← Back to Visk Ops | Consumer Site
Deployment Brief v1.0

Visk Ops Deployment Brief

A focused overview for sovereign and high-assurance environments. This brief describes the operational boundary, relay sovereignty model, and what Visk Ops does and does not claim.

Scope

Visk Ops is the dedicated deployment path for regulated and critical operators. It separates high-assurance traffic from the consumer network by using customer-hosted infrastructure and a customer-run ZK-RAM relay layer.

Web sessions are linked to a Visk Quantum client through an encrypted tunnel so relay nodes only handle ciphertext.

Deployment Boundary

Architecture Philosophy: Why Federated Zero-Knowledge over Pure P2P?

A common question from security purists is why Visk Ops utilizes a federated relay architecture rather than a pure peer-to-peer (P2P) decentralized network. While pure P2P networks (like those relying on DHTs or Gossip protocols) offer theoretical architectural purity, they introduce fatal practical flaws for mobile and enterprise environments.

The Result: Visk provides the performance, reliability, and asynchronous delivery of a centralized enterprise platform, while mathematically enforcing the trustless, zero-knowledge privacy guarantees of a P2P protocol.

Bulk Data Encryption After PQC

Current post-quantum strategies often rely on hybrid approaches that wrap classical AES keys with quantum KEMs. While effective for transport, this leaves bulk data encryption reliant on classical assumptions. Aetherion (ML-NGES) explores applying the mathematical hardness of the Module-LWE problem as an additional shielding layer around the AES payload data in an experimental construction.

The Valkyrie Protocol (WDES)

The Valkyrie Protocol implements a "Wrap-Derive-Encrypt-Sign" (WDES) pipeline to achieve holistic security:

Technical Characteristics

Aetherion operates as a chunked lattice encryption construction:

Parameter Sets

Aetherion defines variable-degree polynomial rings R(q,n) as profiles:

Profile Codename Ring Parameters
NGES-128 ION n=256, q=3329, k=2
NGES-192 NEUTRON n=512, q=7681, k=3
NGES-256 QUASAR n=1024, q=12289, k=4
NGES-512 SAF n=2048, q=12289, k=5

Status and Claims

ML-NGES is an experimental encryption construction. While it reuses post-quantum primitives standardized by NIST, the overall scheme is not standardized and does not inherit the formal security proofs of ML-KEM or ML-DSA. Treat it as research-grade until formal cryptanalysis and proofs are available.

Control And Policy Ownership

Operational settings are owned by the deploying organization. ZK-RAM relay behavior, routing boundaries, and retention windows are defined locally to align with internal policy.

Identity Management & Access Verification

Visk Ops maintains absolute anonymity at the relay level, requiring no emails, phone numbers, or corporate IDs. To satisfy high-assurance Identity and Access Management (IAM) requirements, Visk Ops uses a decoupled, blind provisioning model:

Result: The enterprise retains strict control over who gets access, but the Visk Ops relay only registers mathematical proofs. The infrastructure remains completely oblivious to the user's real-world identity.

Audit Logging & Regulatory Compliance

To meet stringent compliance frameworks (e.g., NIS2, CMMC) without violating Zero-Knowledge principles, Visk Ops enforces a strict separation between operational telemetry and payload data:

Responsibility Snapshot

Area Visk Ops Software Customer Environment
Deployment Provide build and deployment guidance. Host the instance in approved infrastructure.
Relay Layer Support the ZK-RAM relay service. Operate relay nodes and define policy.
Separation Maintain ops isolation by design. Enforce network boundaries and ingress rules.
Governance Provide documentation and change notes. Approve changes and compliance posture.

Exact responsibilities are defined by contract and deployment scope.