At VeilNet, we’ve designed a security architecture that leverages multiple layers of encryption to ensure your data is protected at every stage — from user access to network-wide communication. Here’s how each layer works:

User to Rift:
Connections from the user to the Rift entry point are encrypted using ChaCha20, a fast and secure encryption algorithm integrated with WireGuard. This ensures lightweight yet robust protection for user access even with the user’s local network!

Rift to Rift (Rift Link):
For secure communication between Rift nodes, VeilNet employs a multi-layer approach. This multi-layer strategy includes:

DTLS (WebRTC-based) — Ensures encrypted, authenticated communication channels with strong session protection.
AES-GCM 256 — Provides high-performance encryption for data confidentiality and integrity.
Domain Secret — A unique cryptographic secret that restricts trusted communication to authorized Rift nodes only, also preventing user activity tracing.
Kyber1024 (Post-Quantum Safe KEM) — A cutting-edge key exchange mechanism designed to resist quantum attacks, ensuring long-term security.

Internet Communication:
Once data leaves the Rift network, VeilNet allows the application’s original security protocols (e.g., TLS, HTTPS, or custom encryption) to remain in place, ensuring compatibility with existing standards.

By combining ChaCha20, DTLS, AES-GCM 256, and Kyber1024, VeilNet offers a multi-layered, future-proof security solution — ensuring your data is protected today and safeguarded against tomorrow’s threats.