Built for Security

TransferChain was founded on the premise of impregnable security and privacy for the cloud.

TransferChain prioritizes security and privacy in its design and architecture and the operation of its products and services. Real security cannot exist without privacy, and privacy cannot exist without security. Our mission is to provide a secure cloud solution that is unrivaled within the industry.

Secure Cloud at TransferChain

Data Security

We maintain the privacy and accessibility of user content, which means any means of data, including but not limited to audio, visual, and video works and alphanumeric figures, provided by the user to the TransferChain Platform, uploaded to our blockchain-based distributed cloud systems, through end-to-end encryption of each file with encryption keys that are generated, derived, encrypted entirely on the client-side, splitting each file into pieces on the client-side, and distributing pieces to the safest providers around the world, while utilizing our blockchain with the user and file authentication and authorization.

Blockchain Authorization

Blockchain is used for the purpose of storing the metadata regarding the process management of the data stored and/or transferred by the data owner. All encrypted authentication and authorization activities and metadata are kept unaltered and indelible, maintaining a private, secure, and immutable network. TransferChain Blockchain operates on the SHA (2) 512 algorithm.

Managing processes such as data ownership, authentication, and authorization on a blockchain network helps TransferChain provide the highest security and privacy, beyond the capabilities of any centralized database.

Distributed Cloud Architecture

TransferChainʼs distributed cloud architecture splits files into smaller pieces in your client device after the files are encrypted, then scatters them to the world’s safest cloud providers. Therefore, no matter where the piece is stored, that piece becomes valueless without the rest of the pieces being reunited together. It is also important to note that only the blockchain network contains the metadata that can provide access to the correct pieces.

TransferChain splits each file across AWS, Microsoft Azure, Google Cloud, and Digital Ocean, which are highly compliant with the strongest security and privacy guidelines, such as SOC 1, SOC 2, SOC 3, PCI DSS Level 1, FISMA, DIACAP, FedRAMP, ISO 9001, ISO 27001, ISO 27017, ISO 27018.

Data is not unified, and therefore, unidentifiable on the cloud servers since it is encrypted, split, and distributed randomly across multiple providers directly from the client. Yet, these data centers are also heavily guarded, fully redundant with internet connections, backed up with emergency power systems, and built to withstand environmental dangers and fire risks.

Encryption

Client-side End-to-end Encryption

TransferChain uses hybrid and unified cryptography wrapped with Elliptic Curve Cryptography (secp256k1) and the signature of Ed25519. Furthermore, TransferChain utilizes block cipher of AES-256 of GCM and CTR modes throughout the system.

As a stream cipher, Salsa20 has been implemented in order to reach an efficient stream algorithm.

Channel Encryption

We are using TLS (TLS 1.2 and 1.3) certificates for service connections, such as over GRPC and SSL for web applications.

Secure Address Generation & Key Derivation

TransferChain generates addresses using ECDSA by SHA 512 hash algorithm with a 32-byte public key. This algorithm includes forward secrecy. That is why all of the previous addresses cannot be traced back and kept without having the risk of being compromised. TransferChain uses PBKDF2 for secure Key Derivation.

Client-Side Secure Key Management and Key Exchange

TransferChain does not store any key since this is the ultimate vulnerability for all systems. All the user-generated keys are stored and never leave the client’s device. This brings unparalleled privacy and security compared to the server-side managed key structure used by traditional cloud providers.

Key exchange is done on the client side of the TransferChain algorithm. It uses robust Diffie-Hellman key exchange protocol with an additional authentication message encryption with the mode Poly1305. Nonces are lengthy enough that the risk of collision between randomly produced nonces is negligible.

Forward Secrecy in Key Exchange

Messages are transmitted through the secure key exchange algorithm X3 Diffie-Hellman (X3DH) and obtain forward secrecy with 1+XN public key structure. Addresses are randomly generated for every transaction in order to keep forward secrecy. This entropy ensures transactions are not tied together and cannot be picked by previous transactions even if the previous transactions or private keys of the participants are compromised.

Zero-knowledge Encryption

TransferChain provides zero-knowledge encryption across all platforms, including web browsers. Files, encryption keys, and user passwords are never transmitted or stored in an unhashed or unencrypted format, nor visible to servers or TransferChain administrators. In other words, there is complete privacy between you and your recipient.

What is a Recovery Phrase? (Mnemonics)

A recovery phrase, also known as a seed phrase or mnemonic phrase, is a sequence of words that serves as a backup. You can consider it a human-readable form of your private key.

At the time of your registration, your Recovery Phrase (BIP39 Protocol) is generated locally on your device. Your Recovery Phrase is encrypted with the password you choose for your TransferChain account and is only accessible by the TransferChain app. This Recovery Phrase can later be used to add a new device or recover your account alongside your username and password.

Where are my Keys stored?

TransferChain does not use third-party or cloud services to manage or store your public and private keys. Keys are only generated and stored locally on your device, encrypted with the password you choose for your TransferChain account. We do not have any access or control over your keys.

Can TransferChain really not see my files?

So the short answer is, No. TransferChain cannot access any user files at a given time.

Any file you upload to TransferChain is first client-side end-to-end encrypted, split into chunks, and distributed across multiple cloud storage providers in a random manner. TransferChain does not hold the keys to decrypt your file, but more importantly, TransferChain does not even know the correct order of the chunks to piece together your file back together. Only the blockchain holds the metadata information that contains the accurate slot information and piece order to reunite files, which are also encrypted with the user’s client-side key.

Blockchain plays an important role in TransferChain’s architecture because, unlike any traditional solution, TransferChain does not utilize a centralized management for authentication or authorization. Through the use of blockchain technology, TransferChain can then decentralize the decision-making mechanism along with the inherent value propositions that the blockchain technology offers, such as immutability, transparency, and decentralized decision-making capability.

In-depth Auditing

While we carry out external audits on a regular basis, we also go through external audits on the occurrence of significant development milestones. On top of that, we also do periodic penetration tests and expand our open-source materials to embrace the full spectrum of assessments on an almost daily basis.

If you find a bug or vulnerability in our code, please report it to security@transferchain.io

Security Support

We’re here to assist you. If you have any security issues or concerns, please send an email to security@transferchain.io.

Join Our Community

We have been building an alternative, where the system prioritizes user autonomy. Our ecosystem is destined to grow, but we can only accomplish this growth with our incredible community of thinkers, problem-solvers, innovators, and learners.

• Join TransferChain Community

Get TransferChain

Start securing your data and embrace full privacy.

• Get Started