Docs / Unstealable Code

Unstealable Code

Cryptographic infrastructure that makes algorithm theft mathematically impossible. Code that doesn't exist without vendor authorization.

The Problem

Algorithm Theft is a $70 Billion Problem

$70B+

Annual piracy losses

IIPA, 2026

+25%

IP breach increase

2025 vs 2024

63%

U.S. patents are software

USPTO, 2023

In 2026, proprietary algorithms face existential threats. AI model extraction attacks can "steal" ML functionality by querying public APIs. Reverse engineering remains trivial for skilled attackers. Insider threats are up 25% year-over-year, with cybersecurity firms reporting increased IP-related breaches via phishing and supply chain attacks.

Traditional protection mechanisms — obfuscation, license keys, code signing — all share a fatal flaw: the code exists on the client. If it exists, it can be copied. If it can be copied, it can be stolen.

The fundamental contradiction: To prove your algorithm is correct, you must expose it to customers. Once exposed, you lose control. This creates an impossible choice between trust and protection.

The Solution

Three-Layer Cryptographic Defense

PRIVATE.ME eliminates the contradiction with a novel architecture: code that doesn't exist without vendor cooperation. Not obfuscated. Not encrypted. Mathematically proven to be useless without real-time authorization.

Layer 1 — Xgit

Session-Gated Distribution

Algorithms are split via XorIDA threshold sharing (information-theoretic). Customer receives Share 1 (cryptographic noise). Vendor holds Share 2. Reconstruction requires active session + payment.

Layer 2 — Xghost

Ephemeral Execution

Code reconstructs only at runtime (~50µs), executes immediately, and purges from memory (~20µs). Full cycle: <2ms. With Tier 3 MPC, code never reconstructs at all — executed on shares via garbled circuits.

Layer 3 — Xprove

Verifiable Black-Box

Zero-knowledge proofs of correctness. Customers verify algorithms work correctly without seeing the source code. Auditors can verify results without accessing proprietary logic. Trust mathematics, not source inspection.

How It Works

Simple Explanation

For Non-Technical Readers

Imagine a lock that requires two keys held by different people. Customer gets Key 1 (useless alone). Vendor holds Key 2. The lock only opens when both keys are present AND the customer's subscription is active.

Once opened, the secret inside appears for a fraction of a second, performs its task, and disappears. Even if you photograph it during that moment, the photo is useless without both keys to unlock it again.

Result: You can't copy what doesn't exist. You can't steal what requires continuous authorization.

For Technical Readers

Algorithms undergo XorIDA threshold sharing at build time (2-of-2 or K-of-N). Each share alone is information-theoretically secure — no amount of computation reveals anything about the original.

Share 2 delivery is session-gated via DID-based authentication. Sessions expire (2-24 hours based on tier), require heartbeat verification (every 30s), and are bound to active subscriptions via Xpass.

At runtime, Xghost reconstructs code ephemerally (~50µs exposure), executes, and purges with HMAC-chained audit trail. Tier 3 MPC executes on shares directly — plaintext never exists.

Xprove generates KKW zero-knowledge proofs (~50KB, 128-bit security) of correctness, verifiable by anyone without seeing source code.

Technical Architecture

Build Time

Vendor splits algorithm source via XorIDA (2-of-2 default). Share 1 → npm package. Share 2 → vendor server (AES-256-GCM encrypted at rest). Both shares are cryptographic noise alone — information-theoretic security.

Proof Generation

Vendor generates zero-knowledge proofs of correctness using Xprove (KKW MPCitH). Proofs published alongside npm package. Customers verify algorithm works correctly WITHOUT seeing source code.

Distribution

Customer installs npm package containing Share 1, manifest, and cryptographic proofs. Package is completely useless without Share 2. No keys to extract. No code to reverse-engineer. Just noise.

Session Establishment

Customer authenticates with vendor server using DID (decentralized identifier). Vendor checks payment status, active subscription, and daily quota. If authorized, session created with 2-24 hour expiration (tier-dependent).

Runtime Execution

When customer calls algorithm: (1) Heartbeat check (~5ms), (2) Fetch Share 2 from cache, (3) HMAC verification (~25µs), (4) XorIDA reconstruction (~50µs), (5) Execute (<1ms), (6) Purge memory (~20µs). Total: <2ms overhead.

Continuous Authorization

Share 2 cached for 30 seconds. Heartbeat refreshes cache every 30s. If payment fails, subscription expires, or vendor revokes access → heartbeat denied → Share 2 delivery stops → reconstruction fails. Code stops working instantly.

