EU-EST · Frankfurt · Paris · Amsterdam · Budapest

Run state in the EU, and prove it. Compute on it, deterministically.

Epher Compute Chain is GINF Systems' commercial implementation of the open Ephernity protocol — two equally first-class pillars on one EU-attested substrate: tamper-evident storage from milliseconds to six years and beyond, and deterministic workflows running on a hardware-attested mesh.

Start with Epher Cloud Compare editions See how it works Read the open protocol ↗

Pillar I · Storage T0 → T4

Attested micro-ledgers.

Append-only, BLAKE3-chained, hardware-attested storage with tier-parametrised retention from seconds to eternal. Per-record crypto-shred for GDPR. Public-chain anchoring for tamper-proof time.

· Ed25519 + Falcon-1024 signing
· HATP root → tenant → host attestation
· O(log N) inclusion proofs

Pillar II · Compute Borz · deterministic

Verifiable workflows.

Deterministic contracts on a hardware-attested EU mesh, written in Borz. Every call's inputs, state, and outputs are committed to a ledger entry — replay reproduces the result byte-for-byte.

· No wall-clock, no ambient I/O
· Per-call accounting in EUR
· Air-gappable on customer hardware

p50 write

2.1ms

Ed25519 · EU primary

verify offline

0.18µs

per BLAKE3 entry

Tier coverage

5T0 → T4

seconds → eternal

EU regions

primary + replica + edge

T1 b3:3c1f a0b2 d917 e44c 8e7a 91b3 / eu-fra / ed25519 / 02ms ● T3 b3:11d4 c0a7 2b3e 5f9a fa02 6e8c / eu-par / falcon-1024 / 38ms ● T0 b3:8e7a 91b3 0f2d 6c81 5b77 e2d9 / eu-ams / ed25519 / 01ms ● T2 b3:92a1 4c38 76e0 b95d d0f8 3b1e / eu-fra / ed25519 / 04ms ● T4 b3:fa02 6e8c 4d71 9b3a 5b77 e2d9 / eu-par / falcon-1024 / 42ms ● T1 b3:ab18 04ce 7d62 9f31 47c6 b920 / eu-war / ed25519 / 03ms ● T2 b3:6e25 91b4 8d0c 73fa 92a1 4c38 / eu-mil / ed25519 / 04ms ● T3 b3:47c6 b920 3e8f 11a8 11d4 c0a7 / eu-fra / falcon-1024 / 36ms ● T1 b3:3c1f a0b2 d917 e44c 8e7a 91b3 / eu-fra / ed25519 / 02ms ● T3 b3:11d4 c0a7 2b3e 5f9a fa02 6e8c / eu-par / falcon-1024 / 38ms ● T0 b3:8e7a 91b3 0f2d 6c81 5b77 e2d9 / eu-ams / ed25519 / 01ms ● T2 b3:92a1 4c38 76e0 b95d d0f8 3b1e / eu-fra / ed25519 / 04ms ● T4 b3:fa02 6e8c 4d71 9b3a 5b77 e2d9 / eu-par / falcon-1024 / 42ms ● T1 b3:ab18 04ce 7d62 9f31 47c6 b920 / eu-war / ed25519 / 03ms ● T2 b3:6e25 91b4 8d0c 73fa 92a1 4c38 / eu-mil / ed25519 / 04ms ● T3 b3:47c6 b920 3e8f 11a8 11d4 c0a7 / eu-fra / falcon-1024 / 36ms ●

Editions

One product. Four shapes.

Run Epher Compute Chain on our mesh, on yours, in an air-gap, or on a single host. Same wire, same proofs, same Borz contracts at every shape.

Edition details →

Public mesh

Epher Cloud

Per-call EUR billing on our hardware-attested EU mesh. Smallest time-to-first-entry; ideal for SaaS workloads.

For
SaaS · startups · EU AI builders

Customer hardware

Epher Enterprise

Popular

Dedicated Epher mesh on customer-controlled DE:SH hosts. Per-host licensing in EUR; full data residency under your roof.

For
Regulated mid-market · banks · health

Air-gapped

Epher Sovereign

Bespoke air-gapped deployment with one-way audit replication, customer-held HATP root, and on-prem operations.

For
Defence · government · critical infrastructure

Single host

Epher Community

Single-host non-production edition for evaluation, education, and pilots. KYC, no SLA, free.

For
Researchers · evaluators · students

How it works

Append. Read. Verify.
Or run a contract.

A single HTTP surface maps to the canonical append-only log underneath, and the same surface dispatches a Borz contract for deterministic workflows. Tier policies, anchoring, PQC, EU residency, and per-call accounting are configuration, not code.

Product details →

01 · append POST /v1/ledger/:id/entry

A signed write, in one round-trip.

curl -X POST https://api.epher.cc/v1/ledger/orders/entry \
  -H "Authorization: Bearer $EPHER_KEY" \
  -H "X-Tier: T2" \
  --data-binary @order.cbor

→ 201 Created
  {
    "seq": 1042,
    "ts_ms": 1748621052124,
    "payload_cid": "b3:3c1f...e44c",
    "prev_hash":   "b3:8e7a...6c81",
    "signer_id":   "hatp:host:eu-fra-07",
    "scheme":      "ed25519"
  }

02 · read GET /v1/ledger/:id/range

A range, with its inclusion proof attached.

