> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mpcvault.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Encryption
> Zero-trust architecture with end-to-end encrypted communication.
## End-to-End Encryption
MPCVault adopts a zero-trust architecture. All traffic between computing nodes is peer-to-peer encrypted.
| Component | Protocol |
| ------------ | ---------------------- |
| Key Exchange | Noise Protocol IK |
| Encryption | ChaCha20-Poly1305 AEAD |
| Hashing | Blake2s |
The relay server is trustless - it has no knowledge of the actual messages transmitted.
## Personal Key Certificate
Each MPCVault user has a cryptographic identity defined by an Ed25519 key pair called the Personal Key Certificate. Only you know the private key.
## How Authentication Works
| Layer | Method |
| ------------- | ------------------------------------------ |
| Platform | Traditional authentication (password, 2FA) |
| Cryptographic | Ed25519 signature verification |
In addition to standard authentication, MPCVault performs cryptographic attestation using your public key.
## Zero-Trust Benefits
Personal Key Certificates enable:
* **Trustless secret sharing** - Pass key shares between users without exposing them to MPCVault
* **End-to-end encryption** - Messages encrypted directly between participants
* **Cryptographic identity** - Actions are cryptographically signed and verifiable