Code Example

pricing-algorithm.ts

// Vendor: Build ghost at build time
import { ghostBuild } from '@private.me/xghost';

const pricingAlgo = `
  return {
    calculatePrice: (base, volume, tier) => {
      // PROPRIETARY FORMULA (never exposed)
      const discount = secretFormula(tier);
      const volumeDiscount = proprietaryCurve(volume);
      return base * (1 - discount - volumeDiscount);
    }
  };
`;

const ghost = await ghostBuild({
  source: new TextEncoder().encode(pricingAlgo),
  exports: ['calculatePrice'],
  n: 2, // 2 total shares
  k: 2, // 2-of-2 threshold
});

// Share 1 → npm package (customer receives)
// Share 2 → vendor server (never leaves vendor)

customer-app.ts

// Customer: Install and use (never sees source code)
import { createGhost } from '@vendor/pricing-sdk';
import { verifyKKW } from '@private.me/xprove';

// Step 1: Verify published proofs
for (const proof of vendorProofs) {
  const verified = await verifyKKW(circuit, proof, expectedOutput);
  if (!verified.ok) throw new Error('Proof failed!');
}
console.log('✓ Algorithm verified (without seeing source)');

// Step 2: Create ghost runtime (requires active session)
const ghost = await createGhost({
  customerShare: share1,  // From npm package
  manifest,
  server: vendorServer,   // Heartbeat endpoint
  did: customerDID,       // Identity
  tier: 2,                 // Xpass session binding
});

// Step 3: Call function (code reconstructs + executes + purges)
const price = await ghost.call('calculatePrice', 100, 1500, 'pro');
console.log('Price:', price.value); // Got result, never saw formula

Use Cases

Real-World Applications

🛡️

Defense & ITAR-Controlled Code

Deploy classified targeting algorithms to F-35 avionics. Source code never leaves vendor facility (export control compliant). DoD auditors verify correctness via zero-knowledge proofs without seeing proprietary logic. If aircraft captured, attacker gets Share 1 only (noise).

💰

Financial Trading Algorithms

Distribute proprietary trading strategies to hedge funds. SEC/FINRA verify algorithms via Xprove proofs for compliance audits. If customer stops paying, algorithm stops working instantly. 2-of-3 threshold approval required for algo updates (Risk + Compliance + Quant must all sign).

🏥

Healthcare ML Models

HIPAA-compliant ML inference SDKs. Prove 90% test coverage on security tests without exposing PHI (even synthetic test data). HHS auditors verify via zero-knowledge proofs. Model weights never reconstruct in plaintext (Tier 3 MPC execution).

🤖

SaaS Pricing Engines

Subscription-based pricing algorithm SDKs. Customer pays $49/month → algorithm works. Payment fails → Share 2 delivery stops → algorithm fails. No client-side bypass possible. Session-bound execution with usage analytics and anomaly detection.

🔬

Pharmaceutical IP

Distribute drug discovery algorithms to research partners. FDA verifies correctness via cryptographic proofs without accessing trade secrets. Patent applications can cite Xprove proofs as evidence of prior art. If partnership ends, algorithm access revoked instantly.

⚙️

Industrial Control Systems

OT/ICS optimization algorithms for manufacturing. Control logic XorIDA-split across air-gapped facility + vendor secure enclave. Operators verify algorithm correctness via proofs. If vendor contract expires, production line failsafe to default parameters (not catastrophic failure).

Comparison

Why Traditional Protection Fails

Approach	Mechanism	PRIVATE.ME
Obfuscation	CRACKABLE Code exists on client, just harder to read. Decompilers + patience defeat it.	INFORMATION-THEORETIC Share 1 alone is mathematically proven to reveal zero information. Not hard to break — impossible to break.
License Keys	BYPASSABLE Keygens, license servers cracked, validation checks patched out.	SESSION-GATED No code to validate. Share 2 requires active session. Payment stops → code stops.
Code Signing	DOESN'T PREVENT COPYING Verifies integrity, not access. Signed binaries still pirated.	EPHEMERAL EXECUTION Code exists for ~50µs. Tier 3 MPC: never reconstructs at all.
Hardware Dongles	EMULATED USB devices cloned, emulators bypass checks. Expensive + inconvenient.	CRYPTOGRAPHIC IDENTITY DID-based auth. No physical device. Session tied to identity + payment.
Online Activation	PATCHED Activation check removed via binary patching. Works offline after crack.	CONTINUOUS HEARTBEAT Share 2 cached for 30s. Requires heartbeat every 30s. No offline mode (by design).
Watermarking	DOESN'T PREVENT EXECUTION Identifies pirated copies after theft. Code still works.	PREVENTS EXECUTION Pirated copies are noise. Don't work. Can't be made to work.

