Office Locations

Americas
DarkstrikeInc
108 Wild Basin Road South
Suite 250
Austin, TX 78746

555 Fayetteville Street
Suite 300
Raleigh, NC 27601

Europe
Darkstrike AB
Kungsgatan 9
Stockholm
SE-111 43
Sweden

::: IMPORTANT NOTICE :::

Detailed technical documents can be a roadmap to an attack surface. At Darkstrike™, we prioritize data security and purposefully limit publicly available information to reduce attack surfaces and protect our customers. For access to detailed specifications and documentation, you must complete the New User Registration Form. Requests are evaluated and approved based on our client onboarding standards to ensure the highest level of security and integrity.

What is Darkstrike?

The world’s fastest most unconditionally secure data platform for any use case.

Why does this matter?

Protecting data and surfacing instantaneous intelligence from data is the cornerstone of all decision-making.

Why do we have two data platforms?

We offer two data products — Darkstrike Dome™ and Darkstrike Halo™ — to meet the needs of organizations with different security, compliance, and control requirements. Darkstrike Dome™ is fully hosted and managed by Darkstrike, ideal for teams that want turnkey protection with minimal overhead. Darkstrike Halo™ is deployable, giving clients the ability to host and control their own data while still using Darkstrike’s advanced encryption and ransomware protection. Both platforms deliver the same core security, tailored to how and where you operate.

What cloud environments are you connected to?

Architecture is cloud-agnostic. At present, our products and services connect to AWS.  Azure and GCP are forthcoming.

What programming language do you use?

Our core architecture is written in Go.

What version of TLS are you running?

TLS 1.3 with CRYSTALS-Kyber & CRYSTALS-Dilithium.

SDK

Our SDK provides the tools and libraries needed to build, integrate, and extend Darkstrike™ applications within your own environment, using your preferred programming languages and frameworks.

CLI

Our command-line interface (CLI) tool enables you to scaffold, develop, test, deploy, and manage Darkstrike™ applications and infrastructure directly from the command shell.

API

Our Application Programming Interface (API) allows you to programmatically interact with Darkstrike™ services — enabling secure data operations, blueprint management, and system integration from your own applications.

Integration

Below is a list of the products and services that Darkstrike™ offers with links to their supporting documentation

Darkstrike Dome™

Darkstrike Dome™ is a fully-hosted data vault and data exchange system designed to protect your most sensitive information from ransomware attacks and quantum threats. Darkstrike Dome™ restructures data, where your data is reorganized and encrypted with advanced quantum-resistant algorithms — making unauthorized access to the original information virtually impossible.

Once encrypted, the restructured data is randomly replicated and distributed across our robust and reliable cloud infrastructure, ensuring high availability and redundancy. Even if one or more nodes go offline, your data remains safe, secure, and accessible due to the distributed replication and restructured datasets.

At the core of our security model is an encrypted blueprint that governs the encrypted, restructured data. Without complete access to 100% of the encrypted, restructured data and the encrypted blueprint, unauthorized access is a non-zero probability, significantly mitigating the risk of ransomware attacks. Darkstrike Dome™ employs AES-256 encryption alongside post-quantum cryptography (PQC), ensuring that your data is not only safe from current threats but also resistant to future quantum computing attacks. Additionally, encryption keys are generated using Quantum Random Number Generators (QRNGs), providing hardware-based randomness for maximum security.

With our fully-hosted model, Darkstrike Dome™, we manage all technical complexities, including data storage in AWS and handling of data reconstruction. All encrypted, reconstructed data and encrypted blueprints are stored in a NoSQL or key-value database — both designed for speed, scalability, and security. This allows you to focus entirely on your business, knowing your data is protected with cutting-edge technology against today’s threats and the challenges of tomorrow.

Darkstrike Halo™

Darkstrike Halo™ is a data security core designed for businesses that prefer control over their data storage while still leveraging our patented ransomware protection and advanced quantum-resistant encryption technologies offered in our fully-hosted model, Darkstrike Dome™. Darkstrike Halo™ offers flexibility and data sovereignty for a wide array of use cases.

Darkstrike Halo™ Elite , our on-prem model, which is reserved for governmental, military, and certain approved corporates, provides clients absolute sovereignty over their data and security processes. Darkstrike Halo™ Elite provides maximum flexibility, combining the strength and security of our patented ransomware and advanced quantum-resistant encryption modules with the comfort and compliance benefits of maintaining direct control over stored data and security processes. Darkstrike Halo™ Elite is especially suitable for organizations with stringent regulatory or compliance requirements or those desiring the highest level of data sovereignty and control.

Darkstrike Halo™ Pro, our self-hosted model, enables clients to store encrypted, restructured data and encrypted blueprints within their own infrastructures, thereby maintaining direct physical control over their information. Even though data storage is managed locally by the client, Darkstrike handles the sophisticated processes involved in restructuring and encrypting the data, including encrypting blueprints with post-quantum cryptographic methods.

