The Citadel Protocol: Security Architecture & Cryptographic Stack


THE CITADEL PROTOCOL: Security Architecture & Cryptographic Stack

Zero Trust. Zero Vendor Lock-in. 100% Mathematical Certainty.

Cryptosign is built on a fundamental principle: you should never have to trust us. Our architecture guarantees that even if our company disappears tomorrow, your digital wealth remains completely recoverable. We use standard, open-source mathematics and physical offline extraction to ensure your legacy survives.

Diagram comparing standard security architecture to cryptosign advanced ecosystem on a dark background.

I. The Zero-Knowledge Client

Our deployment terminal is designed for absolute, air-gapped security. Your secret is never sent to a server, saved, or seen by anyone—not even us.

  • Air-Gapped Execution: The entire tool runs locally in your browser's memory.
  • Source Code Guarantee: You can download the exact, verified HTML code running right now to use offline on any computer, forever.
  • Cryptographic Integrity Check: A built-in verifier checks the file's unique digital fingerprint (hash) against a known safe value to ensure the code hasn't been maliciously altered.

II. Dual-Track Deployment Architecture

We offer two distinct cryptographic pipelines depending on your threat model and time horizon. You choose between maximum access control or maximum generational resilience.

Pipeline A: The Keyless Inheritance Model (Raw SSS)

Designed for 50+ year generational wealth transfer.

This model removes the risk of lost passwords or forgotten Master Keys. It uses raw Shamir's Secret Sharing (SSS) to mathematically fracture your plaintext secret into multiple shares.

  • The Math: If your threshold is 3-of-5, physically combining any 3 plates instantly reconstructs the payload via Lagrange interpolation.
  • The Advantage: Zero reliance on human memory. Your heirs only need to locate the physical plates to recover the estate. Having fewer than the required threshold gives an attacker absolutely zero information.

Pipeline B: The Citadel Model (AES-GCM + SSS)

Designed for active Enterprise and Corporate Treasury defense. This model separates Knowledge (the location of the plates) from Access (the Master Key). The core secret is heavily encrypted before it is ever split into shares.

  • The Math: The payload is locked using AES-256-GCM. The encryption key is derived via Argon2id (Time: 4, Mem: 64MiB, Par: 4) to prevent brute-force attacks.
  • The Advantage: If an attacker finds a physical plate, or even a full threshold of plates, they possess nothing but mathematically useless ciphertext without the Master Key Medallion

III. Industry Standards Alignment

Our distribution strategies and physical hardware are engineered to comply with the highest institutional frameworks.

  • Glacier Protocol: High-security cold storage standard focusing on "Deep Storage" and preventing single points of failure.
  • Smart Custody: "Asset vs Authority" separation model.
  • NIST SP 800-12: Physical access controls and "Tamper Evident" storage requirements.
  • J.P. Morgan (Inheritance): Separation of Knowledge (Location) and Access (Keys) for secure generational handover.

IV. The Doomsday Manifest (Manual Recovery)

If digital scanners fail, the underlying cryptographic share is permanently etched into the titanium dot matrix. Enterprise IT teams and heirs can extract the encrypted payloads directly from the plate using standard ASCII and hexadecimal translation.

We provide the complete suite of offline Python scripts and physical extraction manuals required to reconstruct your vault entirely from scratch.

[ ⬇️ DOWNLOAD DOOMSDAY RECOVERY KIT (.ZIP) ]

Includes all offline Python scripts, physical PDF extraction manuals, and the raw BIP39 dictionary.

Step 1: Physical Matrix Extraction Depending on your deployment model, follow the included PDF guides to manually read the physical dots and translate them into machine-readable strings

  • Keyless Protocol: A 24-row extraction converting 264-bit entropy directly into formatted Hexadecimal.
  • Citadel Protocol: An adaptive matrix extraction reversing binary rows to translate data into an encrypted ASCII string.
  • Step 2: Mathematical Reconstruction Load the extracted strings into the provided, open-source Python scripts. Run them in a fully offline terminal to execute the Lagrange interpolation, Argon2id key derivation, and AES-GCM decryption.
  • Step 3: BIP39 Dictionary Translation

 

If recovering a standard seed phrase, process the resulting master entropy through the included BIP39 parser to map the data back into your plaintext recovery words.