The giovium Security Philosophy

Absolute Client Autonomy

giovium was explicitly architected to treat the internet and any centralized server as fundamentally hostile territory. All cryptographic actions happen purely on the trusted local client.

By blending local Argon2 KDFs with XChaCha20 encryption, we guarantee that the encrypted databases synced to our central servers are mathematically indistinguishable from random noise, protecting your privacy perpetually.

Deterministic Sandboxing

Our security revolves around isolating execution environments. By keeping DOM-based UI interactions heavily separated from WebAssembly binary cryptology functions, we ensure that Cross-Site Scripting (XSS) attacks cannot automatically scrape deeply stored vault payloads.

Everyday Example

Our philosophy is basic: Trust absolutely no one. Do not trust the internet connection, do not trust the cloud server, do not even trust our own code running on the cloud. By moving all encryption logic directly to the user's laptop before hitting the internet, the entire attack surface safely collapses.

The Deep Mathematics

giovium's architecture maps to a pure Zero-Knowledge, strict offline-first paradigm. Cryptographic boundaries execute entirely within the WebAssembly (WASM) bounds of the client browser. Vault payloads undergo Argon2id KDF derivation and XChaCha20-Poly1305 AEAD streams guaranteeing the localized payloads reach IND-CCA2 security prior to REST transmission.