Whitepaper v5 — Veil Protocol

Abstract

Veil is the only quantum-resistant privacy protocol with biometric self-sovereign identity. It rebuilds the foundational layer of digital identity, communication, and value transfer using NIST-finalized post-quantum cryptographic standards — ML-KEM-768 (FIPS 203), ML-DSA-65 (FIPS 204), and SLH-DSA (FIPS 205) — deployed across every protocol layer today, not as a future roadmap commitment.

The protocol delivers a unified stack: biometric self-sovereign identity using Shamir's Secret Sharing with ML-KEM-768 wrapped shards, end-to-end encrypted communications with a quantum-resistant Double Ratchet replacing X3DH entirely, a non-custodial multi-chain wallet using ML-DSA-65 in place of ECDSA (the first quantum-resistant wallet on Base), a decentralized VPN with ML-KEM-768 pre-handshake wrap over WireGuard, a hardened browser, and an encrypted enterprise workspace — all accessible through a single biometric authentication event requiring no passwords and no seed phrases.

VEIL is a utility token deployed on Base (Ethereum L2) that powers the network economy: paying for bandwidth, staking nodes, and governing the protocol through a DAO with on-chain treasury controls. Total supply is fixed at 200,000,000 VEIL.

This document is a pre-legal review draft. Token-related sections are pending review by qualified legal counsel. Nothing in this document constitutes an offer to sell or solicitation to buy securities. VEIL tokens are utility instruments providing access to network services and governance participation.

1. The Problem

The internet was not built with privacy as a default. Every layer — DNS, HTTP, SMTP, the TCP/IP stack itself — was designed for openness, not confidentiality. Privacy has been retrofitted onto this foundation for 30 years, producing a patchwork of tools that are either technically weak, commercially compromised, or simply too fragmented to use effectively.

1.1 Fragmentation

A privacy-conscious user today requires: a VPN for traffic encryption, a separate encrypted messenger, a hardware wallet for key storage, a hardened browser, a password manager, and a 2FA application. Each tool represents a separate attack surface, a separate data relationship, and a separate identity to manage.

1.2 Commercial Misalignment

The majority of consumer VPN providers log connection metadata and sell it to data brokers. Biometric authentication systems store raw biometric data in centralized databases. Cloud storage providers hold encryption keys on behalf of their users, making compliance with government data requests trivially easy.

1.3 The Seed Phrase Problem

Non-custodial cryptocurrency wallets require users to memorize or securely store a 12–24 word seed phrase. This single point of failure is responsible for billions of dollars in permanent asset loss annually.

1.4 Nation-State Threat Model

Privacy tools designed for casual use are inadequate for the threat model faced by journalists, political dissidents, legal professionals, and enterprise users operating in adversarial environments. These users require cryptographic guarantees, not policy promises.

2. The Veil Solution

Veil is a single protocol that addresses all four problems simultaneously. The entry point is a biometric authentication event that derives a deterministic cryptographic seed from the user's biometric embeddings. This seed is the root of all downstream security: wallet keys, message encryption keys, VPN authentication, and workspace access.

2.1 The Stack

Layer	Component	Technical Foundation	Status
Identity	Biometric SSI	Shamir's Secret Sharing, fuzzy extractor, 3-of-5 threshold	Live
Communications	E2EE Messenger	Double Ratchet, sealed sender, forward secrecy	Live
Wallet	Non-custodial	Multi-chain, in-app DEX, biometric key recovery	Live
Network	Decentralized VPN	WireGuard, Kademlia DHT (@veil/p2p), operator nodes	Live
Browser	Hardened Browser	Firefox fork, 52 privacy defaults, uBlock Origin	Live
Workspace	Encrypted Workspace	AES-256-GCM client-side, node-distributed, CRM	Beta

3. Biometric Self-Sovereign Identity

3.1 Architecture Overview

Veil's identity layer implements a biometric-derived self-sovereign identity system. The user's identity is not stored on any server — it is reconstructed on demand from the user's own biometric data. Three modalities are captured simultaneously: facial recognition, voice recognition, and liveness detection.

3.2 Fuzzy Extractor

A fuzzy extractor is applied to the combined biometric embedding to produce a stable, deterministic output even with up to 15% variation in the input signal.

biometric_embedding → fuzzy_extractor → deterministic_seed (256-bit)

3.3 Shamir's Secret Sharing — 3-of-5 Threshold

Shard	Location	Type
1	Device encrypted storage (primary)	Local
2	Separate device partition / TPM	Local
3	VPN node-1 (encrypted shard only)	Network
4	VPN node-2 (encrypted shard only)	Network
5	VPN node-3 (encrypted shard only)	Network

3 of 5 shards are required to reconstruct the master key. Raw biometric data never leaves the user's device.

