Skip to content
HeartBadge docs

Identity Model

Badge identifiers, Luhn checksums, derivation paths, and the cryptographic foundation of HeartBadge identity.

Every badge has a unique identity. This page documents the identity model: how identifiers are generated, how derivation paths work, and what makes a badge verifiably yours.

Badge identifier structure

A badge identifier is a 20-digit number: 

8470 2613 9854 1200 37

The identifier encodes:

  • Collection ID — which program the badge belongs to
  • Group — a subdivision within the program (e.g., VIP, general)
  • Tier — the access tier within the group
  • Sequence — the mint order within that collection/group/tier
  • Check digit — Luhn checksum for error detection

Luhn checksum

The last digit of the identifier is a Luhn check digit — the same algorithm used in credit card numbers. When you enter a badge identifier:

  1. The system computes the expected check digit from the first 19 digits
  2. If the 20th digit doesn't match, the identifier is invalid

This catches single-digit errors and most transposition errors before any database lookup.

Derivation path

The identifier corresponds to a BIP-32 derivation path: 

m/721'/0'/{collection}'/{group}'/{tier}'/{seq}

This path derives the badge's identity key from a master key. The key hierarchy is:

  • 721' — NFT purpose (CAT-721 standard)
  • 0' — HeartBadge network
  • {collection}' — program's collection ID
  • {group}' — group within collection
  • {tier}' — tier within group
  • {seq} — mint sequence number

Given the derivation path, anyone can derive the expected public key. Given the public key, anyone can verify signatures from that badge.

Identity key

The identity key derived from this path is used for:

  • Ownership proofs (signing challenges to prove you hold the badge)
  • Transaction authorization (approving transfers, state updates)
  • Messagebox authentication (BRC-31 message signing)
  • Attestation signing (co-sign attestations)

A single key, derived from a single path, is the anchor for all badge operations across all three chains.

Key custody

The member holds the private key corresponding to their badge's identity key. HeartChain Labs does not have access to member private keys. This is what "non-custodial" means: we can't move your badge, spend your rewards, or sign on your behalf.

Key storage is handled by the HeartBadge app (secure enclave on mobile) or by the member's own wallet if they export. See Non-Custody Posture.

Related