SemaFore Docs
Back to semafore.io

Attomus Product Story

Attomus Product Story

How Signet, SemaFore, and the quantum-ready layer fit together.

Most security vendors ask you to trust them. Attomus builds products where trusting Attomus is not part of the security model. If our systems were compromised, seized, or switched off, the data they handle would remain private. The architecture makes this true – not policy, not promise, not terms of service.

We build things that work even if you take us out of the equation.

Every Attomus product is designed around a single discipline: the security of data and communications should not depend on Attomus being trusted, competent, or even operational. Private keys live on client devices. Ciphertext travels through Attomus servers. Decryption never happens on Attomus hardware.

The question we ask of every design decision is: if Attomus were a hostile actor, would this still be safe? If the answer is no, we redesign until it is.

Layer 1 - Identity and Authentication (Signet)

The first problem in any secure system is: who is this person, and can I verify that claim without a central authority that could be compromised?

Signet is Attomus’s mobile authenticator. It provides strong device-bound authentication for organisations that need verifiable identity without depending on consumer identity platforms or cloud-hosted credential stores.

Credentials are bound to the device at generation time. There is no Attomus-held copy of a private key. If the Attomus servers were destroyed, already-issued credentials would remain valid. This is not an accident – it is the design goal.

Layer 2 - Secure Communications (SemaFore)

With verified identity in place, the second problem is: how do verified parties communicate privately, without the platform operator having access to what they say?

SemaFore is Attomus’s secure messaging platform for organisations. It uses the Signal Protocol, including X3DH key agreement and Double Ratchet forward secrecy. The SemaFore server receives ciphertext and routes it to the recipient. Decryption requires keys that exist only on the sender’s and recipient’s devices.

The server is a ciphertext router, not a platform. Even a complete copy of every SemaFore server database would yield nothing readable. Forward secrecy means that compromising a key today does not decrypt yesterday’s messages.

SemaFore is also what Attomus uses for its own internal communications. The architecture we impose on clients is the architecture we trust with our own work.

Layer 3 - Quantum-Ready Enterprise Communications (in development)

The third layer addresses a threat that is not yet fully operational but is approaching: quantum computing capable of breaking current asymmetric cryptography.

Attomus is building quantum-resistant cryptographic primitives into the SemaFore protocol layer. The transition from current X25519 key exchange to post-quantum algorithms (NIST PQC standards such as Kyber and Dilithium) is designed to be transparent to users – a protocol upgrade with no user intervention required.

The system is designed so that the primitive can be replaced without replacing the product. When the quantum threat becomes operationally relevant, Attomus customers are already on the right architecture.

The Compounding Argument

The trajectory is from authentication to communications to quantum-resilient infrastructure. Each product solves a discrete problem. Each product makes the next one better.

An organisation that deploys Signet for identity and SemaFore for communications has, in effect, built a communications infrastructure that:

  • Cannot be read by its own operator
  • Cannot be read by a state actor with access to the operator’s servers
  • Cannot be retroactively decrypted if a key is compromised today
  • Is positioned to survive the quantum cryptography transition without a platform change

This is not a feature set. It is a security posture.

The best time to deploy Attomus infrastructure is before you need it. The architecture becomes more valuable over time because each layer compounds the next.

Verified Claims

  • The SemaFore server cannot read message content. This is not a configuration option. It is the architecture.
  • All server infrastructure runs on Attomus-owned hardware in the United Kingdom. No AWS, Azure, or GCP in the data path.
  • Private keys are generated on-device and never transmitted. Attomus does not hold a copy.
  • Forward secrecy is standard. A key compromised today cannot decrypt yesterday’s messages.
  • SemaFore uses the Signal Protocol.
  • Attomus uses SemaFore for its own internal communications.

One-Sentence Version

Attomus builds communications infrastructure where the security of your data does not depend on trusting Attomus.