Darkstrike Halo™ Standard, our hybrid model, allows clients to maintain full control over their data while relying on Darkstrike to manage blueprint encryption, storage, and security operations. Blueprints are encrypted with one-time-pad, a mathematically unbreakable cipher — protecting the blueprints against any computationally unbounded adversary. Since Darkstrike Halo™ Lite manages critical blueprint encryption and storage, it delivers the best of both worlds — the data sovereignty of a self-hosted model combined with the blueprint integrity of our fully-hosted model, Darkstrike Dome™.

Ransomware Protection Service

The Ransomware Protection Service employs a proprietary process to restructure and replicate data across multiple nodes, regions, and environments. This data restructuring ensures that a threat actor must gain access to 100% — not 99.99% — of the restructured data and its encrypted blueprint to access any information. The blueprint is encrypted using information-theoretic security, while datasets are secured with either information-theoretic or computational cryptographic methods, depending on the confidentiality requirements.

This architecture effectively neutralizes a threat actor’s ability to compromise or ransom data on our network. However, any copies of data not protected under our protocols are outside the scope of protection offered by our proprietary Ransomware Protection Service and other Darkstrike™ solutions.

DNA Security Service‡

DNA Security Service leverages the DNA quaternary nucleotide structure (A, C, G, T) for encoding and encrypting data. Using quantum-secure or quantum-resistant DNA quaternary encoding powered by QRNG-generated entropy, this service significantly expands the cryptographic key space, rendering decryption, including brute-force methods, computationally infeasible. The encoding and encryption process preserves the underlying randomness and entropy of the data, ensuring cryptographic integrity. Encryption is applied at either the information-theoretic or computational level, depending on the confidentiality requirements of the dataset.

This service provides DNA encoding, encryption, decoding, and decryption but does not include DNA storage. For users requiring DNA storage, a nucleotide balancing service is available to maintain entropy and randomness prior to synthetic DNA synthesis and sequencing.

Highlights

EEG Security Service‡

EEG Security Service requires users to wear an EEG device, which captures brainwave patterns during a specific mental task. Electroencephalographic (EEG) signals are used as a secondary encryption key to lock the quantum-secure encryption and to secure the restructured and replicated data. EEG patterns are biologically unique and cannot be forged like passwords or fingerprints.

EEG signals prevents replay attacks as they change slightly every session, ensuring a new biometric key each time. Small variations in EEG signals do not prevent decryption, ensuring reliability.

Quantum Entropy Service

Quantum Entropy Service provides non-deterministic random for key encryption and other operations from a quantum random number generator (QRNG), which is powered by the laws of physics and quantum mechanics. All QRNG devices are successfully tested against NIST SP800-90 and Dieharder 2 series of standards.  Quantum entropy source is shot noise of the electron tunnelling through a doped semiconductor P-N junction with an on-demand conditioned entropy pool for intensive encryption operations. Our Quantum Entropy Service provides buffering and failover while adding entropy to the pool when entropy falls below configured threshold.

All of our encryption operations for Darkstrike Dome™ and Darkstrike Halo™ utilize QRNG-derived entropy. Users can retrieve random numbers from Linux-based servers for key encryption and other operations from our online servers. Entropy can be accessed via our API.‡

Quantum Key Generation Service

Quantum Key Generation Service enables multiple endpoints to create encryption keys derived from QRNG random without distributing keys or QRNG random between such endpoints, eliminating key transmission and “harvest now, decrypt later” risk.  Service enables practical implementation of information-theoretic data security without key or random transmission – achieving the security of quantum key distribution (QKD) within a classical framework.

While service is primarily utilized for quantum-secure (information-theoretic security) key generation, it may be used for quantum-resistant (computational security) key generation.

Highlights

Encryption Operations

Quantum KMS Service

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Quantum Messaging Service

The Quantum Messaging Service establishes Zero Trust Trusted (ZTT) Channels, adhering to Zero Trust Architecture (ZTA) principles for secure and authenticated communication. Mutual TLS is enforced across all cluster endpoints, requiring client certificates from the same trust chain for access. ZTT Channels integrate rigorous verification protocols, adaptive access controls, and advanced security mechanisms to protect against evolving threats.

Atomic Cryptography Service‡

Atomic Cryptography Service provides atomic decryption, re-encryption, and zeroization verified by Zero-Knowledge Scalable Transparent Arguments of Knowledge (zk-STARKs)‡, ensuring that the such processes are both secure and verifiable without exposing sensitive data.

Our Atomic Cryptography Service treats the decryption and re-encryption of data as a single, inseparable operation. The goal is to ensure that the data is never left in plaintext for longer than absolutely necessary and that the operation is performed in a way that prevents intermediate exposure.

Highlights

Zeroization Service

Service zeroizes various systems and elements that perform encryption and other operations.

Highlights

zk-STARKs Service‡

The zk-STARKs Service implements cryptographic protocols that enable a prover to demonstrate to a verifier that a computation has been performed correctly or a specific value is known, without revealing the value or underlying data. This ensures that encryption, decryption, and zeroization operations can be verified for correctness without exposing sensitive information.

Following each encryption, decryption, or zeroization operation, the service generates a unique, serialized, fixed-length cryptographically secure identifier based on zk-STARKs. This identifier encapsulates a session ID, random nonce, cryptographic context, operation purpose, and timestamp, ensuring traceability and verifiability while maintaining data confidentiality.

Highlights

‡ Future release.