Documentation
Encryption and post-quantum
At VIGIL-MESH, there is only one encryption layer, and it is the right one: the session linking two machines IS an end-to-end QUIC connection. Encryption comes from TLS 1.3, peer authentication relies on raw Ed25519 public keys, and key establishment is post-quantum from the design stage. This page describes precisely the primitives used — and honestly recalls what we do not claim yet.
A single encryption layer
The session linking two machines is not encrypted "on top of" a fallback transport: it IS an end-to-end QUIC connection. There is no tunnel stacked on another tunnel, hence no double encryption on the relayed path. A single envelope truly goes end to end, and that is the one we secure.
This choice has a direct consequence on the attack surface: a single layer to age, a single cryptographic stack to maintain and evolve. Classic mesh VPNs stack an encrypted tunnel inside a channel, which multiplies the cost and the layers to secure together; VIGIL has only one. The blind-relay model that follows from it is described on /en/docs/securite.
The cryptographic primitives
Here is precisely what makes up the encrypted session. None of these primitives is an in-house rewrite: they are standard mechanisms, integrated as-is.
| Function | Mechanism | What it provides |
|---|---|---|
| Encrypted transport | QUIC with TLS 1.3 | The end-to-end session is the transport itself, not an overlay added after the fact. |
| Peer identity | Raw Ed25519 public keys (raw public keys, RFC 7250) | Raw-key authentication — no X.509 certificate chain to issue or manage. |
| Data encryption | AEAD: ChaCha20-Poly1305 or AES-256-GCM | Confidentiality and authenticated integrity of every packet, in a single pass. |
| Forward secrecy | PFS (Perfect Forward Secrecy) | A future compromise of a long-term key does not allow decrypting past sessions. |
| Key renewal | QUIC native key update | Built-in rotation of session keys mid-connection, without re-establishing the session. |
| Key establishment | Hybrid X25519 + ML-KEM768 exchange | The session key remains secure as long as either of the two mechanisms holds — a post-quantum defence. |
AEAD stands for "authenticated encryption with associated data": the same pass provides both confidentiality and integrity, so that a tampered packet is rejected instead of being decrypted. PFS guarantees that a traffic capture recorded today does not become readable if a key leaks later, and QUIC's key update rotates the keys over the course of the session.
Post-quantum from the design stage
The key establishment of QUIC sessions is hybrid X25519 + ML-KEM768. "Hybrid" means that the session key depends on both mechanisms at once: it remains secure as long as either of the two holds. It is a defence against the "harvest now, decrypt later" scenario — an adversary recording encrypted traffic today in the hope of breaking it tomorrow with a quantum computer.
The ML-KEM implementation used is a proven library, integrated as-is, never an in-house rewrite of the primitive. The exact scope of this protection, its limits and the perimeter covered are detailed on /en/docs/vpn-post-quantique.