I’ve been looking into the 'Integrity Gap' in HMAC systems lately—specifically how to prove to an external auditor that the server secret (your masterKey) wasn't speculatively rotated or manipulated before a token was generated. In high-stakes environments like verifiable gaming or sensitive audit trails, the server holding the entropy is often a trust bottleneck.
Have you considered a model where the seed/key is anchored to a decentralized beacon like Drand? I've been experimenting with a 'Commit-Reveal' alternative where the final result is dependent on a future beacon round. It effectively removes the 'Last-Look' advantage from the server. Curious if you see a place for decentralized entropy in ID obfuscation for apps requiring a public audit trail