Sovereign Network

VPN Post-Quantum

Proprietary VPN with a hybrid post-quantum handshake. Full customer ownership and control. No third party in the key path. Architecture compatible with HTTP/3 + MASQUE.

ML-KEM-1024 + X25519HTTP/3 MASQUESovereign Key ControlEU Supply Chain

Hybrid PQ + classical handshake

The handshake combines ML-KEM-1024 (FIPS 203) with X25519 via HKDF-SHA-256. Even if one of the two primitives is broken in the future, sessions remain secure. Protection against harvest-now-decrypt-later attacks.

  • ML-KEM-1024: 256-bit PQ security
  • X25519: 128-bit classical security as fallback
  • HKDF-SHA-256 combiner for the derived pre-shared key

Customer-owned keys

The BCrypto VPN never handles customer keys. The sovereign KMS runs inside the organization's infrastructure. Full key-lifecycle audit, configurable rotation policy, ZK-attestation that keys never left the enclave.

  • Optional HSM or TPM-bound key storage
  • Configurable rotation (hourly → monthly)
  • Signed audit log of every key operation

HTTP/3 + MASQUE transport

The datapath uses HTTP/3 with MASQUE (RFC 9298) for UDP proxying. Indistinguishable from ordinary web traffic, resistant to DPI and censorship. Latency-optimized: 1-RTT handshake with ML-KEM.

  • QUIC native transport (no TCP fallback necessario)
  • MASQUE-on-HTTP/3 for UDP encapsulation
  • Connections resilient to network changes (multipath)
ANTI-DEEPFAKE ALWAYS ACTIVE · ENCRYPTED AND UNENCRYPTED CALLS · ZERO DATA TRANSMITTED · SOVEREIGN OPERATIONS · POST-QUANTUM ML-KEM-1024 · 3 PATENTS FILED
ANTI-DEEPFAKE ALWAYS ACTIVE · ENCRYPTED AND UNENCRYPTED CALLS · ZERO DATA TRANSMITTED · SOVEREIGN OPERATIONS · POST-QUANTUM ML-KEM-1024 · 3 PATENTS FILED