4. Post-Quantum Cryptography

4.1 Why Classical Cryptography Fails Against Quantum Computers

The cryptographic primitives securing the internet today — ECDSA signatures, X25519 key exchange, and Curve25519-based Diffie-Hellman — all derive their security from the hardness of the elliptic curve discrete logarithm problem. Shor's algorithm, running on a sufficiently powerful quantum computer, solves this problem in polynomial time. The result: every ECDSA signature becomes forgeable, every X25519 key exchange becomes transparent, and every Curve25519-based session key becomes recoverable. This is not a theoretical concern — it is a mathematical certainty once the hardware matures.

RSA suffers the same fate via Shor's algorithm applied to integer factorization. AES-256 is weakened by Grover's algorithm (reducing effective security from 256 bits to 128 bits) but remains viable. The consequence: the entire asymmetric cryptography layer — the layer responsible for key exchange, digital signatures, and identity — must be replaced.

4.2 Harvest-Now-Decrypt-Later — Why Urgency Matters Today

Nation-state adversaries are already archiving encrypted traffic at scale. The strategy is simple: collect ciphertext today, store it indefinitely, and decrypt it once quantum hardware is available. Any data encrypted with X25519, ECDH, or RSA today is already compromised in a future-tense sense. This includes VPN sessions, encrypted messages, wallet key derivation material, and biometric shard transmissions. Protocols that plan to migrate to post-quantum cryptography "when quantum computers arrive" have already failed the users whose data is being harvested now.

Veil's decision to implement PQC across all layers at launch — not as a migration — is a direct response to the harvest-now-decrypt-later threat model. There is no window of vulnerability because there was never a classical-only phase.

4.3 NIST PQC Standards — Finalized August 2024

After a multi-year competition and standardization process, NIST finalized three post-quantum cryptographic standards in August 2024. These are not experimental proposals — they are the official NIST-standardized replacements for classical asymmetric cryptography.

Standard	Algorithm	Type	Security Basis
FIPS 203	ML-KEM-768	Key Encapsulation Mechanism	Module-LWE (lattice)
FIPS 204	ML-DSA-65	Digital Signature	Module-LWE / SIS (lattice)
FIPS 205	SLH-DSA-SHAKE-128s	Hash-Based Signature	SHAKE-256 (hash functions)

ML-KEM (Module Lattice Key Encapsulation Mechanism) replaces X25519 and ECDH for key exchange. ML-DSA (Module Lattice Digital Signature Algorithm) replaces ECDSA and Ed25519 for signing. SLH-DSA (Stateless Hash-based Digital Signature Algorithm) provides a conservative hash-based fallback with security that depends only on the properties of hash functions — not lattice problems.

4.4 Veil Implementation — Every Layer

Layer	Algorithms	Replaces	Status
Core (@veil/core)	ML-KEM-768, ML-DSA-65, SLH-DSA-SHAKE-128s	All classical asymmetric primitives	Complete
VPN (@veil/vpn-node)	ML-KEM-768 pre-handshake wrap; hybrid TLS X25519Kyber768 on all nodes	Bare Curve25519 Noise handshake	Complete
Messenger (@veil/messenger)	ML-KEM-768 Double Ratchet + ML-DSA-65 per-message signatures	X3DH + X25519 + Ed25519	Complete
Wallet	ERC-4337 smart accounts with ML-DSA-65 signing	ECDSA (secp256k1)	Pre-token
Biometric Shards	ML-KEM-768 wrapped SSS shards in transit and at rest	Classical encryption of shard transport	Complete

4.5 VPN — ML-KEM-768 Over WireGuard

WireGuard's Noise_IKpsk2 handshake uses Curve25519 — vulnerable to Shor's algorithm. Veil wraps every WireGuard session with a two-step ML-KEM-768 pre-handshake: the client sends its ML-KEM-768 public key (1184 bytes) to the node; the node encapsulates a fresh shared secret (1088-byte ciphertext), derives a WireGuard PSK from the ML-KEM shared secret via HKDF-SHA512, and returns the PSK encrypted under the ML-KEM-derived session key. The Curve25519 Noise handshake then proceeds — but the WireGuard PSK now requires breaking ML-KEM-768 before any classical traffic is exposed. Hybrid security: a quantum adversary must break both layers.

