Encryption Technology
How military-grade cryptography protects every byte of your data on Catharsis.
The Science of Secrecy
Encryption is the mathematical process of transforming readable information (plaintext) into an unreadable format (ciphertext) using a cryptographic algorithm and a secret key. Only someone who possesses the correct key can reverse the process and recover the original information. Modern encryption algorithms are based on mathematical problems that are computationally infeasible to solve without the key — meaning that even with all the computing power in the world, an attacker cannot break the encryption within any reasonable timeframe. This is not a matter of opinion or marketing — it is a provable mathematical fact.
Catharsis employs encryption at every level of its infrastructure, from the network protocols that transport your data to the databases that store it, from the messages you exchange with vendors to the wallet addresses that hold your funds. Our encryption stack is built exclusively on well-established, peer-reviewed algorithms that have withstood decades of scrutiny by the world's leading cryptographers. We never use proprietary or unproven encryption schemes, because security through obscurity is the enemy of true security.
The importance of encryption cannot be overstated. In a world where data breaches are a daily occurrence and government surveillance programs operate on a global scale, encryption is the only technology that can provide meaningful protection for your privacy. Without encryption, every email you send, every message you type, every transaction you make is visible to anyone with the ability to intercept your communications — which includes not only hackers and criminals but also internet service providers, government intelligence agencies, and countless other entities that routinely monitor internet traffic.
AES-256 Encryption
All data at rest is protected by AES-256 in XTS mode — the same encryption standard used by intelligence agencies worldwide. With a key space of 2^256 possible combinations, brute-force attacks are mathematically impossible even with quantum computing.
End-to-End PGP
Every private message is encrypted with the recipient's PGP public key before leaving your browser. The plaintext never touches our servers. Even if our entire infrastructure were seized, your messages would remain completely unreadable without your private key.
Symmetric vs. Asymmetric Encryption
Modern cryptographic systems use two fundamental types of encryption: symmetric and asymmetric. Understanding the difference between these two approaches is essential to appreciating how Catharsis protects your data.
Symmetric encryption uses the same key for both encryption and decryption. It is extremely fast and efficient, making it ideal for encrypting large amounts of data. AES (Advanced Encryption Standard) is the most widely used symmetric algorithm and is employed by Catharsis to encrypt all data stored on our servers. AES-256, which uses a 256-bit key, provides an astronomical level of security — there are more possible keys than there are atoms in the observable universe, making brute-force attacks a physical impossibility.
Asymmetric encryption uses a pair of mathematically related keys: a public key and a private key. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa. This elegant system solves the key distribution problem inherent in symmetric encryption — you can share your public key openly without compromising the security of your communications. RSA and elliptic curve cryptography (ECC) are the most common asymmetric algorithms, and both are used extensively in the Catharsis platform.
In practice, Catharsis uses a hybrid approach that combines the strengths of both types. When you send an encrypted message, a random symmetric key is generated for that specific message and used to encrypt the content (fast, efficient). The symmetric key itself is then encrypted with the recipient's public key using asymmetric encryption (secure key exchange). The recipient decrypts the symmetric key with their private key, then uses it to decrypt the message. This approach provides the speed of symmetric encryption with the convenience and security of asymmetric key exchange.
Transport Layer Security
Beyond the encryption of stored data and messages, Catharsis implements rigorous transport security to protect your data as it travels between your browser and our servers. All connections to the platform are made through the Tor network, which provides three layers of encryption as your traffic passes through the entry guard, middle relay, and the final connection to our hidden service. This means that even if an adversary is monitoring the network at any single point, they cannot determine the content of your communications or your identity.
Within the Tor connection itself, we implement an additional layer of TLS (Transport Layer Security) encryption using modern cipher suites that support perfect forward secrecy (PFS). Perfect forward secrecy ensures that even if our server's private key were somehow compromised in the future, past communications would remain secure. This is achieved by generating a unique session key for each connection using the Diffie-Hellman key exchange protocol — even if an attacker records all encrypted traffic and later obtains the server's private key, they cannot retroactively decrypt the recorded sessions.
Our server-to-server communications are equally well-protected. All internal communications between our distributed server infrastructure use mutual TLS authentication with certificate pinning. This means that each server must present a valid, pre-configured certificate to communicate with other servers in the cluster, preventing man-in-the-middle attacks even if a certificate authority is compromised or coerced into issuing fraudulent certificates.
Perfect Forward Secrecy
Each session uses unique ephemeral keys. Compromising one session's key reveals nothing about past or future sessions, providing temporal isolation of your communications.
Certificate Pinning
We pin our TLS certificates directly, bypassing the certificate authority system entirely. This prevents compromised or coerced CAs from issuing fraudulent certificates for our domains.
RAM-Only Servers
Sensitive data is processed exclusively in volatile memory and never written to disk. Power loss or physical seizure results in immediate, permanent data destruction with zero recovery possibility.
Cryptographic Hash Functions
Hash functions are another critical component of the Catharsis security infrastructure. A cryptographic hash function takes an input of any size and produces a fixed-size output (called a hash or digest) that is unique to that specific input. Even a tiny change to the input — such as altering a single character — produces a completely different hash. This property makes hash functions invaluable for verifying data integrity, storing passwords securely, and generating unique identifiers.
Catharsis uses SHA-256 and SHA-3 hash functions throughout the platform. User passwords are never stored in plaintext — instead, they are processed through the Argon2id key derivation function, which is specifically designed to be resistant to both GPU-based and ASIC-based brute-force attacks. Argon2id combines the time-hardness of Argon2d with the side-channel resistance of Argon2i, providing the strongest available protection for stored password hashes. Even if our password database were somehow exfiltrated, the computational cost of cracking individual passwords would be prohibitive.
Hash functions also play a crucial role in our escrow system, where they are used to create tamper-proof records of transaction terms, verify the integrity of encrypted communications, and generate the deterministic wallet addresses that make our multisignature escrow possible. The mathematical properties of hash functions — specifically, their collision resistance and preimage resistance — ensure that these operations are secure against all known attacks.
The Future of Encryption
The field of cryptography is constantly evolving, and Catharsis is committed to staying at the forefront of these developments. We are particularly attentive to the potential threat posed by quantum computing, which could theoretically break many of the asymmetric encryption algorithms currently in use. While practical quantum computers capable of breaking current encryption standards are likely still years or decades away, we are already preparing for this eventuality by evaluating post-quantum cryptographic algorithms that are resistant to quantum attacks.
The National Institute of Standards and Technology (NIST) has been conducting a multi-year process to standardize post-quantum cryptographic algorithms, and we are closely following this effort. When post-quantum standards are finalized and widely validated, Catharsis will be among the first platforms to implement them, ensuring that your data remains protected against both current and future threats. Our modular cryptographic architecture is designed to facilitate seamless algorithm transitions without disrupting platform operations or requiring users to take any action.
We also continuously monitor the academic cryptography literature for new attacks, vulnerabilities, and innovations that could affect the security of our platform. Our security team maintains relationships with leading cryptography researchers and participates in major security conferences and workshops. This commitment to staying current with the state of the art ensures that Catharsis always employs the most secure and efficient cryptographic techniques available.