When you connect to a website or VPN using TLS today, your keys are usually exchanged using RSA or Elliptic Curve Diffie-Hellman (ECDH). These rely on mathematical problems — factoring large numbers (RSA) or solving elliptic curve discrete logarithms (ECDH) — that are currently hard for classical computers, but easily broken by quantum computers using Shor’s algorithm.
VeilNet, in contrast, is built for the quantum future. It uses ML-KEM (Kyber), a new standard selected by NIST and based on lattice-based cryptography — specifically, the Module Learning With Errors (MLWE) problem. This relies on solving noisy systems of equations over structured algebraic rings, which remain hard even for quantum computers.
Conventional TLS
🧮 Mathematical Foundations #
🔸 TLS (ECDH / RSA) #
- RSA:
- Based on the difficulty of factoring n = p × q.
- Quantum computers can factor n quickly using Shor’s algorithm.
Because RSA relies on a single large integer, once that is factored, the entire key is compromised.
- ECDH:
- Based on elliptic curves: given P and Q = k·P, find k.
- Again, Shor’s algorithm breaks this.
Because the security depends on a single discrete logarithmic relationship, once k is found, the shared secret is exposed.
Module-Lattice–based Key Encapsulation Mechanism
🧮 Mathematical Foundations #
🔸 VeilNet (ML-KEM) #
- Based on MLWE, which looks like:
- A·s + e ≡ b (mod q)
- You’re given A and b, and asked to find the secret s. But without knowing the small error e, this is extremely hard, even with a quantum computer.
- All math happens in a structured ring, like ℤ_q[X]/(Xⁿ + 1). This allows for fast, efficient encryption while maintaining quantum security.
The problem is hard because A is a matrix, and the added noise e hides the exact relation — breaking Kyber-1024 would require over 5,000 logical qubits and tens of billions of physical qubits, while today’s quantum computers have fewer than 500 noisy physical qubits.
Problem in Conventional VPN Protocols
Conventional VPNs rely on a single layer of encryption between the user and the VPN server, which means that while the data is encrypted in transit, the server itself can still see sensitive metadata. This includes session tracking, such as when users connect and disconnect, and destination tracking, revealing which websites or services users access. As a result, the VPN server becomes a central point of trust—and risk—where user privacy depends entirely on the server operator’s integrity. If compromised, coerced, or malicious, the server can expose users’ activity, undermining the very privacy VPNs are meant to protect.
VeilNet’s Approach
VeilNet’s approach fundamentally improves privacy by using peer-to-peer (P2P) encryption key exchange, meaning the encryption keys are shared directly between the user’s device (Rift) and the destination exit node, not with intermediate hops. All traffic is encrypted end-to-end using ML-KEM for post-quantum key exchange combined with AES-256 encryption, layered over DTLS or TLS. Intermediate Portals only relay encrypted data without ever seeing the decrypted content or knowing the destination. They can only observe a randomly generated Stream ID, which contains no metadata about the source, destination, or session. This design prevents session tracking, destination tracking, and metadata leakage, providing a scalable, decentralized, and quantum-resistant privacy solution.