// Session material per VPN connection
sessionKey  = HKDF-SHA512(mlKemSharedSecret ‖ wgPsk)  // 32 bytes
wgPsk       = fresh per-session (32 bytes)
pqcSessionKeyId = SHA-256(sessionKey)                  // safe to log

4.6 Messenger — Quantum-Resistant Double Ratchet

The Signal Protocol's X3DH key agreement uses X25519 — broken by Shor's algorithm. Veil replaces X3DH entirely with a three-step ML-KEM-768 handshake. The initiator generates ephemeral ML-KEM-768 and ML-DSA-65 keypairs and sends a signed handshake init. The responder encapsulates to the initiator's KEM public key, generates its own keypairs, and returns the ML-KEM ciphertext. Both parties derive the same root key. Each subsequent message ratchets with a fresh ephemeral ML-KEM-768 keypair — the shared secret for message N is derived from the previous root key and the new KEM encapsulation:

rootKey[N] = HKDF-SHA512(rootKey[N-1] ‖ kemSharedSecret[N])
// old root keys zeroed immediately — forward secrecy preserved

Every message is signed with ML-DSA-65 before encryption and verified after decryption. Wire sizes: ML-KEM-768 public key 1184 bytes, ciphertext 1088 bytes; ML-DSA-65 public key 1952 bytes, signature 3309 bytes.

4.7 Wallet — First Quantum-Resistant Wallet on Base

Ethereum's ECDSA signature scheme (secp256k1) is directly broken by Shor's algorithm. Veil implements ERC-4337 smart accounts where the signature verification step calls a custom validator that verifies ML-DSA-65 signatures instead of ECDSA. The user's ML-DSA-65 keypair is derived from their biometric seed and never touches secp256k1. This makes Veil the first quantum-resistant wallet on Base and, to our knowledge, on any major EVM L2. Ethereum's own PQC migration targets 2029 at earliest; Veil ships it today.

4.8 Quantum Resistant by Default

PQC is not a configuration option or a premium tier in Veil — it is the only mode. Every user who authenticates with Veil gets ML-KEM-768 key encapsulation, ML-DSA-65 signatures, and quantum-resistant session keys from their first interaction. There is no classical fallback path. Harvest-now-decrypt-later adversaries collecting Veil traffic today will find only data protected by NIST-standardized lattice-based cryptography with 128-bit post-quantum security level.

5. Token Economics

4.1 VEIL Token

VEIL is a utility token deployed on Base (Ethereum L2). It serves three functions: payment for subscriptions and VPN bandwidth, staking to secure the node network and earn revenue share, and governance via DAO proposals and voting. Total supply is fixed at 200,000,000 VEIL. No additional tokens can be minted.

4.2 Token Allocation — v4 Final

Allocation	VEIL	% Supply	Vesting / Notes
Founding Architect	50,000,000	25%	4yr vest, 1yr cliff
Protocol Treasury (DAO)	60,000,000	30%	DAO controlled — proposals required for spend >$50K
Investors / Grants	30,000,000	15%	Per-deal — minimum 2yr vest, 6mo cliff
Airdrop / Community	20,000,000	10%	Tiered cliff + linear vest
Ecosystem Fund (DAO)	26,000,000	13%	DAO governed — advisors, legal, grants, node incentives
Liquidity Provision	14,000,000	7%	DEX seeding on Aerodrome (Base) at token launch
TOTAL	200,000,000	100%	Fixed supply — no inflation possible

Burn consideration: Veil Core Team may propose burning 5–10M tokens from the Founding Architect allocation at a significant protocol milestone as a community alignment signal. Subject to DAO ratification.

4.3 Staking Economics

Node operators stake 500 VEIL per node. 40% of all subscription revenue flows to stakers via on-chain formula. DAO votes to adjust the percentage.

baseAPY = (treasury revenue × 40%) ÷ (total staked VEIL × tokenPrice) × 100

Parameter	Value	Governance
Node Revenue Share	40% of subscription revenue	DAO vote to adjust
VPS Stake Requirement	500 VEIL per node (~$25 at launch)	DAO adjustable
Hardware Node Multiplier	1.5×	DAO adjustable
Genesis APY Target	200–250%	Self-regulates with staking participation
Staking Lock Period	60 days	Both direct and delegated
Minimum Delegation	100 VEIL	DAO adjustable

4.4 Airdrop Tiers

Tier	Position	VEIL	Vest Schedule
Genesis	1–10	100,000	3mo cliff, 12mo linear + DAO council seat offer
Founding Member	11–100	20,000	2mo cliff, 9mo linear
Early Adopter	101–500	5,000	No cliff, 6mo linear
Pioneer	501–2,000	1,000	No cliff, 3mo linear
Supporter	2,001–10,000	200	No cliff, 1mo linear
Community	10,001+	50	No cliff, immediate

4.5 Quest System — ZK-Verified Points

Beta users earn Veil Points through verifiable on-chain actions. Points convert to VEIL at token launch at a 1:1 ratio. Zero-knowledge proofs (circom + snarkjs, Groth16) allow users to prove activity without revealing identity or content.

