A post-quantum companion app for your genome

The situation

Dark Bio starts from a hard fact: a genome, and the health data layered on it, cannot be made private again once it leaks. So the data never leaves a device its owner physically holds. It lives on a dedicated device, the Ark, and analyses are brought to the data rather than the data to the analysis. The owner's phone is the other half of that design. It is the controller that authorises every unlock, every analysis run, and every result before it is released, and it holds one of the two keys that together decrypt the data, a key that never leaves the phone. Building that half means making a general-purpose phone trustworthy enough to anchor a system whose entire premise is that no custodian, Dark Bio included, ever holds the data. Post-quantum from the first handshake, proof against a relay sitting in the middle, and a device history the owner can verify rather than take on trust.

What we did

• Built the Dark Bio Companion in Flutter: the phone-side controller, paired one-to-one with an Ark, that holds the owner's key and approves every consequential action before it happens.
• Closed the man-in-the-middle window at pairing with a twelve-colour visual confirmation, OKHSL hues derived from a SHA-256 of the handshake. A relayed session shows the two devices different colours, and the user stops.
• Made the companion post-quantum end to end through the darkbio_crypto stack: composite ML-DSA for signing (ML-DSA-65 with Ed25519) and X-Wing for encryption (X25519 with ML-KEM-768), with COSE for sealed, authenticated tokens. A dual-key identity keeps signing separate from encryption.
• Spoke to the Ark through a relay over an authenticated WebSocket, on a layered atomic-protocol stack carrying the live operations: unlock, execute, and the Ark-to-app authorise requests the owner approves, alongside status, rename, and info.
• Pulled the Ark's hash-chained event journal, boots, pairings, unlocks, renames, firmware updates, and verified the chain locally. One broken link flags the journal compromised, permanently.
• Built a demo mode that simulates the cryptography and the networking but runs the real protocol stack, so a presentation walks the exact production flow.
• Managed several paired Arks from one app, with each device's connection, presence, and identity tracked independently.

The outcome

• A consumer companion app that is post-quantum end to end: every signature and every channel hybridised, so it holds even if one primitive falls.
• Pairing that resists a relay in the middle. The colour codes match only when the two devices are talking directly.
• The owner holds a key that never reaches the relay or Dark Bio, and neither half of the two-key scheme opens the data alone.
• A device history the owner verifies instead of trusts. Tampering with the journal cannot pass silently.
• One app across several Arks, each tracked on its own connection, presence, and identity.
• A demo path identical to production: the cryptography simulated, the protocol real.