Kyndex
API Reference
Concepts

Core Concepts

The architectural principles that make Literal a zero-knowledge platform.

Literal is a zero-knowledge document management platform. Every document you upload is encrypted before it leaves your device. The general application and database layer — the servers that store your files, manage your account, and power search — handle only ciphertext, wrapped keys, and opaque tokens. They cannot read your data.

This is enforced by the architecture, not policy. Encryption, key generation, key wrapping, and decryption all happen on your device. Operations that require temporary access to decrypted content — text extraction, verification, and entity-scoped index generation — happen inside a hardware-isolated secure enclave with no general network access and no way for server operators to inspect what happens inside it. The general application layer never receives plaintext.

Literal also deploys hybrid post-quantum cryptography for key transport and identity proofs. Key exchange for entity, delivery, and grant paths combines ML-KEM-1024 with X25519; signing combines ML-DSA-65 with Ed25519. Both layers must be broken simultaneously for a key or signature to be compromised.

What Makes Literal Different

Most document platforms encrypt data "at rest" — meaning the server decrypts it whenever it needs to process, search, or share it. Literal never does this at the application layer. Instead, it uses client-side encryption, blind tokens, and a hardware-isolated enclave to deliver full functionality without exposing plaintext to the general server. Even authentication is blind — an Oblivious Pseudorandom Function (OPRF) lets the server evaluate cryptographic operations on your login credential without seeing it in plaintext.

The result: you can upload, search, verify, and share documents — but only you and the people you explicitly authorize can ever decrypt them.

Explore the concepts

  • Zero-Knowledge Model — What the server can and can't see. The foundation of the security model.
  • Document Lifecycle — Follow a document's journey from upload to deletion.
  • Key Hierarchy — The different types of encryption keys and how they work together.
  • Encrypted Search — How search works without revealing your queries to the server.
  • Entities & Memberships — How organizations and teams are managed without exposing membership to the server.
  • Grants & Sharing — Consent-based, time-limited, revocable document sharing.
  • Blind Routing — How sensitive relationships are tokenized to prevent relationship mapping.

Rate Limiting

What the tiers are, what headers to expect, and how to handle 429 responses.

Zero-Knowledge Model

What the server can and can't see, how the architecture enforces it, and post-quantum protection.

On this page

What Makes Literal Different
Explore the concepts