Encryption Overview
CRYMBO Oracle ensures that identity data exchanged between Virtual Asset Service Providers (VASPs) remains private, tamper-proof, and verifiably secure. To achieve this, CRYMBO implements an end-to-end hybrid encryption model rooted in modern cryptographic standards.
This system ensures that:
- Only the intended receiving VASP can decrypt the data
- Data remains encrypted throughout the entire lifecycle
- CRYMBO never accesses or stores private keys or decrypted PII
🔐 Key Goals
| Objective | Description |
|---|---|
| End-to-End Security | Only sender and receiver have access to PII |
| Compliance-Friendly | Follows standards accepted by regulators and institutions |
| Tamper Detection | Integrity ensured via AES-GCM authentication |
| Selective Disclosure | Only authorized recipients can view specific identity data |
💡 Hybrid Encryption Model
CRYMBO uses a dual-layer encryption scheme:
- Symmetric Encryption (AES-GCM) — fast, secure payload encryption
- Asymmetric Encryption (X25519) — used to securely share AES keys
This combines the best of both worlds: speed and security.
🔁 Secure Exchange Lifecycle
- Receiver VASP uploads X25519 public key
- Sender encrypts PII with a one-time AES key
- AES key is encrypted with receiver's public key
- Encrypted payload is transmitted via Oracle
- Receiver decrypts AES key, then decrypts PII
📌 Continue Reading: