AVON — Post-Quantum Zero Trust Network Access
What is AVON?
AVON (Authenticated Vector Ownership Network) is a post-quantum zero trust network access platform that replaces traditional VPNs with a modern, cryptographically-forward security model. Every connection is authenticated, authorized, and continuously verified — no implicit trust is ever granted based on network location.
AVON uses NIST-standardized post-quantum cryptographic algorithms to protect your network against both current threats and future quantum computing attacks. It is built in Rust for performance and safety, deploys natively on Kubernetes, and runs a single-binary agent on Linux, macOS, and Windows endpoints.
Core Concepts
Zero Trust Architecture
AVON operates on three principles:
- Never trust, always verify — every connection is authenticated regardless of where it originates
- Least privilege — agents only access resources explicitly permitted by policy
- Assume breach — the system limits blast radius through continuous verification and session binding
Unlike traditional VPNs that grant broad network access after a single authentication event, AVON re-evaluates every session continuously. Sessions are validated every 10 seconds through a cryptographic heartbeat protocol, and session tokens rotate every 30 seconds.
Post-Quantum Cryptography
AVON implements NIST-standardized post-quantum algorithms:
| Algorithm | Standard | Purpose | Security Level |
|---|---|---|---|
| Kyber-1024 | FIPS 203 | Key exchange | NIST Level 5 |
| Dilithium-5 | FIPS 204 | Digital signatures | NIST Level 5 |
| AES-256-GCM | — | Tunnel encryption | 256-bit |
| HKDF-SHA3-256 | — | Key derivation | — |
| HMAC-SHA3-256 | — | Token integrity | — |
These algorithms protect against “harvest now, decrypt later” attacks where adversaries capture encrypted traffic today to decrypt it with future quantum computers.