NUKR.

Roles

Cryptographic Architecture Rust + WASM Core PWA + Capacitor Mobile Threat Modelling Audit RFP

Problem

Encrypted-messaging tools all rest on the same broken assumption: a single vendor server you have to trust, an account you have to create, and crypto primitives you can't independently verify. Worse, almost none have a story for the day a CRQC (cryptographically-relevant quantum computer) lands — and "store now, decrypt later" attacks make that day already today for anything sensitive.

The market is also fragmented by use case: Signal for chat, ProtonMail for e-mail, hardware Yubikeys for auth, hardware wallets for crypto. None share a key model. None share a wire format. None ship without a server in the threat model.

---

Approach

One crypto core. Many products. A single audited Rust library (nukr-core) provides every cryptographic primitive — hybrid post-quantum KEM (ML-KEM-1024 + X25519), key-committing AEAD (AES-256-GCM), hybrid signatures (Ed25519 + ML-DSA-65), and a versioned envelope format with sealed-sender + Designated-Verifier MAC. WASM bindings expose it to the browser, Capacitor wraps the same PWA on iOS / Android, and a future N-API binding lands native Node.

Server never sees plaintext. Five axioms drive every design call: (1) server never sees plaintext, (2) private keys live on the device, (3) metadata minimised — inner metadata is encrypted, (4) envelopes are versioned for crypto agility, (5) no custom primitives — only audited building blocks in clearly-specified combiners.

Pre-audit, by design. v1 public launch is gated on independent audit (Cure53 / NCC Group RFP is in the docs). Pre-alpha builds are visible to invited testers only. The system is open-source from day one — every line of the crypto core is on GitHub.

---

Product family

Product	What it does
Drop	One-time encrypted share — paste a secret, scan a QR, the recipient reads it once. No account, no server-held copy.
Bridge	Long-form encrypted thread between two devices. Replaces "I'll DM you the password" forever.
Vault	Device-local encrypted blob storage with biometric unlock. Notes, credentials, recovery phrases.
Pay	Hybrid post-quantum escrow for crypto payments — buyer + seller exchange via the same envelope format.
Cash	Encrypted balance ledger on top of Pay. Treat the device as the wallet.
Radio	Air-gapped hardware for the threat model where the device itself can't be trusted.

---

Tech stack

• Rust workspace (nukr-core) — nukr-crypto, nukr-envelope, nukr-otp, nukr-wasm, nukr-test-vectors crates. Cross-runtime known-answer testing (Rust + WASM against RFC 7748, RFC 8032, plus internal hybrid + DV-MAC vectors).
• WebAssembly — wasm-bindgen wrapper exposes the entire core to TypeScript. @nukr/core npm package consumes it.
• TypeScript + Vite — PWA client (nukr-web) with vite-plugin-pwa, vite-plugin-wasm, top-level-await for WASM init, SRI-3 for subresource integrity.
• Capacitor 8 — same PWA wrapped natively on iOS + Android, with biometric unlock (@aparajita/capacitor-biometric-auth), camera for QR pairing, filesystem for vault storage, push notifications for Bridge.
• Cryptographic primitives: ML-KEM-1024 (post-quantum KEM) + X25519 (classical KEM) hybrid via HKDF-SHA-512 dual-output combiner; Ed25519 + ML-DSA-65 hybrid signatures; AES-256-GCM as key-committing AEAD; envelope v2 (Mode B, sealed-sender, DV-MAC tag).
• No backend you have to trust — relay servers route opaque envelopes only. Audit-friendly infrastructure (nukr-infrastructure repo).

---

Status

Pre-alpha across the board. Crypto primitives wired and passing cross-runtime tests against published vectors. Envelope wire format is at v2. Cure53 / NCC Group audit RFP is in the docs and is the gate to v1 public launch. Open-source from commit zero — nukr-core, nukr-web, nukr-radio, nukr-docs, nukr-infrastructure are all on GitHub under nkovalcin/nukr-*.

If post-quantum end-to-end infrastructure is a problem you care about — talk to me before v1 ships.