Technical Specification

AdvancedTechnology

Built on NIST-standardized post-quantum algorithms, dedicated hardware security modules, and a zero-knowledge architecture written entirely in memory-safe Rust. Designed to resist both current threats and quantum-era adversaries.

What does post-quantum mean? Quantum computers will eventually break today's encryption. Zbelthas uses next-generation algorithms (ML-DSA, ML-KEM) that remain secure even against quantum attacks — protecting your data for decades to come.

Post-QuantumHardware-BackedZero-KnowledgeMemory-Safe Rust

Algorithm Strength

ML-DSA-87256-bit — PQC SECURE

ML-KEM-1024256-bit — PQC SECURE

AES-256-GCM256-bit — SAFE

Ed25519128-bit — CLASSICAL

RSA-2048112-bit — LEGACY

Security Statusv2.0.0-alpha

ML-DSA-87

ACTIVE

ML-KEM-1024

ACTIVE

AES-256-GCM

ACTIVE

Hardware Enclave

LOCKED

Cryptography, in plain language

The three things you should remember.

We use serious acronyms (FIPS 203, FIPS 204, hybrid mode) because the work under them is serious. But you only need these three ideas to understand what the product buys you.

Trust Center Glossary

ML-KEM-1024

NIST-standardised post-quantum key encapsulation (FIPS 203). Used to establish session keys that stay secret even against a future quantum adversary recording today and decrypting later.

Glossary: ml kem →

ML-DSA-87

NIST-standardised post-quantum digital signature (FIPS 204). Used to sign messages, release artifacts, and attestations — with classical + post-quantum in parallel, not one instead of the other.

Glossary: ml dsa →

Reproducible builds

Target: anyone can rebuild our binaries from source and verify the output matches the download. Status: roadmap item for the public release. See the Trust Center for current progress.

Glossary: reproducible builds →

Technical Architecture

Every layer of the stack is designed for verifiable security — from the cryptographic primitives to the network layer. No black boxes, no trust assumptions, no proprietary algorithms.

Post-Quantum Cryptography

NIST-Standardized Algorithms

Zbelthas implements next-generation post-quantum algorithms designed to resist attacks from both classical and quantum computers. Our hybrid approach combines multiple cryptographic families — ensuring your data remains secure even if one layer is compromised. Perfect forward secrecy guarantees past sessions stay private even if future keys are exposed.

ML-DSA-87NIST FIPS 204

256-bit

ML-KEM-1024NIST FIPS 203

256-bit

AES-256-GCMNIST SP 800-38D

256-bit

Hardware Layer

Secure Key Storage

TPM 2.0

Firmware-level key protection for desktop and laptop systems — keys never exposed to software

Secure Enclave

Apple Secure Enclave and ARM TrustZone: isolated secure processor for cryptographic operations on mobile

StrongBox

Android StrongBox: dedicated hardware security chip with tamper-resistant key storage and attestation

Zero-Knowledge

Zero data on servers

Zero telemetry, zero analytics, zero tracking. The architecture makes data collection structurally impossible — not a policy choice, not a promise, but a mathematical constraint.

Zero user data on our servers — structurally impossible to collect
All encryption and decryption on your device — keys never leave hardware
No metadata collection at any layer: usage patterns, contacts, and behavior stay on-device

Rust Benefits

Memory Safety at Compile Time

"Zero unsafe blocks."

No buffer overflows — eliminated at compile time
No use-after-free vulnerabilities
No null pointer dereferences
Thread safety guaranteed by the borrow checker

Memory Safety

Exploit Classes Eliminated

C/C++ exploit categories addressed:

Buffer overflows

Use-after-free

Null pointer deref

Data races

Stack corruption

Memory vulnerabilities prevented:

70%

of CVEs in native code are memory-safety bugs eliminated by Rust's ownership model

Network Protection

Multi-Layer Defense

DNSDoH / DoT encrypted by default

WebRTCIP leak prevention enforced

RoutingAnonymous routing / Tor support

TrafficPadding to defeat traffic analysis

Explore the Technical Whitepaper

Deep dive into our cryptographic architecture, security proofs, and implementation details.

docs.zbelthas.com

Threat model, in one paragraph

Zbelthas is designed to defend your keys, messages, and browsing against: mass surveillance, exchange and custodian failures, data breaches of intermediaries, and "harvest now, decrypt later" adversaries that record encrypted traffic today hoping to break it with a future quantum computer. It is not a magic shield against a compromised device, a coerced user, or an attacker with physical access to an unlocked endpoint. For those, layered operational security is required — we publish guidance on the threat model page and in the docs.