TLS protects the channel. Nen protects the payload.
Your data is encrypted in transit (TLS), but naked the instant TLS terminates — in your CDN, your load balancer, your logs, your proxies, and any third-party hop. Nen keeps the payload as ciphertext across all of that, all the way to the application code that actually needs it.
Cloudflare and AWS already give you post-quantum TLS — for free
We are not going to pretend otherwise. Post-quantum key agreement at the TLS layer is a finalized NIST standard, shipped by trillion-dollar companies with zero developer effort. By late 2025 roughly 43% of human-generated traffic to Cloudflare was already PQ-protected. If your only concern is the public transit leg, you may not need Nen.
Nen is a different threat model, not a competing one. We are additive on purpose: we defend the surface TLS structurally cannot reach — everything that happens after the channel is decrypted.
What survives TLS termination
The moment TLS terminates — at the load balancer, the CDN edge, the serverless runtime — the payload becomes plaintext and stays that way as it flows through:
- Application logs and observability pipelines — not covered by post-quantum TLS.
- Databases and caches (often multi-tenant) — not covered by post-quantum TLS.
- The cloud provider's process memory — not covered by post-quantum TLS.
- Every third-party API the request is forwarded to — not covered by post-quantum TLS.
Side by side
| Concern | PQ-TLS (Cloudflare / AWS) | Nen |
|---|---|---|
| Public transit leg, browser → edge | Yes | Redundant— TLS already covers this |
| Payload in logs after termination | No | Yes |
| Payload at rest in DB / queue | No | Yes |
| Internal hops not behind PQ-TLS | No | Yes |
| Third-party forwarders / proxies | No | Yes |
| Harvest-now-decrypt-later on at-rest payloads | No | Yes |
| A compromised terminating server | No | No(endpoints hold plaintext by design) |
| Hiding plaintext from a recipient you send it to | No | No(needs TEE / FHE — out of scope) |
On harvest-now-decrypt-later, precisely
PQ-TLS already defends the transit leg against HNDL — for free. So Nen's HNDL value is specifically for:
- payloads that come to rest still encrypted (logs, queues, DBs you choose not to decrypt), and
- legs not behind PQ-TLS (internal hops, third-party calls, older infra).
We do not claim HNDL protection that PQ-TLS already provides on the public transit leg. Overlapping that claim is how we'd lose credibility with the exact buyer we want.
Read the proof, not just the pitch
The threat model and protocol spec are public. The compliance buyer reads these before trusting anyone.