I Built E2E Encrypted AI Proxying Using X25519 and SealedBox — Here's How

The existing TIAMAT privacy proxy already scrubs PII and routes requests through our infrastructure so your IP never hits OpenAI or Anthropic. But it still requires you to trust us. Phase 4 removes that trust requirement. With E2E encryption, your request is encrypted on your machine before it leaves. We decrypt it in memory, proxy it to the LLM provider, encrypt the response back to you. At no point can we log the plaintext of your request — even if we wanted to. Here's exactly how it works. The Cryptographic Stack Algorithm: X25519 (Curve25519 Diffie-Hellman) Scheme: NaCl SealedBox (anonymous sender encryption) Library: PyNaCl (Python bindings for libsodium) Why SealedBox specifically? It provides sender anonymity — the server cannot identify who sent a given request from the ciphertext alone. Combined with ephemeral client keypairs (a new keypair per request), this eliminates cross-request correlation. The Flow Client TIAMAT Proxy LLM Provider | | | |-- GET /api/proxy/pubkey -------

I Built E2E Encrypted AI Proxying Using X25519 and SealedBox — Here's How

Related Articles

fosdemflix

Akhuwat loans foundation bank 2026

Ding-dong! The Exploration Upper Stage is dead

My first Medium article

X is testing a new ad format that connects posts with products

Related Articles

News
fosdemflix
Lobsters • 41m ago

News
Akhuwat loans foundation bank 2026
Medium Programming • 1h ago

News
Ding-dong! The Exploration Upper Stage is dead
Ars Technica • 1h ago

News
My first Medium article
Medium Programming • 2h ago

News
X is testing a new ad format that connects posts with products
TechCrunch • 2h ago