Private Vault uses a hybrid classical + post-quantum encryption scheme. Even if classical encryption is broken by future AI or quantum computing, the post-quantum layer remains intact.
Data at Rest
AES-256-GCM
FIPS 140-2 validated. Random IV per record. GCM provides authentication.
Key Encapsulation
CRYSTALS-Kyber (ML-KEM)
NIST FIPS 203 standardized. Quantum-resistant key exchange.
Audit Signatures
CRYSTALS-Dilithium (ML-DSA)
Post-quantum digital signatures. Tamper-proof audit trail.
Key Derivation
Argon2id
Memory-hard. 64MB memory cost, 3 iterations, 4 threads.
In Transit
TLS 1.3 + PQ KEM
Post-quantum key exchange protects data in transit too.
Processing
TEE Enclaves
Hardware-isolated execution. Even our infrastructure can't observe decrypted memory.