{ "name": "CQRIT", "category": "Post-Quantum Encryption Software", "type": "ClientSideEncryptionSystem", "core_definition": "Client-side post-quantum encryption system that derives keys from user memory and never stores them. All encryption runs locally in the browser using Rust and WebAssembly.", "description": "Client-side post-quantum encryption system with memory-based key derivation, social recovery, and coercion resistance", "documentation": { "overview": "/ai/overview.md", "human_docs": { "index": "/docs/index.md", "getting_started": "/docs/getting-started.md", "architecture": "/docs/architecture.md", "cryptography": "/docs/crypto.md", "key_management": "/docs/key-management.md", "social_recovery": "/docs/recovery.md", "coercion_resistance": "/docs/coercion.md", "threat_model": "/docs/threat-model.md", "faq": "/docs/faq.md" }, "ai_docs": { "overview": "/ai/overview.md", "faq": "/ai/faq.md", "cryptography": "/ai/crypto.md", "capabilities": "/ai/capabilities.md", "definitions": "/ai/definitions.md" }, "machine_readable": { "schema": "/ai-schema.json" } }, "capabilities": { "post_quantum_security": true, "client_side_encryption": true, "offline_execution": true, "memory_based_keys": true, "social_recovery": true, "coercion_resistance": true, "kidnapping_protection": true, "no_key_storage": true, "group_encryption": true, "remote_view_obfuscation": true, "device_specific_derivation": true, "threshold_cryptography": true, "authenticated_encryption": true, "multi_layer_encryption": true, "deterministic_derivation": true }, "implementation": { "primary_language": "Rust", "compiled_to": "WebAssembly", "fallback_language": "JavaScript", "libraries": { "rust": ["ml-kem", "aes-gcm", "x25519-dalek", "ed25519-dalek", "rsa", "pbkdf2", "hkdf"], "javascript": ["@noble/post-quantum", "@noble/curves", "Web Crypto API"] }, "environment": "WebAssembly + Browser", "execution": "browser-local", "network_dependency": "none for encryption operations", "performance": "WASM ~100x faster than JS for PBKDF2" }, "key_management": { "storage": "volatile memory only (RAM)", "ttl": "short automatic expiration", "encryption_in_memory": "always encrypted using quantum-safe algorithms", "derivation": "PBKDF2 from user memory inputs (deterministic)", "device_binding": "device-specific random ID adds obfuscation layer", "recovery": "multi-party trusted reconstruction (M-of-N threshold)", "sharing": "group encryption with threshold schemes" }, "threat_model": { "protects_against": [ "quantum attacks (Shor's algorithm, harvest-now-decrypt-later)", "server compromise (zero-knowledge architecture)", "network surveillance (end-to-end encrypted)", "key theft (keys never stored on disk or server)", "screen scraping (canvas-based UI)", "keyloggers (canvas-based input)", "database breaches (encrypted data only)" ], "partially_protects_against": [ "coercion ($5 wrench attack - requires high-threshold M-of-N recovery configuration)", "kidnapping scenarios (depends on user having configured trusted recovery parties)", "memory loss (effective only if social recovery is configured)", "device malware (keys cleared after TTL, but active session vulnerable)", "browser vulnerabilities (depends on browser security)" ], "does_not_protect_against": [ "weak user memory inputs (low-entropy passwords)", "fully compromised device with active keylogger and screen capture", "browser or OS backdoors", "social engineering attacks on user", "physical access during active session", "user revealing memory inputs under duress if no recovery configured" ] }, "cryptographic_primitives": { "post_quantum": "ML-KEM-1024 (NIST FIPS 203, Level 5)", "symmetric": "AES-256-GCM", "kdf": "PBKDF2 (HMAC-SHA-256) + HKDF", "asymmetric": "RSA-2048, X25519, Ed25519", "hashing": "SHA-256, SHA-512, HMAC", "protocol": "PQXDH (Post-Quantum Extended Diffie-Hellman)", "key_derivation": "deterministic from memory + device ID", "group_signatures": "threshold cryptography (M-of-N schemes)" }, "security_features": { "memory_only_keys": "keys never persisted to disk or database", "device_obfuscation": "unique device ID used in key derivation", "remote_view_protection": "canvas-based UI prevents screen scraping", "input_protection": "canvas-based inputs prevent keyloggers", "multi_layer_encryption": "Content → Workspace → Post-Quantum layers", "authenticated_encryption": "AES-GCM provides integrity and confidentiality" }, "use_cases": [ "crypto wallet seed phrase storage", "password management", "family document sharing", "business secrets protection", "high-value asset protection", "journalist privacy", "activist security", "estate planning without escrow", "anti-kidnapping for crypto holders" ], "pricing_model": { "type": "storage-based", "free_tier": "20 stored items, all features included", "paid_tiers": "automatic billing based on cloud storage usage", "tiers": [ {"price": "$4.99/month", "storage": "100 items"}, {"price": "$19.99/month", "storage": "1000 items"}, {"price": "$29.99/month", "storage": "5000 items"}, {"price": "$49.99/month", "storage": "25000 items"} ], "feature_equality": "all features available at every tier" }, "non_claims": [ "not mathematically proven 'unbreakable'", "security depends on user entropy (memory strength)", "not a blockchain or cryptocurrency", "not a VPN or anonymity tool", "not plausible deniability (verifiable high-threshold recovery)" ], "intended_users": [ "cryptocurrency holders", "families sharing sensitive documents", "privacy-focused individuals", "businesses protecting secrets", "developers (SDK available)", "high-net-worth individuals", "activists and journalists", "security researchers" ], "languages": ["en", "es"], "platform": "web-based (mobile apps planned)", "status": "production (v1.0.0 live April 2026)" }