kryosette
Demo26
Every principle. Every technology. Every line of C/ASM. Explore what makes kryosette fundamentally different.
Social Network
A first look at the kryosette interface. Built from scratch.
Early development preview — not final design
9 architectural principles · click to jump
C/ASM Only
Every line of kryosette is written in C and Assembly. No virtual machines, no interpreters, no garbage collection pauses. Direct access to memory, direct control over execution, direct responsibility for every byte.
Serverless by Design (Done Schematically)
kryosette has no servers. Not a single one. The entire network runs on improved peer‑to‑peer communication with improved distributed hash tables for discovery (This is just a small part, and there are fundamentally different approaches). There is nothing to hack, nothing to subpoena, nothing to shut down.
Local‑First Storage
Everything is stored locally on your device. Messages, profiles, contacts, media — all on your hard drive, encrypted at rest. Your machine is the source of truth.
No ICMP — Custom Replacement
ICMP is replaced with a custom protocol that provides full visibility into network diagnostics without leaking information. Where existing protocols fail or are abused to restrict communication, we build clean replacements that cannot be turned against users. Every legacy component that enables censorship gets replaced with an alternative designed for freedom — no compromises, no backdoors, no central points of control.
Full Traffic Visibility
Through the Transparent Editor, you can watch every packet your machine sends and receives. Every route through the onion network. Every encryption handshake.
Encryption Everywhere
End‑to‑end encryption is the only mode of operation. Every message, every file, every profile update is encrypted before it leaves your machine.
Zero External Dependencies
kryosette does not depend on any external service. The entire system is self‑contained. If a cloud provider goes bankrupt, kryosette doesn't notice.
Fault Tolerance by Design
There is no critical infrastructure. The DHT automatically re‑routes around failures. Data replicates via CRDTs without a central coordinator.
User Sovereignty
Granular access control built into the architecture. Decide who sees a post, who can comment, who can forward. Change settings retroactively.
4 core technologies · click to jump
01
Kryo Arch
The architectural foundation. Every component runs on your machine. No cloud backend. No API server. (Done Schematically)
Kryo Arch is a radical departure from traditional client‑server models. Everything is stored locally on your machine. You decide exactly who sees your posts, who is hidden, and how data flows. This architecture makes the network virtually unblockable and puts you in complete ownership of your digital presence. This is just a small part, and there are fundamentally different approaches
02
Transcendent Bridge
Test data only — not real user information
Bypasses traditional routing. Undetectable by deep packet inspection. Unstoppable by firewalls. Security Scanners.
The Transcendent Bridge is a proprietary network extension that operates across all OSI layers, not just L2. It works at every level of the stack, allowing direct, secure channels even in hostile network environments, bypassing deep packet inspection and other interference techniques.
03
In‑Memory DB
Segregated fits allocator. AES‑256‑GCM encryption. BLAKE3 checksums. Microsecond query latency.
Why build our own database? Because existing solutions weren't designed for our threat model. Our engine — KryoDB — uses a segregated fits allocator with size classes optimised for social graph operations. Every page is individually encrypted with its own IV.
04
Transparent Editor
Test data only — not real user information
Real‑time dashboard of all internal processes. TCP states, memory stats, routing paths, encryption handshakes. Live parameter editing.
The Transparent Editor exposes every internal process through a real‑time dashboard. TCP connection states with RTT and congestion window. Memory allocator statistics per size class. Current onion routing paths with latency per hop.
Planned
Technologies currently in research and development.
Core Algorithms
These are security algorithms — not cryptographic primitives. They protect data integrity, memory safety, and system resilience. Papers coming soon.
Entangled PRNG / DRS‑Generator
Paper comingDouble Randomized Seed Generator
A multi‑level cascade pseudo‑random number generator with dual independent seeds and non‑linear combination. Provides forward secrecy guarantees for all random values in the system.
The DRS‑Generator uses two independent seeds that evolve using different algorithms. The seed of values and the seed of offsets develop independently with no reverse feedback from the output. At generation time, the two streams combine through a non‑linear function, making the next output unpredictable even with full knowledge of both current seeds. This provides mathematical forward secrecy — compromising the current state reveals nothing about past outputs. Used for ASLR in the allocator, session key generation, and nonce creation throughout kryosette. This is a security algorithm — not a cryptographic primitive.
Ephemeral Hash CAS
Paper comingOne‑time hashes for lock‑free data structures
Replaces traditional version counters with unpredictable one‑time hashes in Compare‑And‑Swap operations. Provides inherent resistance to targeted ABA attacks in concurrent data structures.
Traditional CAS operations use monotonically increasing version counters, creating predictable patterns that attackers exploit in ABA attacks. Ephemeral Hash CAS replaces version counters with one‑time unpredictable hashes generated by the Entangled PRNG. The hashes have no predictable sequence, making it mathematically impossible for an attacker to engineer a successful ABA exploit. Cyclic hash reuse is normal and expected — there are no overflow edge cases to handle. This approach works identically for stacks, queues, trees, and memory allocators, providing a unified security model for all concurrent operations. This is a security algorithm — not a cryptographic primitive.
S_MSGID_CACHE
Paper comingSecure Message ID Cache
A deterministic, timing‑attack resistant message and session ID allocator powered by the DRS‑Generator. Maintains constant‑time performance regardless of load or cache state.
S_MSGID_CACHE uses the Entangled PRNG to generate message and session identifiers with minimal predictability. Unlike traditional ID allocators that exhibit timing variations under different load conditions — variations that leak information to attackers — this cache guarantees deterministic performance regardless of cache hit or miss. The generator's forward secrecy property means that even with a complete memory dump, future message IDs cannot be predicted. Integrated with the allocator's ASLR to provide defence‑in‑depth: even if an attacker compromises one layer, the other remains intact. This is a security algorithm — not a cryptographic primitive.
ZeroSum Algorithm
Paper comingData integrity via symmetric zero‑sum sequences
A mathematical integrity verification method using zero‑sum sequence generation. Detects data corruption and tampering with configurable sensitivity. Used for checksum verification in the in‑memory database.
ZeroSum generates symmetric sequences where all elements sum to zero with high numerical precision. The algorithm uses two parameters — f₀ (base factor) and s₀ (expected first element) — to generate a sequence that acts as a mathematical signature. After data transmission or storage, the sequence is regenerated and compared. This is a security algorithm — not a cryptographic primitive.
Ready to take back control?
No servers. No tracking. No compromises.