shutterstock_1742883383 [Converted].png

ENCRYPTION

Military-Grade Encryption 
for Secure Communications

​Seecrypt is built on a multi-layered approach to cryptographic security that provides maximum assurance for communications in Zero-Trust- Environments, where networks are assumed to be proactively compromised.

Employing an end-to-end key exchange, Seecrypt ensures that for each message, file transfer, or voice call, a new keyset is generated, negating the need for centralized COMSEC key management.

The Seecrypt Crypto Core secures data using multiple encryption layers to ensure that communications between authenticated endpoints are encrypted end-to-end. 

By tunneling end-to-end encryption through a certified, NIAP-validated architecture, Seecrypt meets and exceeds the requirements for protecting US classified Secret/Top Secret information. 

Multi-Layer Encryption

1. Tuneling

With Seecrypt, the outermost layer and all server links are secured with TLS using NIST-validated algorithms (ECC-384 and AES-256), but adds E2E encryption tunneled through the architecture. 

2. Obfuscation

All data - voice, video, messages, and file attachments - are obfuscated using the ChaCha20-256 algorithm to mitigate any future potential AES vulnerabilities. This occurs before the data is encrypted through the Cellcrypt crypto core.

tunnel_short.png

Tunnel Architecture

3. CNSA Encryption

The obfuscated data is secured end-to-end using a package of Elliptic Curve Cryptography (ECC) and Symmetric-Key Cryptography that meets or exceeds the key length standards of the Commercial National Security Algorithm (CNSA) Suite for Top Secret communications.

 

Working at the largest key strengths authorised by the CNSA specification, the Seecrypt crypto provides an overall key strength of 256 bits (including EliKey Exchange).

tunnel.png

Quantum-Safe End-to-End Encryption through a Tunnel Architecture

shutterstock_1742883383 [Converted].png
CRYPTOGRAPHY
Key Generation
  • Entropy collected continuously from hardware sources e.g. motion sensor, mic and OS sources e.g. /dev/urandom

  • Long term ECC keys generated & stored in application’s secure database

  • No manufactured/generated key material is needed before use of the system

Message Authentication
  • End-to-end standards-based key establishment with mutual authentication

    • NIST SP800-56A C(1,2) One-Pass Unified Model

    • Public key fingerprint displayed in message dialog and contact details for vocal confirmation

  • Secure data exchange in two stages

  • An end-to-end standards-based key establishment providing mutual authentication, Perfect Forward Secrecy (PFS), and unique keys per-session

  • NIST SP800-56A C(2,2) Full Unified Model with
    Bi-lateral Key Confirmation

  • Authentication using NIST approved ECC curve P-384/512

Voice Call Authentication
Symmetric Cryptography
  • Dual ciphers - ChaCha20 with 256-bit key and AES with a 256-bit key

  • FIPS SP 800-38