PLAIN ENGLISH — NO JARGON

How QSafe Vault Actually Works

A technical walkthrough of what QSafe Vault does at each stage — from password entry to encrypted container — without requiring a background in cryptography.

The Problem First

Why your current encryption isn't enough

Most encryption tools use algorithms based on integer factorisation or elliptic curve discrete logarithms — both solvable in polynomial time on a large enough quantum computer. Here is what that means in practice:

❌ Old Encryption (RSA, ECDH)
RSA / ECDH — Quantum-Vulnerable

Classical computers cannot factor a 2048-bit RSA modulus in any practical timeframe. But Shor's Algorithm, running on a fault-tolerant quantum computer, can do it in polynomial time — a theoretical "hours" reduction. Any data encrypted today with RSA or ECDH key exchange will be vulnerable once sufficiently capable quantum hardware exists.

✅ QSafe Vault (ML-KEM, ML-DSA)
ML-KEM / ML-DSA — Post-Quantum Resistant

QSafe uses Module Lattice-based cryptography — security derived from the hardness of the Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS) problems. No polynomial-time quantum algorithm is known for these problems. NIST ran an 8-year public competition and standardised ML-KEM (FIPS 203) and ML-DSA (FIPS 204) in 2024.

End to End

The full encryption flow

🔑
Password
Your master key
🧮
Argon2id
Key derivation
🤝
ML-KEM-768
Key encapsulation
🔒
AES-256-GCM
File encryption
✍️
ML-DSA-65
Digital signature
📦
QSAFE Container
Stored locally
Step by Step

What happens behind the scenes

01
Creating Your Vault

Your Password Becomes a Key

When you create a vault with a password, QSafe doesn't store your password. Instead it runs your password through a process called Argon2id — a deliberately slow and memory-intensive function.

The slowness is intentional: it means that if someone stole your encrypted vault and tried to guess your password by running millions of attempts per second, they'd be slowed to just a handful of attempts per second. A 12-character password becomes essentially uncrackable this way.

Why Argon2id? Unlike fast hashes (SHA-256, bcrypt), Argon2id is parameterised to consume significant memory and time per attempt. This limits offline brute-force attacks to a rate dictated by hardware cost rather than compute speed. Even a well-resourced attacker is limited to thousands of attempts per second rather than billions.
02
Quantum-Safe Keys

Two Special Keys Are Generated

When you first unlock your vault, QSafe generates a pair of ML-KEM-768 keys — a public key and a secret key. These are based on lattice mathematics and are quantum-resistant.

Your secret key is immediately encrypted using your vault key (from step 1) and stored. Only you can unlock it. The public key can be stored openly — it's safe to see.

Key storage: The ML-KEM secret key is encrypted with your vault's AES-256-GCM key (derived from Argon2id) before being written to IndexedDB. It only exists in decrypted form in memory during an active session. Locking the vault zeroes the in-memory copy.
03
Encrypting Your File

Three Layers Work Together

Layer 1 — Key Exchange: A random one-time file key is generated. It's "encapsulated" using ML-KEM — meaning it's locked inside the quantum-safe padlock so only your secret key can retrieve it.

Layer 2 — File Encryption: Your actual file is encrypted using AES-256-GCM using that one-time file key. This is the same cipher used by the US military and all modern HTTPS connections.

Layer 3 — Signature: The entire encrypted package is signed with ML-DSA-65 — a quantum-safe digital signature that proves nobody has touched the file since you encrypted it.

Why hybrid? ML-KEM handles the key encapsulation (quantum-safe), AES-256-GCM handles bulk encryption (fast, hardware-accelerated, post-Grover-safe at 256 bits), and ML-DSA provides authenticated integrity over the entire container. Each algorithm does what it does best.
04
The QSAFE Container

Everything is Bundled Into One Tamper-Proof Package

The encrypted file, the encapsulated key, the digital signature, and any policy rules (like a time-lock) are all bundled into a single QSAFE container. This container is stored in your browser's local IndexedDB storage.

The signature covers every single byte of the container — including the policy fields. You can't remove a time-lock or swap the ciphertext without breaking the signature. Any tampering is instantly detectable.

Signature coverage: The ML-DSA signature is computed over all container bytes including policy fields. This means neither the ciphertext nor the policy can be substituted or removed without invalidating the signature — which is checked before any decryption occurs.
05
Decrypting Your File

Everything Happens in Reverse — in Order

When you want your file back, QSafe first checks the ML-DSA signature. If the file was tampered with, decryption stops immediately with an error.

Then it checks any policies (like a time-lock — is it past the unlock date?). Then it uses your secret ML-KEM key to decapsulate the one-time file key. Finally, AES-256-GCM decrypts and authenticates your file.

Fail-fast ordering: Signature verification runs first, before any key material is used. This prevents chosen-ciphertext attacks and ensures tampered containers are rejected immediately, without leaking timing information about the key derivation step.
Common Questions

Things people often ask

What happens if I forget my password?
+
Your password cannot be recovered by anyone — including us. There is no "reset password" because there is no server storing anything. Your files are permanently inaccessible without the correct password. This is a feature, not a bug: it's exactly what makes the system trustworthy. Write your password down and keep it somewhere very safe.
Do my files leave my browser?
+
No. After the page loads, QSafe makes zero network requests. Your files, keys, and passwords never leave your device. You can verify this yourself by opening your browser's Developer Tools → Network tab, then using the app — you'll see nothing being sent. The only external resource is the Argon2 library loaded once from a CDN at page load.
What if I clear my browser data?
+
Your encrypted vault is stored in your browser's IndexedDB. If you clear browser data or use a different browser, your vault will be gone. To avoid this, use the Export Vault feature to save a backup file. You can import this file in any browser to restore your vault — just enter your password to unlock it.
Is this real encryption or a simulation?
+
The AES-256-GCM encryption is 100% real using your browser's native Web Crypto API. The Argon2id key derivation is real. The QSAFE container format, digital signatures, and policy engine are real implementations. The ML-KEM and ML-DSA operations use a fallback to ECDH-P256 / ECDSA-P256 (equally real, just classical rather than post-quantum) if the lattice WASM modules are not loaded. All cryptography is genuinely functional.
How is this different from just zipping a file with a password?
+
ZIP password encryption uses much weaker algorithms (often ZipCrypto or AES-128) that can be brute-forced with readily available tools. More importantly, ZIP uses no key exchange — the password IS the key, making dictionary attacks easy. QSafe uses Argon2id to make brute-force attacks extremely slow, AES-256-GCM with proper authenticated encryption, quantum-safe key encapsulation, and digital signatures that detect any tampering. It is orders of magnitude stronger.
When will quantum computers actually be a threat?
+
Most experts estimate 10–20 years before quantum computers can break current encryption. But adversaries are already collecting encrypted data today to decrypt once quantum computers exist — this is called a "harvest now, decrypt later" attack. If you're encrypting anything that needs to stay private for more than a few years (medical records, legal documents, financial data, personal secrets), you should use quantum-safe encryption now.

Ready to see it in action?

Create a vault and encrypt your first file in under 30 seconds.

Open QSafe Vault → Explore the Science