Key insight: Traditional protection asks "How do we protect code on the client?" PRIVATE.ME asks "What if code doesn't exist on the client?" This shift eliminates entire attack vectors.

Attack Resistance

No security system is perfect. Here's an honest assessment of what attackers can and cannot do:

Attack Vector	Tier 1/2 (Ephemeral)	Tier 3 (MPC)
Copy npm package	PROTECTED Share 1 only (noise)	PROTECTED Share 1 only (noise)
Intercept Share 2	LIMITED 30s TTL, session-bound	LIMITED 30s TTL, session-bound
Memory dump	POSSIBLE 50µs window, hard to catch	IMPOSSIBLE Code never reconstructs
Debugger attach	POSSIBLE With precise timing	USELESS Only sees garbled circuits
I/O analysis	PARTIAL Can infer behavior, still needs session	PARTIAL Can infer behavior, still needs session
Insider credential sharing	DETECTABLE Usage analytics, multi-IP detection	DETECTABLE Usage analytics, multi-IP detection

For defense/classified use cases: Tier 3 MPC execution makes code effectively unstealable. Even with unlimited time and resources, attacker gets shares only — not plaintext source code.

Benefits

What This Enables

Instant revocation. Vendor kills session → all copies stop working globally. No software update required.
Usage-based billing. Pay per call, not per seat. Track every function invocation with HMAC-chained audit trail.
Time-limited trials. 8-hour sessions expire automatically. No refund disputes — customer never "owned" the code.
Compliance without source exposure. Auditors verify via zero-knowledge proofs. FDA, SEC, DoD can verify correctness without seeing trade secrets.
Multi-party approval workflows. K-of-N threshold governance for algorithm updates. Risk + Compliance + Engineering must all approve before deployment.
Geographic restrictions. Session authorization checks IP geolocation. ITAR/EAR export controls enforced cryptographically.
Feature gating. Different functions for different tiers. Enforced via session scope, not if-statements.
Tamper-evident history. Every execution logged with DID, timestamp, inputs, outputs. HMAC-chained audit trail. Regulatory compliance built-in.

Performance

Operation	Tier 1/2	Tier 3 (MPC)
Heartbeat check	~5ms (cached 30s)	~5ms (cached 30s)
HMAC verification	~25µs	~25µs
Reconstruction	~50µs	N/A (never reconstructs)
Execution	<1ms (depends on function)	~100ms (garbled circuit evaluation)
Purge	~20µs	N/A
Total per call	<2ms overhead	~105ms total

Tier 1/2: Suitable for 99% of use cases. Overhead negligible for typical algorithms (<0.2% for 1-second operations).

Tier 3: Use for highest-security scenarios where code exposure is unacceptable (defense, pharma, finance). ~100ms overhead limits to low-frequency operations (not HFT).

Deployment Tiers

Protection level scales with security requirements:

Tier 1 (Basic): Heartbeat authorization. 2-8 hour sessions. Suitable for SaaS pricing engines, ML inference SDKs. $5/month per connection.
Tier 2 (Secure): Xpass session binding. Billing enforcement. Payment stops → code stops. Subscription SDKs, time-limited trials. $10/month per connection.
Tier 3 (Zero): MPC execution. Code never reconstructs. Defense contractors, pharmaceutical IP, classified algorithms. Custom pricing.

Get Started

Implementation

Ready to make your algorithms unstealable? Three integration paths:

Option 1: SDK Integration

Install Xgit + Xghost + Xprove ACIs via npm. Build ghost artifacts at CI/CD time. Deploy Share 2 to your heartbeat server. Customers install your npm package and authenticate with DID.

Timeline: 2-3 days integration, 1 day testing, 1 day deployment.

SDK Quickstart →

Option 2: Managed Service

PRIVATE.ME hosts your algorithms. You provide source code (never leaves our secure enclave). We handle ghost builds, heartbeat servers, session management, billing enforcement, and compliance logging.

Timeline: 1 day onboarding, same-day deployment. Zero infrastructure on your end.

Contact Sales →

Research & Sources