Return to Home

Infrastructure

Post-Quantum-Ready Genomic Security

Biological data lasts for life. Enigma Genetics is building toward post-quantum-ready protection for long-horizon genetic and health data security.

Cryptographic Building Blocks

The platform is being designed around the threat model of long-horizon biological data. The components below indicate the cryptographic primitives currently planned for the architecture. Implementation status is noted on each.

Key Encapsulation

In Development

ML-KEM-1024

NIST-standardized lattice-based encryption planned for key exchange. Designed to be resistant to known quantum attacks on classical key exchange.

Digital Signatures

In Development

ML-DSA-87

NIST-standardized lattice-based signatures planned for authentication and audit trail integrity.

Symmetric Encryption

Implemented

AES-256-GCM

AES-256-GCM authenticated encryption for symmetric data protection.

Hash Functions

Implemented

SHA3-512 / HMAC-SHA3-256

Keccak-based hashing for integrity verification and message authentication.

Compliance Roadmap

Enigma Genetics is building toward healthcare-grade privacy, security, and audit readiness. Current roadmap areas include HIPAA-aligned workflows, GDPR readiness, SOC 2 readiness, and ISO 27001-aligned controls. Certifications will be listed only when completed.

HIPAA

US Health Data

Roadmap

GDPR

EU Privacy

Roadmap

SOC 2

Service Controls

Roadmap

ISO 27001

InfoSec Standard

Roadmap

Roadmap items are not certifications. Completed certifications will be listed publicly when achieved. See the compliance roadmap for details.

What the system is designed to store

  • Encrypted biological data blobs designed to be unreadable without user-controlled keys

  • Consent transaction hashes on a tamper-evident audit log

  • Access audit records (who requested access, when, and under what consent)

  • Public key metadata for verification and recovery flows

What the system is designed not to hold

  • Your private decryption keys

  • Unencrypted genetic sequences

  • Plaintext health records

  • Raw biometric authentication templates

The architecture is designed so Enigma Genetics does not possess the keys needed to decrypt user-controlled biological data.

Architecture Overview

Client-Side Encryption

Encryption is designed to occur on your device before data is transmitted. The platform is intended to receive ciphertext only.

Zero-Knowledge Architecture In Development

Verifying properties of biological data (e.g., age range, presence of a marker) without disclosing the underlying record.

Tamper-Evident Audit Trail

Append-only audit trail designed to detect unauthorized alteration. Compatible with RFC 3161 timestamping for external attestation.

Key Recovery Protocol Roadmap

Shamir secret sharing is on the roadmap to allow trusted contacts to assist with key recovery, with no single party holding full access.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly. We work with researchers to address valid concerns. Please include:

  • Vulnerability description
  • Affected URL or component
  • Steps to reproduce
  • Potential impact
  • Your contact information

Please do not access, alter, delete, or exfiltrate user data while researching.

security@enigmagenetics.cloud