P1
Server cannot read user data.
Mathematical, not policy. The wire only carries opaque ciphertext.
Held
M3 D1/R2 sync shipped · ciphertext-only · E2E IDB inspection asserts no plaintext leak
v0.5.0 · 18 layers · 4 shipping tiers
The architectural blueprint.
Organized by shippability.
This document is the canonical map of what VuVault's cryptographic stack looks like, what it defends against, and when each piece ships. Tier 1 is on production paths today. Tier 4 is research-adjacent — we track it, prototype it, and integrate when the standards and libraries are ready.
§ 01 — Design principles
Five non-negotiable invariants.
Every layer is checked against these five before it ships. If a feature breaks one, it does not ship — even if a competitor offers it, even if it's convenient. Status badges below are mechanically self-assessed against the current ship.
P2
Server cannot infer user data.
No metadata leaks: not which item changed, not how many items exist.
Pending
Bucketed padding lives in the Tier 2 spec — not yet wired
P3
Resistant to harvest-now-decrypt-later.
Hybrid post-quantum encryption from day one. FIPS 203.
Held
Hybrid X25519 + ML-KEM-1024 shipped · KAT-locked in CI
P4
Verifiable by anyone.
Reproducible builds, transparency log, open source. No trust required.
Held
SHA-384 manifest + in-page verifier · Sigstore + Rekor keyless on every release
P5
No silent updates.
Bundle hash visible at unlock. SRI on every asset. User-consented updates only.
Held
Bundle hash bound at unlock · SHA-384 per-chunk manifest covers all assets
Q3 2026
Tier 1 · Production
Zero research risk. Standards published, libraries audited, paths well-trodden. This is what ships first.
L01
OPAQUE authentication
RFC 9807 (Jul 2025)
Server-side credential theftPhishing-vulnerable login
L02
PRF + Secret Key vault key derivation
WebAuthn L3 PRF · HKDF-SHA512
Master password compromiseCross-site password reuse
L03
ML-KEM-1024 hybrid envelope
FIPS 203 · Aug 2024
Harvest-now-decrypt-later (quantum)Cipher downgrade
L04
XMSS release signatures
NIST SP 800-208
Quantum forgery of release signing key
L05
Reproducible builds + Sigstore
SLSA L3 · Rekor transparency log
Targeted backdoorBuild-system compromise
2027
Tier 2 · Sync & sharing
Standards mature, but integration complexity is real. Sharing requires multi-party crypto. CRDT sync requires careful key management.
L06
MLS family/team sharing
RFC 9420 / RFC 9750
Shared-vault key compromise on member departure
L07
Encrypted CRDT sync
Yjs + HPKE + ML-KEM-768
Sync-server inspectionReplay across devices
L08
WebRTC + ECDH device pairing
Local-first, no server intermediation
Pairing-time MITM
L09
CONIKS-derived AKD log
WhatsApp-style auditable key directory
Server impersonating users with fake keys
L10
PIR + unbalanced PSI breach checks
RFC 9497 VOPRF · OPRF-PSI
Breach-check service learning your passwords
2028
Tier 3 · Recovery & autonomy
Threshold cryptography and TEEs unlock advanced recovery and agentic patterns. Required for enterprise viability.
L11
FROST t-of-n recovery
RFC 9591
Single-point recovery failureCoerced recovery
L12
TEE enclaves
AWS Nitro · Azure Confidential
Server-side remote attestation gaps
L13
Noise-channel agentic autofill
Noise IK · 1Password+Browserbase pattern
Agent-credential leakageBrowser-extension compromise
L14
FN-DSA compact signatures
FIPS 206 (draft Aug 2025)
Bandwidth-limited PQ signature deployments
2029–2030
Tier 4 · Frontier
Research-adjacent. Standards still settling. We track these with prototypes; ship when production-ready libraries land.
L15
zkSNARK selective disclosure
Groth16 · Plonky3
Over-disclosure during identity verification
L16
drand timelock encryption
tlock over BLS12-381
Pre-publication leakage of dead-man releases
L17
Threshold stateful HBS (Haystack)
CIC 2025
Stateful HBS replay across signing parties
L18
Pure-PQ threshold recovery
RACCOON-style ML-DSA threshold
Quantum compromise of recovery shares