Postern Labs
MAINNET BETA. Unaudited · relaxed k=4 regime (trivially forgeable) · k=8 hardening reverted, re-activating with a difficulty fix · very few nodes, 51%-attackable · not a security · for evaluation — not to protect real secrets yet. Full disclaimer →

Postern Labs · public beta

Privacy & security products, sold the honest way.

Postern Labs builds owned, rebranded privacy and security products — a secrets vault, post-quantum file drop, a messenger, passkeys, metadata scrub, a panic lock, a wallet, voice tools, an app store, and a reproducible OS — on top of an ownerless, post-quantum protocol it does not own. You pay Postern for protection, support, and provable integrity — never for a coin.

The part most launch pages hide

This is a beta launch, and we say exactly what that means.

Honest status — read before anything else

  • Everything here is pre-production. The Rust product cores are built and test-verified; the UIs, OS images, and cloud/enterprise editions are designs and reference prototypes — each is labelled built vs designed wherever it appears.
  • The underlying protocol now runs a mainnet beta — a designation, not a security claim. The relaxed regime (k=4) currently applies — work is trivially forgeable. The k=8 security hardening of the Module-SIS gate was activated at block 213,000 but reverted: it multiplied mining difficulty ~4096x and the current solo / low hashrate could not find blocks, so the chain stalled. k=8 will re-activate together with a matched difficulty reduction (so block time stays ~30s); until then, no security is claimed. Security is cumulative SHAKE-256 hashcash work (the gate is a structural filter), and the network is nascent: very few nodes, low hashrate → 51%-attackable. It is unaudited — a third-party audit is contracted but not done yet, and the concrete-security analysis and IACR ePrint are still outstanding.
  • The coin is not a security and not an asset. No token sale, no listing effort, no market-making, no price. Disclosed in full: a 17% founder premine (10-year cliff, 40-year vest), structurally passive.
  • Do not use any of this to protect real secrets yet. It is a public beta for evaluation, feedback, and reproduction of our claims.

Every claim on this site is audit-gated: if a thing isn't true yet, we phrase it as the plan. The full text lives on the disclaimer page.

The model

Owned products ⟂ ownerless protocol.

Think Bitcoin and the businesses built around it. The base protocol — Bloch-SIS-PoW, a post-quantum, pure-PoW BlockDAG — is a neutral commons: no owner, no foundation, no official site, no token sale. It is software plus a documented RPC/API surface, and nothing more. Anyone runs it; anyone builds on it.

Postern Labs is one builder among many on that neutral base — a company, with products it owns and a name deliberately rebranded away from “Bloch”. It sells the BlackBerry thing: protection, support, and integrity you can verify, on permissive Linux.

Postern Labs — owned products, rebranded

Vault · Courier · Messenger · Keys · Hygiene · Panic Lock · Seal Companion · Wallet · Postern OS · the apps — permissively licensed, sold for the protection.

│ consumes the protocol via its public RPC / API — nothing privileged │
Bloch-SIS-PoW — ownerless protocol

SHAKE-256 hashcash PoW (Module-SIS gate) · Falcon‖ML-DSA · GhostDAG-Q · the coin. No owner, no curator, no official site or explorer. Just the protocol.

This distinction matters enough that it has its own page.

The suite

A tour of what's in the workshop.

The Rust cores below are built and test-verified; the front-ends are reference prototypes; everything is unaudited. Honest labels on every card — the full catalog is on the products page.

Postern Vault

A secrets / password vault, sealed at rest with the one canonical seal (XChaCha20-Poly1305 + Argon2id).

core: built · tests pass unaudited

Postern Courier

Serverless person-to-person file drop: ML-KEM-1024 payload seal over an ephemeral Tor onion service.

core: built · tests pass unaudited

Postern Messenger

Megolm-based end-to-end messaging core, via vodozemac (Apache-2.0).

core: built · tests pass unaudited

Panic Lock

A panic button that instantly re-locks and destroys nothing.

core: built · tests pass unaudited

Postern Keys

A passkey / FIDO2 credential core for the permissive-license world.

core: built · tests pass unaudited

Postern Hygiene

Scrubs the document metadata nobody fixes — OOXML, ODF, JPEG.

core: built · tests pass unaudited

Seal Companion

The attestation verifier: self-audit and peer-verify, so you check our claims instead of trusting them.

core: built · tests pass unaudited

Postern Wallet

Post-quantum hybrid wallet (Falcon‖ML-DSA), diversified addresses, on-device key vault — on the unaudited, 51%-attackable mainnet beta; the coins carry no value claim.

core: built · tests pass reference prototype unaudited

About · the founder

Tiago Tenório (“TT”) — Founder & CEO.

Tiago Tenório (TT) is the founder and CEO of Postern Labs. He comes from Brazil's payments and fintech sector — a Visa prepaid/third-party ISO agent (2018–2020); founder of the AG47 office and a member of C6 Bank's Conexão C6 program, operating across São Paulo, Goiás, the Federal District, Alagoas and Paraná (2020–2021); a national distribution partner in First Data Corporation's Ignite program for acquiring products and services (2020–2021); PMO lead on a cards project at Havan (2021–2022); and Commercial Director at Avalon Capital, an asset manager (2022). In 2026 he founded Postern Labs to build privacy-first, post-quantum software — and the ownerless Bloch-SIS-PoW protocol its products build on, in which he holds no privileged role beyond a fully disclosed, structurally passive 17% founder premine.

The companies named above state his prior roles only — none of them endorses, backs, funds, or is affiliated with Postern Labs or Bloch-SIS-PoW.

Tiago B. de A. Tenório on LinkedIn — an outbound link; this site still loads nothing external and makes no network requests of its own.

Standing commitments

What we will never do.

  • Never sell you the coin. No token sale, no listing effort, no “ecosystem fund”, no yield marketing. Postern's revenue story never touches the token.
  • Never overclaim to the people who'd pay for it with their safety. No product here says “100% private”; every app carries an honest privacy panel.
  • Never embed copyleft, never close the source. MIT / Apache-2.0; the free build is always buildable from source.
  • Never ship a security claim before its audit. Claims for the protocol and for the products are separate, and each is audit-gated.
  • No covert surveillance, no tracking — including this website, which makes zero network calls.