We maintain the privacy and accessibility of user passwords, provided by the user to the TransferChain Platform, uploaded to our blockchain-based distributed cloud systems, through end-to-end encryption of each file with encryption keys that are generated, derived, encrypted entirely on the client-side, splitting each file into pieces on the client-side, and distributing pieces to the safest providers around the world, while utilizing our blockchain with the user and file authentication and authorization.
Blockchain Authorization
Blockchain is used for the purpose of storing the metadata regarding the process management of the data stored and/or transferred by the data owner. All encrypted authentication and authorization activities and metadata are kept unaltered and indelible, maintaining a private, secure, and immutable network. TransferChain Blockchain operates on the SHA (2) 512 algorithm.
Managing processes such as data ownership, authentication, and authorization on a blockchain network helps TransferChain provide the highest security and privacy, beyond the capabilities of any centralized database.
Distributed Cloud Architecture
TransferChainʼs distributed cloud architecture splits data into smaller pieces in your client device after the data are encrypted, then scatters them to the world’s safest cloud providers. Therefore, no matter where the piece is stored, that piece becomes valueless without the rest of the pieces being reunited together. It is also important to note that only the blockchain network contains the metadata that can provide access to the correct pieces.
TransferChain splits each file across AWS, Microsoft Azure, Google Cloud, and Digital Ocean, which are highly compliant with the strongest security and privacy guidelines, such as SOC 1, SOC 2, SOC 3, PCI DSS Level 1, FISMA, DIACAP, FedRAMP, ISO 9001, ISO 27001, ISO 27017, ISO 27018.
Data is not unified, and therefore, unidentifiable on the cloud servers since it is encrypted, split, and distributed randomly across multiple providers directly from the client. Yet, these data centers are also heavily guarded, fully redundant with internet connections, backed up with emergency power systems, and built to withstand environmental dangers and fire risks.
Encryption
Client-side End-to-end Encryption
TransferChain uses hybrid and unified cryptography wrapped with Elliptic Curve Cryptography (secp256k1) and the signature of Ed25519. Furthermore, TransferChain utilizes block cipher of AES-256 of GCM and CTR modes throughout the system.
As a stream cipher, Salsa20 has been implemented in order to reach an efficient stream algorithm.
Channel Encryption
We are using TLS (TLS 1.2 and 1.3) certificates for service connections, such as over GRPC and SSL for web applications.
Secure Address Generation & Key Derivation
TransferChain generates addresses using ECDSA by SHA 512 hash algorithm with a 32-byte public key. This algorithm includes forward secrecy. That is why all of the previous addresses cannot be traced back and kept without having the risk of being compromised. TransferChain uses PBKDF2 for secure Key Derivation.
Client-Side Secure Key Management and Key Exchange
TransferChain does not store any key since this is the ultimate vulnerability for all systems. All the user-generated keys are stored and never leave the client’s device. This brings unparalleled privacy and security compared to the server-side managed key structure used by traditional cloud providers.
Key exchange is done on the client side of the TransferChain algorithm. It uses robust Diffie-Hellman key exchange protocol with an additional authentication message encryption with the mode Poly1305. Nonces are lengthy enough that the risk of collision between randomly produced nonces is negligible.
Forward Secrecy in Key Exchange
Messages are transmitted through the secure key exchange algorithm X3 Diffie-Hellman (X3DH) and obtain forward secrecy with 1+XN public key structure. Addresses are randomly generated for every transaction in order to keep forward secrecy. This entropy ensures transactions are not tied together and cannot be picked by previous transactions even if the previous transactions or private keys of the participants are compromised.
Zero-knowledge Encryption
TransferChain provides zero-knowledge encryption across all platforms, including web browsers. Files, encryption keys, and user passwords are never transmitted or stored in an unhashed or unencrypted format, nor visible to servers or TransferChain administrators. In other words, there is complete privacy between you and your recipient.