Item Verification

For physical goods, Patent A's Glass Camera adds a dimension of verification that turns item condition into mathematically provable data.

The seller photographs the item through depth-verified capture before shipment, proving the item physically exists in three-dimensional space — not a photograph, not a screen, not a synthetic image. The buyer photographs what they received through the same system. Both records are hashed, linked to the transaction's ledger entry, and sealed via Patent K.

These two records — seller's Glass Camera pack-out and buyer's Glass Camera receipt — are the dispute mechanism. If what was shipped and what was received differ, the discrepancy is mathematically provable from the ledger. No platform arbitration required. The buyer carries court-admissible cryptographic evidence to the payment processor or a court to demand consequence. The platform provided the proof. The payment rail or legal system executes the remedy.

The Glass Camera chain is the answer to "what if the seller ships a brick?" The answer is: the brick is depth-verified on receipt, compared against the depth-verified listing and pack-out, and the fraud is mathematically documented. PRUF does not adjudicate. It witnesses.

7. What Courts See

The Zero Ledger is public. A court reading the ledger sees exactly what the ledger contains: participant hashes, item hash, price, gate hash, and timestamp.

This is sufficient to prove that a convergence event occurred — that two verified humans transacted for a specific item at a specific price at a specific time on the PRUF network. The Verified Transaction Token is cryptographically signed by the platform and co-signed by both participants' verified devices, making it court-admissible evidence.

If a court requires identity behind a hash, that is a matter between the court and the participant — not the platform. In practice, law enforcement may subpoena the payment processor to match the transaction timestamp and amount against their financial records. Stripe and Apple Pay hold that mapping under their existing KYC obligations. PRUF's ledger confirms the event. The payment rail confirms the identity. The system is working as designed.

PRUF does not maintain identity mapping. It structurally cannot. The platform is a notary. It witnessed the event. It stamped the record. It does not know who signed.

8. Prior Art

No publicly documented system achieves non-custodial transaction notarization with PII=0 on both sides of every transaction. Every existing marketplace either stores identity or sacrifices accountability.

The Zero Ledger is not an improvement to marketplace infrastructure. It is a different category. Existing systems answer: how do we secure what we hold? The Zero Ledger answers a different question: what if we held nothing?

Bitcoin and Lightning come closest — non-custodial, no identity stored — but pseudonymous wallet addresses are not PII=0. A wallet address persists and can be correlated to identity through external means. A PRUF Participant_Hash is bound to a verified human but contains no information that could reconstruct that human's identity. Pseudonymous is not the same as zero.

9. The Empty Vault

Traditional security architectures protect valuable data behind increasingly sophisticated defenses. The data's value attracts attackers. The defenses are what attackers seek to overcome.

The Zero Ledger inverts this model. The ledger is public. A breach of the entire system yields participant hashes, item hashes, prices, and timestamps. Hashes cannot be reversed. They cannot be used to gain access to funds — the platform never held funds. They cannot be used to reconstruct identity — no identity was ever stored. There is no credential database, because no credentials exist.

This is not a limitation of the architecture. It is the primary architectural advantage. The vault is empty. There is nothing to steal.

The attack surface of the Zero Ledger is the attack surface of its cryptographic primitives — SHA-256 hash functions operating against Grover-class quantum attacks at 128-bit effective security. No key exchange occurs. No credential exists. The precondition for every major category of data breach does not exist.

10. The Patent Stack

The Zero Ledger is Patent D in a five-patent verification architecture. Each patent contributes one layer:

Patent G verifies the humans — N-factor AND-gate, PII=0, persistent handle. Patent H registers the gate, the item, and the machine — including KYC assignment to the payment rail. Patent A proves physical items are real — depth-verified, hash-linked, dispute-ready. Patent D records the convergence — the canonical ledger entry. Patent K seals the receipt — self-authenticating, court-admissible, independently verifiable.

The complete chain for a physical goods transaction: Verified Seller (G) + Registered Item (H) + Depth-Verified Condition (A) + Convergence Notarization (D) + Sealed Receipt (K). Each layer adds verification. No layer adds PII.

No single patent in this stack functions as a standalone system. They are five directions of one architecture. The Zero Ledger is the transaction layer. Convergence-Based Security is the access layer. The same equation runs both.

11. Conclusion

A notary does not need to know your name to witness your transaction. It needs to confirm the event occurred, that both parties were present, and to stamp the record.

The Zero Ledger does exactly that — and nothing more. Two verified PII=0 humans converge at a gate on the PRUF network. The convergence equation evaluates. The ledger entry is written: two hashes, an item, a price, a gate, a time. The money moved between the parties via the payment rail. The platform witnessed the moment.

KYC lives at the payment rail, where it has always lived and where it legally belongs. Courts access the ledger for the event record, and the payment processor for identity. Disputes are resolved by the Glass Camera chain — mathematical proof of what was listed, what was shipped, and what was received. Reputation is carried by the persistent handle — pseudonymous, provably unique, provably human.

The custody assumption demanded that platforms hold what they never needed to hold. The Zero Ledger demonstrates that the assumption was always unnecessary. The vault was never required. All that was ever needed was the stamp.

The Custody Assumption is over. What follows is the Zero Ledger.

Witnessed commerce. Zero custody. Zero identity.

Appendix A: Formal Constraints

Appendix B: Referenced Patent Filings

Patent G: "Systems and Methods for N-Factor PII=0 Authentication via Simultaneous AND-Gate Verification with N-1 Self-Recovery." PRUF Systems Inc. Patent pending.

Patent H: "Systems and Methods for PII=0 Autonomous System and Object Registration." PRUF Systems Inc. Patent pending.

Patent A: "Systems and Methods for Physics-Compliant Object Authentication via Hierarchical Depth Verification." PRUF Systems Inc. Patent pending.

Patent D: "Systems and Methods for Non-Custodial Transaction Notarization via Dual-Layer Cryptographic Segregation with Authenticate-Hash-Burn Data Lifecycle." PRUF Systems Inc. Patent pending.

Patent K: "Systems and Methods for Self-Authenticating Digital Output with Embedded Verification." PRUF Systems Inc. Patent pending.

Patent applications in preparation. Titles reflect filed or to-be-filed applications with the United States Patent and Trademark Office.

© 2026 Khoi Diep. Founder & CEO, PRUF Systems Inc. All rights reserved. Patent pending.

← PREVIOUS III. The Last Camera NEXT PAPER → V. Convergence-Based Security
ALL PAPERS · HOME · CHARTER
© 2026 Khoi Diep. Founder & CEO, PRUF Systems Inc. All rights reserved.