SECURITY · POSTURE
Sovereignty is not a feature. It is the substrate.
Every part of HYVE Ether OS is built so that no party — not us, not your ISP, not a future quantum-capable adversary — can read your data without your explicit consent. This page documents the five principles, the cryptographic primitives, and the certifications.
Five principles.
01
Local-first by default
All operator state lives in ~/.hyve/ on your machine, encrypted with vault-derived keys. The OS does not phone home, send telemetry, or upload activity. Relay endpoints carry only end-to-end-encrypted payloads we cannot decrypt.
02
Post-quantum by construction
ML-KEM-768 key exchange + 512-byte uniform cells + ChaCha20-Poly1305 AEAD + Ed25519 signatures across the substrate. Built for the day quantum computers break the rest of the internet — your data is encrypted against that day starting today.
03
Hardware below software
Camera, microphone, and other privacy-sensitive peripherals are gated at the kernel module level — below the userspace, below the browser. No software can override the hardware kill.
04
Cryptographic recovery
DataCore archives use Reed-Solomon GF(256) shard recovery — your archives survive partial corruption. Vault recovery uses Shamir 3-of-5 social threshold — your trusted contacts can collectively help you recover, no single party ever has full access.
05
Auditable decisions
Omega's decide() function is deterministic — same input, same output, every time, under 200 ns per rule. Every decision is reconstructible in Observatory. Auditors can replay any decision exactly.
Security features index.
Every security-relevant feature shipping in HYVE Ether OS, with patent-pending status flagged. Full claim list at /patents.
Post-Quantum Encrypted by Construction
PATENT PENDINGML-KEM-768 post-quantum key exchange + 512-byte uniform cells + ChaCha20-Poly1305 AEAD + Ed25519 signatures across the entire substrate. Built for the day quantum computers break the rest of the internet.
Patent-Pending Data Protocol (.hyvedata)
PATENT PENDINGPer-chunk AES-256-GCM encryption + Reed-Solomon GF(256) shard recovery (4+2 / 6+3 / 8+4 configurable) + PSO shard layout + Ed25519-signed manifest, keyed from your OS vault. One unlock decrypts every archive on the machine.
HYVE Bus Uniform Cell (HYVE-UT)
PATENT PENDINGEvery message on the inter-organ bus is encrypted into a fixed 512-byte cell, regardless of payload size — eliminating size-based side-channel inference about what agents are doing.
HYVE Concealed Shamir Transport (HYVE-CST)
PATENT PENDINGShamir K-of-N secret sharing applied per byte position to bus cells, so no single relay or storage shard can reconstruct the cell content even with full network access.
HYVE Blind Routing Tokens (HYVE-BRT)
PATENT PENDINGRouting tokens that reveal the next-hop destination only to the holder of the matching key, while opaque to relays — agents communicate without leaking topology.
HYVE Ratchet
PATENT PENDINGForward-secrecy ratchet for long-lived agent sessions — session compromise yields no past traffic, and key rotation is invisible to the application layer.
DEK/KEK Two-Tier Key Hierarchy
PATENT PENDINGData encryption keys (DEKs) per archive, wrapped under key encryption keys (KEKs) in the operator vault, with cross-tenant isolation enforced at the type level.
GF(256) Shamir Recovery
PATENT PENDINGRecover encrypted archives from partial shard loss using GF(256) finite-field Shamir reconstruction — single hardware failure does not lose data.
Tarpit + Tor + Sentinel Triad
PATENT PENDINGLayered network defense — outbound tarpitting, optional Tor relay, and Sentinel adaptive policy — combined to resist coercive traffic analysis without sacrificing throughput.
Panic-Wipe PIN
PATENT PENDINGA second PIN that unlocks the OS into a clean decoy state while irreversibly wiping the real vault — physical-coercion resistance built into the unlock flow.
Sentinel Hardware Kill-Switches
PATENT PENDINGCamera and microphone cut at the kernel module level, below userspace, below the browser. No software can override the hardware kill.
HYVE Identity
Sovereign on-device identity: X25519 master keypair, Shamir 3-of-5 social recovery, HKDF-derived scoped tokens. No cloud account required, ever.
Login.gov OIDC + PKCE
Native federal SSO via Login.gov using OpenID Connect with PKCE. The standard authentication flow for U.S. federal civic services, integrated end-to-end without a third-party broker.
Federal Compliance Phased Installer
Staged installer at /opt/hyve/fed-compliance/ for civic and federal adopters — opt-in compliance hooks (audit forwarding, SBOM attestation, agency registration) installed only when needed.
Operator-Controlled Relay (Sovereignty Default Empty)
HYVE_RELAY_URL is operator-controlled and defaults to empty. The OS never reaches a relay endpoint unless you explicitly configure one. Civic and federal deployments can point relay traffic at customer-owned infrastructure.
CURRENT BUILD · BUNDLE 14 + PRO PACK V2
18 security findings tracked · 14 fixed in current build
We run a continuous internal security audit and publish the count, not just the marketing. Findings are tracked under the shared HVE-2026-XXX numbering between the OS team and the website team. Open findings are scheduled against the next build; the four still open as of this build are ranked P2 or below and have documented mitigations. Higher transparency than zero-trust security marketing typically permits.
CERTIFICATION STATUS · IN PREPARATION
SOC 2 Type II — In Preparation, Not Yet Certified
SOC 2 Type II self-assessment in preparation. Several controls are implemented today (type-system-enforced wire shapes, per-tenant key isolation, parameterized SQL, OsRng). Not yet certified — full third-party audit scheduled post-launch.
Reporting a vulnerability.
If you discover a security issue in the OS, the website, or the relay endpoints, please email majixx@vibesoftwaresolutions.com with details. We acknowledge within 48 hours, ship a fix within 7 days for high-severity issues, and credit reporters in the public findings doc unless you ask otherwise.
We follow coordinated-disclosure norms: please give us a chance to patch before public disclosure. We do not litigate good-faith security research.