Security Architecture

An in-depth look at VaultProtocol's Zero-Knowledge implementation and encryption standards.

Last updated: October 2026

1. Zero-Knowledge Proof & E2EE

VaultProtocol is built from the ground up on a strict Zero-Knowledge Architecture. This means our servers are entirely 'blind' to your data. Your plain-text notes are encrypted on your local device (End-to-End Encryption) before being transmitted over the network.

2. Master Key Derivation (PBKDF2)

Your Master Password never leaves your device. Instead, it is passed through PBKDF2 (Password-Based Key Derivation Function 2) with a unique, cryptographically secure salt. This generates a robust 256-bit encryption key in your browser's local memory.

3. AES-GCM 256-bit Encryption

All data payloads are encrypted using AES-GCM (Advanced Encryption Standard in Galois/Counter Mode) with 256-bit keys. GCM provides both data confidentiality and authenticity (integrity), ensuring ciphertexts cannot be tampered with.

4. Impermanent Memory State

Your derived keys exist solely in the volatile RAM of your browser or client device. They are immediately flushed upon session termination or tab closure. No cryptographic keys are ever persisted to disk, localStorage, or cookies.