Cellcrypt is built on a multi-layered approach to cryptographic security that provides maximum assurance for communications in Zero-Trust- Environments, where networks are assumed to be proactively compromised.
Employing an end-to-end key exchange, Cellcrypt ensures that for each message, file transfer, or voice call, a new keyset is generated, negating the need for centralized COMSEC key management.
The Cellcrypt Crypto Core secures data using multiple encryption layers to ensure that communications between authenticated endpoints are encrypted end-to-end.
By tunneling end-to-end encryption through a certified, NIAP-validated architecture, Cellcrypt meets and exceeds the requirements for protecting US classified Secret/Top Secret information.
1. NIAP Tuneling
Cellcrypt is NIAP validated to operate in an MA CP 2.5 architecture. The outermost layer and all server links are secured with TLS using NIST-validated algorithms (ECC-384 and AES-256).
This architecture is validated to protect US Classified Secret and Top Secret communications. Cellcrypt Federal provides this as a baseline but adds E2E encryption tunneled through the architecture.
NIAP Tunnel Architecture
All data - voice, video, messages, and file attachments - are obfuscated using the ChaCha20-256 algorithm to mitigate any future potential AES vulnerabilities. This occurs before the data is encrypted through the Cellcrypt crypto core.
3. CNSA Encryption
The obfuscated data is secured end-to-end using a package of Elliptic Curve Cryptography (ECC) and Symmetric-Key Cryptography that meets or exceeds the key length standards of the Commercial National Security Algorithm (CNSA) Suite for Top Secret communications.
Working at the largest key strengths authorised by the CNSA specification, the Cellcrypt crypto provides an overall key strength of 256 bits (including EliKey Exchange).
Quantum-Safe End-to-End Encryption through a NIAP Tunnel Architecture
4. Post-Quantum Protection
The crypto core is cryptographically overlaid with a quantum-safe envelope allowing for algorithms, such as CRYSTALS-Kyber and Classic McEliece, to be layered and changed as standards in this area emerge, without affecting the strength of the underlying ‘classical’ CNSA encryption