The latest articles on DEV Community by The Zuuk (@the_zuuk_0635eb3b8bbf7670). https://dev.to/the_zuuk_0635eb3b8bbf7670 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3946840%2F423d318f-e434-4ca7-8712-d5f8f92a1172.jpg https://dev.to/the_zuuk_0635eb3b8bbf7670 en The Zuuk Fri, 22 May 2026 22:30:20 +0000 https://dev.to/the_zuuk_0635eb3b8bbf7670/zerobase-encrypted-zero-knowledge-kvsql-store-where-the-server-cant-read-your-data-49h https://dev.to/the_zuuk_0635eb3b8bbf7670/zerobase-encrypted-zero-knowledge-kvsql-store-where-the-server-cant-read-your-data-49h <p>I built Zerobase, an encrypted database in pure Rust where the server is<br> architecturally blind to all stored data.</p> <p>The core idea: with PrivateClient, keys are BLAKE3-hashed and values are<br> AES-256-GCM encrypted before any network call. The server stores ciphertext<br> it cannot decrypt even with root access.</p> <p><strong>What's in the box:</strong></p> <ul> <li>LSM-tree engine: WAL (AES-256-GCM + Ed25519-signed + BLAKE3-chained)</li> <li>Ed25519 challenge-response auth + capability tokens with scoped revocation</li> <li>Raft consensus: election, log replication, log compaction, cluster mode</li> <li>SQL layer (SELECT/JOIN/WHERE/ORDER BY)</li> <li>TLS 1.3 via rustls — zero OpenSSL anywhere</li> <li>Hardware key derivation: machine-id + DMI + MAC → 32-byte master key</li> <li>#![forbid(unsafe_code)] across all 10 crates</li> </ul> <p><strong>Status:</strong> Alpha. Crypto design and storage engine are solid, 94+ tests<br> passing. Raft is implemented but InstallSnapshot isn't done yet.</p> <p>Looking for feedback on the security model, the Raft implementation, and<br> anyone who wants to try breaking it.</p> <p>GitHub: <a href="https://github.com/ODev-M/ZeroBase" rel="noopener noreferrer">https://github.com/ODev-M/ZeroBase</a></p> rust security database cryptography