Quest	Points	Type	ZK Circuit
Biometric Enrollment	500	One-time	enrollment.circom
Send 10 Encrypted Messages	250	Weekly	message_count.circom
VPN Session — 1 hour	100	Daily	vpn_session.circom
Wallet Transaction	200	One-time	On-chain tx hash
Run a Node — 24 hours	1,000	Weekly	node_uptime.circom
Referral Signup	500	Per referral	referral.circom
Verified Bug Report	1,000	Manual approval	Manual
Complete Onboarding	750	One-time	Composite

Individual earning cap: 50,000 Points per user pre-token launch. Prevents allocation concentration while rewarding genuine protocol usage.

6. DAO Governance

Parameter	Value
Quorum	4% of circulating VEIL
Simple Majority	>50% — protocol parameter changes
Supermajority	>66% — constitutional changes, acquisitions
Proposal Threshold	10,000 VEIL
Council Candidacy	50,000 VEIL
Discussion Period	5 days
Voting Period	3 days
Treasury Spend Threshold	>$50,000 requires full proposal
Monthly Treasury Report	On-chain, mandatory

Council composition: Founding Architect holds 1 permanent seat. Community always holds (team seats + 1) community seats — currently 1 team + 2 community = 3 total council. Community seats elected annually by VEIL token holders.

7. Smart Contracts

Contract	Address (Base Sepolia)	Function
VeilPoints	0x8F446afA9877C79F3CCb5eaA5b6503752817223f	Non-transferable ERC-20 pre-token loyalty instrument
VeilToken	0xeb9D2B0536Cc2FbFf5F00de9c77315de1Cb1B8fc	Main VEIL ERC-20, fixed 200M supply
VeilDAO	0x28D8A7103B6CFCbbb5dB2AD56ffa8163e4Ef21b5	Governance proposals, voting, council
VeilNodeRegistry	0x38a2bBb2f54b5b20aF09E1a65F2617a7A1Dc796F	On-chain node registration, stake verification
VeilTreasury	0x7b351E15af20d384F93f22eB9861f46e6069E057	DAO-controlled treasury with spend controls
VeilStaking	0x49C803ae29B6cDADF89ccfD0CB6e77A7F1F069b1	Direct + delegated staking, reward distribution

All contracts currently on Base Sepolia (testnet). Mainnet deployment Q3 2027 concurrent with token launch. Full security audit required prior to mainnet deployment.

8. Roadmap

Milestone	Target	Status
Monorepo — 1,000+ tests, 20 packages	Completed	Done
3 production VPN nodes live	May 2026	Done
6 smart contracts on Base Sepolia	May 2026	Done
@veil/p2p — Kademlia DHT node discovery	May 2026	Done
@veil/zkproofs — ZK quest verification	May 2026	Done
Encrypted workspace + CRM	May 2026	Done
PQC Phase 1 — Core + VPN + Messenger (ML-KEM-768, ML-DSA-65, SLH-DSA)	May 2026	Complete
Beta launch	June 2026	In Progress
Waitlist + Veil Points live	June 2026	In Progress
Closed beta — first 50 users	June 2026	Upcoming
Angel round close ($175K–$300K)	Q3 2026	Upcoming
PQC Phase 2 — Wallet (ERC-4337 ML-DSA-65) + PQC security audit	Pre-token	Pre-token
Smart contract security audit	Q4 2026	Planned
Testnet launch	Q1 2027	Planned
Token launch + DEX (Aerodrome / Base)	Q3 2027	Planned
CEX listing	Q4 2027–Q2 2028	Planned

9. Team

Veil is built and operated by Veil Core Team. The founder operates permanently and anonymously — no real name is public, consistent with the protocol's privacy-first ethos.

Role	Responsibilities
Founding Architect	Sole founder. Lead Engineer, Operations Manager, DAO Council Member. Responsible for all protocol engineering, infrastructure, and technical direction. Builds the entire protocol solo using Claude Code.

The founding principle: Veil Core Team uses Veil as the exclusive internal communications, file storage, and operational stack from day one. The protocol must be good enough to run on itself before it is offered to anyone else.

10. Legal Disclaimer

This whitepaper is a pre-legal review draft pending review by Grellas Shah LLP.

This document is provided for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation with respect to any securities or financial instruments. VEIL tokens are utility tokens that provide access to network services and protocol governance participation.

Participation in the Veil protocol involves significant technical, financial, and regulatory risks. Prospective participants should conduct their own independent due diligence and consult with qualified legal and financial advisors prior to any participation.