A focused overview for sovereign and high-assurance environments. This brief describes the operational boundary, relay sovereignty model, and what Visk Ops does and does not claim.
Visk Ops is the dedicated deployment path for regulated and critical operators. It separates high-assurance traffic from the consumer network by using customer-hosted infrastructure and a customer-run ZK-RAM relay layer.
Web sessions are linked to a Visk Quantum client through an encrypted tunnel so relay nodes only handle ciphertext.
A common question from security purists is why Visk Ops utilizes a federated relay architecture rather than a pure peer-to-peer (P2P) decentralized network. While pure P2P networks (like those relying on DHTs or Gossip protocols) offer theoretical architectural purity, they introduce fatal practical flaws for mobile and enterprise environments.
The Result: Visk provides the performance, reliability, and asynchronous delivery of a centralized enterprise platform, while mathematically enforcing the trustless, zero-knowledge privacy guarantees of a P2P protocol.
Current post-quantum strategies often rely on hybrid approaches that wrap classical AES keys with quantum KEMs. While effective for transport, this leaves bulk data encryption reliant on classical assumptions. Aetherion (ML-NGES) explores applying the mathematical hardness of the Module-LWE problem as an additional shielding layer around the AES payload data in an experimental construction.
The Valkyrie Protocol implements a "Wrap-Derive-Encrypt-Sign" (WDES) pipeline to achieve holistic security:
Aetherion operates as a chunked lattice encryption construction:
Aetherion defines variable-degree polynomial rings R(q,n) as profiles:
| Profile | Codename | Ring Parameters |
|---|---|---|
| NGES-128 | ION | n=256, q=3329, k=2 |
| NGES-192 | NEUTRON | n=512, q=7681, k=3 |
| NGES-256 | QUASAR | n=1024, q=12289, k=4 |
| NGES-512 | SAF | n=2048, q=12289, k=5 |
ML-NGES is an experimental encryption construction. While it reuses post-quantum primitives standardized by NIST, the overall scheme is not standardized and does not inherit the formal security proofs of ML-KEM or ML-DSA. Treat it as research-grade until formal cryptanalysis and proofs are available.
Operational settings are owned by the deploying organization. ZK-RAM relay behavior, routing boundaries, and retention windows are defined locally to align with internal policy.
Visk Ops maintains absolute anonymity at the relay level, requiring no emails, phone numbers, or corporate IDs. To satisfy high-assurance Identity and Access Management (IAM) requirements, Visk Ops uses a decoupled, blind provisioning model:
Result: The enterprise retains strict control over who gets access, but the Visk Ops relay only registers mathematical proofs. The infrastructure remains completely oblivious to the user's real-world identity.
To meet stringent compliance frameworks (e.g., NIS2, CMMC) without violating Zero-Knowledge principles, Visk Ops enforces a strict separation between operational telemetry and payload data:
| Area | Visk Ops Software | Customer Environment |
|---|---|---|
| Deployment | Provide build and deployment guidance. | Host the instance in approved infrastructure. |
| Relay Layer | Support the ZK-RAM relay service. | Operate relay nodes and define policy. |
| Separation | Maintain ops isolation by design. | Enforce network boundaries and ingress rules. |
| Governance | Provide documentation and change notes. | Approve changes and compliance posture. |
Exact responsibilities are defined by contract and deployment scope.