var img = document.createElement('img'); img.src = "https://analytics.zks-standard.org/matomo.php?idsite=1&rec=1&url=https://zks-standard.org" + location.pathname; img.style = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content

QuodArca ZKS Conformance Statement

FieldValue
ProductQuodArca
VendorEISST International
ProfileZKS-Core
Additional PropertiesPSDA (Provider-Side Data Absence)
Statement DateJanuary 2026
Assessment TypeSelf-Attestation

Executive Summary

QuodArca is ZKS-Core compliant.

The QuodArca architecture ensures that no third party - including EISST International - possesses the technical capability to:

  • Access or decrypt user information
  • Obtain the complete set of components required to decrypt user information
  • Revoke a user's ability to decrypt their own data

Beyond ZKS: Provider-Side Data Absence (PSDA)

QuodArca additionally satisfies Provider-Side Data Absence: no QuodArca-operated service stores user ciphertext at any time. This provides security properties beyond ZKS requirements:

  • Zero data exposure: QuodArca infrastructure contains no user data to breach, exfiltrate, or compel
  • User-controlled storage: All ciphertext resides on user devices and user-controlled CLinks
  • Minimized legal exposure: QuodArca cannot be compelled to produce data it does not possess

Orthogonal Properties

PropertyQuestion AnsweredQuodArca Status
ZKS Compliance"Who can ever decrypt?"✅ Only the user
PSDA"Who ever possesses the encrypted data?"✅ Only user-controlled systems

Assertion Compliance Summary

AssertionDescriptionStatus
A1CSD-Only Decryption✅ Conforms
A2Exclusive Key Material Possession✅ Conforms
A3No Third-Party Decryptability Assembly✅ Conforms
A4No Third-Party Revocation of Decryptability✅ Conforms
A5Plane Separation and OP Blindness✅ Conforms
A6User-Governed Topology and Relocation✅ Conforms
A7Metadata Minimization and Non-Correlation✅ Conforms
A8Recovery and Reset Safety✅ Conforms
A9UKRS / Key Separation Mode✅ Conforms (with sovereign restoration)
A10Cross-Domain Collaboration✅ Conforms

Architecture Overview

QuodArca implements a four-layer architecture with strict vertical-only communication:

  • app-ui - User interface (within CSD)
  • app-mngr - Application logic (within CSD)
  • app-svs - Services including cryptographic engine (within CSD)
  • app-ext - External services (QKEYS, QCLOUD, QP2P, QMSVC, QBEND)

All external services are cryptographically blind - they handle only opaque encrypted blobs and cannot decrypt user data.

Update Transparency

QuodArca implements Sigsum binary transparency with:

  • Blake3 cryptographic hashes
  • Ed25519 signature of manifest
  • Public, append-only transparency log

This exceeds ZKS-Core requirements and satisfies ZKS-Enterprise update transparency.

This attestation was prepared by EISST International in accordance with ZKS-1.0-CR1 Section 7 evidence requirements.