Bastet
Sovereign secure communications infrastructure

System architecture

A jurisdiction-aware, zero-trust communication architecture.

Bastet implements a sovereign, zero-trust communication architecture designed for high-risk operational environments.

High-level architecture

  • Endpoints (clients) never trust the network
  • Relay servers never see plaintext
  • No single component has global visibility

Communications are established using end-to-end encrypted channels routed through operator-selected relay chains.

Relay infrastructure

Relay servers:

  • Can be self-hosted on-premises or in private clouds
  • Can be operated by trusted partner organizations
  • Do not require user identity knowledge

Each relay only knows:

  • The previous hop
  • The next hop
  • Encrypted payloads

Jurisdiction-aware chaining

Organizations can define relay chains such as:

Endpoint → Domestic relay → Neutral jurisdiction → External relay → Recipient

This allows:

  • Avoidance of adversarial jurisdictions
  • Distribution of legal exposure
  • Resistance to traffic correlation

Message encryption layers

Bastet messages are protected through multiple encryption layers, each serving a distinct purpose.

At the content level, a message is encrypted for the intended recipient and signed by the sender. This provides both confidentiality and authenticity: only the recipient should be able to read the message, and the recipient can verify who produced it.

The message payload is then protected using a symmetric shared secret established preferably through an offline exchange between communicating peers. This additional symmetric layer reduces dependency on public-key cryptography alone and contributes to resilience against future advances in cryptanalysis and quantum computing.

This payload is then encapsulated inside a double-ratchet encryption layer. The double-ratchet mechanism continuously derives fresh keys during the conversation, limiting the impact of a future key compromise and providing forward secrecy across the message stream.

Finally, the resulting transport envelope is encrypted for the delivery relay using the relay server’s public key. When relay chaining is used, this wrapping is applied multiple times, once for each relay in the selected route. Each relay can only decrypt the layer intended for itself, learn the next hop, and forward an opaque encrypted payload.

As a result:

  • The recipient can verify the sender and decrypt the message content.
  • Relay servers cannot read message content.
  • Chained relays only see the information required to forward traffic to the next hop.
  • Compromise of one relay does not expose the full communication path or message content.

Identity and device management

  • Cryptographic identities, not phone numbers or emails
  • Multiple devices per identity
  • Fine-grained device revocation
  • Encrypted local storage with hidden compartments

Secure audio and video

Audio and video communications are:

  • End-to-end encrypted
  • Negotiated using the same identity framework
  • Designed to operate over constrained or monitored networks

Bastet is built to be auditable, deployable, and controllable by the organizations that rely on it.