January 15, 2026 · 407 views
Can an encryption tool catch its own backdoor? I made one that does
Every RNG asks you to trust it. PHANTOM proves it instead.
Every encryption tool asks you for the same thing: trust. Trust that its random numbers are actually random, and that nobody slipped a backdoor into how they're generated. Tools like GPG, age, and Signal are great — but they mostly ask you to take that on faith.
For my project PHANTOM, I wanted the tool to prove it instead of asking. Specifically: catch its own backdoor if one ever got planted in the random-number generation.
The idea is a commitment. When PHANTOM generates the primes it needs, it takes the metadata about how they were made and binds it — with a SHA-3-256 commitment — to the session key derived through HKDF-SHA256. In plain terms, the "how it was generated" gets cryptographically stapled to the "what you're encrypting with". Tamper with the generation, and the staple doesn't match. The tool notices.
I threw 22 adversarial tests at it, each trying to sneak a rigged generator past the check. All 22 got caught.
The rest of PHANTOM is production-grade too — 2,100 MB/s AES-256-GCM throughput, a five-layer primality stack, 207 tests at 92% coverage — but the self-policing bit is the part I love, because it flips the usual deal. Don't trust the tool. Make the tool show its work.