VIGIL MESH

Documentation

Encryption and post-quantum

At VIGIL-MESH, there is only one encryption layer, and it is the right one: the session linking two machines IS an end-to-end QUIC connection. Encryption comes from TLS 1.3, peer authentication relies on raw Ed25519 public keys, and key establishment is post-quantum from the design stage. This page describes precisely the primitives used — and honestly recalls what we do not claim yet.

A single encryption layer

The session linking two machines is not encrypted "on top of" a fallback transport: it IS an end-to-end QUIC connection. There is no tunnel stacked on another tunnel, hence no double encryption on the relayed path. A single envelope truly goes end to end, and that is the one we secure.

This choice has a direct consequence on the attack surface: a single layer to age, a single cryptographic stack to maintain and evolve. Classic mesh VPNs stack an encrypted tunnel inside a channel, which multiplies the cost and the layers to secure together; VIGIL has only one. The blind-relay model that follows from it is described on /en/docs/securite.

The cryptographic primitives

Here is precisely what makes up the encrypted session. None of these primitives is an in-house rewrite: they are standard mechanisms, integrated as-is.

FunctionMechanismWhat it provides
Encrypted transportQUIC with TLS 1.3The end-to-end session is the transport itself, not an overlay added after the fact.
Peer identityRaw Ed25519 public keys (raw public keys, RFC 7250)Raw-key authentication — no X.509 certificate chain to issue or manage.
Data encryptionAEAD: ChaCha20-Poly1305 or AES-256-GCMConfidentiality and authenticated integrity of every packet, in a single pass.
Forward secrecyPFS (Perfect Forward Secrecy)A future compromise of a long-term key does not allow decrypting past sessions.
Key renewalQUIC native key updateBuilt-in rotation of session keys mid-connection, without re-establishing the session.
Key establishmentHybrid X25519 + ML-KEM768 exchangeThe session key remains secure as long as either of the two mechanisms holds — a post-quantum defence.

AEAD stands for "authenticated encryption with associated data": the same pass provides both confidentiality and integrity, so that a tampered packet is rejected instead of being decrypted. PFS guarantees that a traffic capture recorded today does not become readable if a key leaks later, and QUIC's key update rotates the keys over the course of the session.

Post-quantum from the design stage

The key establishment of QUIC sessions is hybrid X25519 + ML-KEM768. "Hybrid" means that the session key depends on both mechanisms at once: it remains secure as long as either of the two holds. It is a defence against the "harvest now, decrypt later" scenario — an adversary recording encrypted traffic today in the hope of breaking it tomorrow with a quantum computer.

The ML-KEM implementation used is a proven library, integrated as-is, never an in-house rewrite of the primitive. The exact scope of this protection, its limits and the perimeter covered are detailed on /en/docs/vpn-post-quantique.

WarningWhat we do not claim

Read nextNetwork lock and recovery