Research Overview

SeraphVPN is built on PALISADE, a post-quantum–native tunneling protocol designed through explicit threat modeling and documented security assumptions. SeraphVPN is not just another VPN; we are a deep tech company driven to advance the disciplines of cryptography and secure networking.

This page summarizes the research foundations of PALISADE and provides access to public technical artifacts for independent review. Read the full PALISADE specification and appendices here.

These materials are provided to support transparency, review, and discussion. They describe the system as designed and implemented, not a claim of formal verification or standardization.

Design Philosophy

PALISADE was designed from first principles to address long-term cryptographic risk in a world where advances in computing—particularly quantum computing—invalidate many classical security assumptions.

Rather than incrementally modifying existing VPN protocols, PALISADE adopts a clean-slate approach with the following guiding principles:

  • Post-quantum cryptography in the entire security-critical path (data AND control planes)
  • Zero logging
  • Absolute minimal exposed metadata
  • Explicit replay resistance and state management
  • Clear separation of security domains and cryptographic epochs
  • Practical deployability using standardized cryptographic primitives
  • Publicly available and peer-reviewed

These principles inform both the PALISADE protocol design and its reference implementation in SeraphVPN.

Threat Model

PALISADE assumes adversaries capable of:

  • passive traffic observation and recording,
  • active packet injection, replay, and tampering,
  • long-term data capture followed by future cryptanalytic advances ("harvest-now, decrypt-later").

The protocol is designed to protect confidentiality, integrity, and authentication under these conditions, assuming standard cryptographic hardness of the underlying post-quantum primitives.

Protocol Snapshot

PALISADE is a UDP-based authenticated key exchange and tunneling protocol that uses:

  • ML-KEM-768 for post-quantum key establishment
  • Dilithium-3 for post-quantum identity authentication

The protocol features transcript-bound key derivation, encrypted packet headers, deterministic handshake canonicalization, and explicit cryptographic epochs for rekeying and migration. Optional post-quantum 0-RTT resumption is supported with bounded replay risk.

Control-Plane Binding

Unlike most VPN systems, SeraphVPN applies post-quantum cryptographic protections not only to the tunnel itself, but also to the systems that authorize tunnel creation.

Control-plane operations use post-quantum proof-of-possession authentication, and session authorization is cryptographically bound to tunnel establishment. This design avoids repeated transmission of long-lived credentials and reduces reliance on transport-layer security assumptions.

Public Artifacts

We are committed to transparency and review. The following materials are publicly available or in active preparation:

  • PALISADE protocol specification (draft)
  • Threat model and security invariants
  • Negative end-to-end test vectors
  • Deployment and operational documentation

These artifacts are intended to support independent evaluation and future standardization efforts.

Ongoing Work

PALISADE and SeraphVPN are under active development. Current research efforts include:

  • formal analysis and peer review,
  • performance benchmarking,
  • interoperability exploration,
  • and preparation for broader public and academic feedback.

We welcome discussion, review, and collaboration from the research and security communities.

PALISADE Protocol Specification Draft 00

INFORMATIONAL