Data encryption standards

Solident is built on the principle that identity data must remain private, permanent, and tamper-proof.

To achieve this, all biometric templates, pattern hashes, and session data are secured with industry-grade encryption standards.

"Encryption isn’t an option — it’s the baseline of trust."

Core Standards

  1. AES-256 for local storage

    • All biometric templates and pattern hashes are encrypted at rest using AES-256.

    • Keys are generated inside the device’s secure enclave or trusted execution environment (TEE).

    • Even if storage is copied, the encrypted files are meaningless without the keys.

  2. SHA-3 for hashing

    • Patterns and sensitive factors are hashed with SHA-3 before encryption.

    • Salts and unique device identifiers are added to strengthen resistance to brute force.

    • Prevents attackers from reconstructing inputs even if hashes are leaked.

  3. Elliptic Curve Cryptography (Ed25519)

    • Used for wallet key generation and transaction signing.

    • Lightweight and fast, optimized for Solana’s network.

    • Private keys never leave the enclave, ensuring they remain invisible to the outside world.

  4. TLS 1.3 for communication

    • All communication between devices and RPC providers (Helius) is encrypted using TLS 1.3.

    • Forward secrecy prevents old sessions from being decrypted even if keys are compromised in the future.

  5. Zero-Knowledge Anchoring (future)

    • Hash proofs of templates may be anchored on-chain without revealing underlying data.

    • Allows external verification of integrity while preserving privacy.

    • Planned integration for Phase 4.

Encryption Principles

  • Local-first: Data is always encrypted before leaving the device.

  • Key isolation: Encryption keys never appear in main memory, only inside secure enclaves.

  • Non-reversible templates: Biometrics cannot be reconstructed into raw images.

  • User sovereignty: Only the rightful user’s factors (face + pattern) can unlock data.

By following these encryption standards, Solident ensures that even in the worst-case scenario, a stolen device, a breached storage provider, or compromised network, user identity remains private, secure, and in their control.

Previous Security & ArchitectureNextAuthentication Flow

Last updated