GET /v1/ledger/orders/range?from=1000&to=1042&proof=true

→ 200 OK · application/cbor
  entries: [...],
  checkpoint: {
    root: "b3:c180...4af6",
    epoch: 178,
    anchored_at: 1748618400000,
    anchor: "ots:bitcoin:870182"
  },
  inclusion_path: ["b3:5b77...", "b3:92a1...", ...]

03 · contract POST /v1/contract/:id/call

A deterministic call, with its receipt.

curl -X POST https://api.epher.cc/v1/contract/loan_decision/call \
  -H "Authorization: Bearer $EPHER_KEY" \
  --data '{"applicant_id":"a:9281","income_eur":48200}'

→ 200 OK
  {
    "result":       { "decision": "approved", "limit_eur": 12000 },
    "state_cid":    "b3:7a44...0e91",
    "input_cid":    "b3:1188...c30a",
    "code_cid":     "b3:e019...4f72",
    "step_receipt": "b3:c9f4...88aa",
    "units":        { "bytes_in": 41, "bytes_out": 36, "ops": 1842 }
  }

04 · verify offline · any client

Anyone, anywhere, can verify without us.

# zero-trust verification, no network access
ephernity verify ./entries.cbor --root-key ./epher-root.pub

✔ chain     1042 entries verified · BLAKE3
✔ signatures Ed25519 + 4 × Falcon-1024 (T3)
✔ checkpoint epoch 178 · root b3:c180...
✔ anchor     OTS · bitcoin block 870182 @ 2026-05-30T08:00Z
✔ replay     12 contract steps reproduced exactly

Designed for

Workloads where "who wrote what, when" is more than telemetry — and "how was this decided" is more than a log line.

AI agents T0 · T1

Storage + Compute

Verifiable scratch state — and verifiable decisions.

Multi-step agents that share state across hosts get a tamper-evident audit trail, and the decision logic itself becomes a deterministic Borz contract whose every call is reproducible.

Financial audit T3

Storage

DORA-class operational logs, PQC-signed.

Append-only, hardware-attested, Falcon-1024 signed, kept for six years and longer — and erasure-compliant via per-record crypto-shred.

AI Act Art. 50 T3 · T4

Storage + Compute

Provenance that survives the model.

Mark generated content, anchor the proof, and produce inclusion paths for any regulator on demand. The decision logic upstream can itself be a verifiable contract.

Real-time rooms T0

Storage

Disposable session state, cryptographically clean.

Live matches, transient checkout flows, ephemeral collaboration. State that lives only as long as it must — and proves it.

Process automation T2 · T3

Compute

Workflows you can show a regulator.

Author the workflow in Borz; deploy as an Epher contract; every call is a ledger entry. The audit, the replay, and the result are the same artefact.

Notarisation T4

Storage

Provenance attestations that outlive the company.

Permanent anchors, post-quantum signatures, inclusion proofs that verify forever against a small published root key.

Operator footprint

Reference EU presence

Primary Replica Edge

Primary points of presence host writes and signing under HATP attestation; replicas keep Raft-consistent copies; edge nodes terminate reads. All facilities sit within EU member states under EU operator control.

Sovereignty by construction

Operated by an EU entity. All the way down.

A US hyperscaler's EU region does not confer sovereignty — jurisdiction follows the corporate parent. Epher Compute Chain is operated by GINF Systems Kft. (Budapest, EU), on infrastructure inside EU member states, with personnel inside the EU. That makes the CLOUD Act question structural, not contractual.

●EU-domiciled operator, EU staff, EU jurisdiction.
●HATP root keys held in EU-located HSMs.
●No US sub-processors on the signing path.
●Optional EBSI anchoring for full-EU proof-of-time.
●Customer-owned editions (Enterprise · Sovereign) keep all of the above on your hardware.

Common questions

Things people ask on day one.

Is this a blockchain? +

No. There is no global consensus, no on-chain settlement, and no instrument to trade. Public-chain anchors are used only as tamper-proof timestamps — the same way OpenTimestamps does notarisation. Epher Compute Chain settles nothing on chain.

Is there a token? +

Epher Compute Chain is paid for in euro, like any hosted service. We do not issue an instrument, do not operate a market, and do not depend on one. The protocol is intentionally token-free at the wire.

What does "deterministic compute" mean here? +

A Borz "deterministic contract" is a workflow whose runtime forbids non-determinism by interface: no wall-clock, no ambient I/O, no unseeded randomness. The inputs, code revision, and outputs are committed to a ledger entry, so any verifier can replay the call byte-for-byte and reach the same result. The workflow is auditable by construction.

Where does the data live? +

On Epher Cloud, inside EU primary regions (Frankfurt, Paris, Amsterdam, Budapest by default). Replicas and edge nodes are also EU-domiciled. On Epher Enterprise or Sovereign, the data lives on your hardware, under your jurisdiction.

How do erasure rights work at T3 or T4? +

Personal data is held off-ledger; the ledger holds only commitments. Erasing personal data destroys the per-record AES-256 key (crypto-shred). The Merkle path and signature chain remain valid for the rest of the ledger.

What if my own customer wants to verify? +

They run the open Ephernity verifier with our published root public key. No SDK lock-in, no proprietary API, no network call. Offline verification is a property of the protocol, not a feature of this product.