PROJECT
HIEROPHANT

No usernames, phone numbers, email addresses, or device IDs whatsoever. Not just encrypted identifiers—structurally nonexistent. Physically impossible to determine who communicates with whom. The system mathematically eliminates the concept of user identity while maintaining secure authentication.

All encryption and decryption processes occur exclusively on user devices, with no intermediate points ever having access to plaintext data or encryption keys. Unlike conventional E2EE systems that still rely on central servers for key distribution, Hierophant implements true client-side cryptography where keys never traverse networks—they're established through direct physical exchange. Each message utilizes unique ephemeral key. This architecture ensures that even if an attacker compromises the entire transmission infrastructure, message contents remain mathematically inaccessible. The encryption boundaries exist solely at the endpoints, with cryptographic operations performed within secure hardware enclaves resistant to memory attacks.

Implements standardized PQ algorithm paired with AES. Not planned for quantum resistance—already built in. Our proprietary techniques eliminate persistent cryptographic patterns, rendering advanced cryptanalysis ineffective.

Unlike traditional systems that depend on static credentials, persistent identifiers, or exposed key exchanges, Hierophant implements a proprietary zero-knowledge protocol. Users prove their legitimacy cryptographically—without ever revealing identity, keys, metadata, or device fingerprints. There are no accounts, no transmitted credentials, and no linkable patterns. Trust is established through mathematics, not through infrastructure.

Hierophant can utilize lightweight, stateless servers exclusively as encrypted message relays—these servers never handle key exchange or process user data. Crucially, for ultimate resilience or when infrastructure is compromised or unavailable, Hierophant switches to direct peer-to-peer (P2P) mode, radio transmission, mesh networking, or physical media transfer. This guarantees uninterrupted secure communications, even completely offline, under active jamming, or in denied environments.

Field-tested and operational over commercial hardware, radio equipment, mesh networks, and physical media transfer. Functions with or without internet connectivity, continuing operations during complete communications blackout. Messages seamlessly transition between transmission channels based on availability.

Optimized for GrapheneOS and hardened Linux. No dependencies on services, foreign components, commercial tools or libraries.

Protocol operates on bare hardware without dependency on operating systems. Deployed on dedicated physical boards with radio transmission capabilities. Engineered specifically for hostile environments where software security cannot be guaranteed. Functions independently of any commercial technology stack.

No metadata about who contacts whom, when, how often, or from what location is ever generated. Optionally, system automatically generates convincing decoy messages that are indistinguishable from real communications to external observers. Traffic patterns, timing signatures, and volume analysis become meaningless.

When utilizing optional server relays, Hierophant ensures zero data persistence. Messages arrive pre-encrypted by the client, are processed exclusively in RAM (never written to disk), and are automatically and irreversibly obliterated from memory immediately after the first successful receipt by the intended recipient.

Multi-level key isolation using hardware Trusted Execution Environments. Keys never leave secure enclaves, with all cryptographic operations happening in isolated memory. Resistant to device compromise, malware, and physical access attacks. Secure against sophisticated endpoint targeting.

Available as a fully customer-controlled On-Premise solution, or as a secure SaaS deployment in isolated environments (subject to Austrian export control approval). Each deployment individually tailored to customer security requirements and operational context. Custom hardware solutions available for highest-security implementations.