Digital File Security

How It Works

Cybersecurity Threats for Digital Files

Every day, people create, store, and share sensitive digital files — electronic medical records, contracts, financial records, personal information, transaction histories. These files often hold the most important, confidential information, and they are constantly at risk. Cybercriminals are becoming more sophisticated, data breaches are more frequent, ransomware is a critical threat, and the security tools people rely on most (passwords, encryption keys, and stored credentials) are exactly what attackers target. Once the key is stolen, everything it protects can be exposed.

Encryption and Authentication for Distributed and Zero-Trust Environments

Our Solution: A Fundamentally Different Architecture

No Stored Cryptographic Keys

File-as-PUF: Unclonable Key Generation Without Hardware

Designed for Distributed and Zero-Trust Networks

All cryptographic keys are ephemeral — generated on demand from the file content and erased after use.

This platform achieves the same mathematical properties of PUFs — unique, unclonable, challenge-locked output — using each digital file as the entropy source.

Architecturally compatible with smart contract environments and distributed storage nodes, and verifiable by any third party in an open network — without revealing the protected content.

1. Enrollment - File Fingerprinting and Key Pair Generation: During enrollment, a randomly selected seed generates an ephemeral asymmetric key pair using a PQC algorithm such as CRYSTALS-Dilithium. The file is encrypted with the secret key to produce a ciphertext. A randomly chosen nonce is concatenated with the hash of the ciphertext, and the resulting 512-bit stream is extended to a longer bit stream using SHAKE. This bit stream is the entropy pool for all subsequent challenge-response operations.

2. Challenge Generation and Response Extraction: A randomly selected seed is extended via SHAKE into a (N × D)-bit challenge stream, which is segmented into N individual D-bit challenges. Each challenge maps to an address in the ciphertext. Each challenge generates a response, which together are concatenated to form the Ephemeral Key.

3. Key Encryption and Erasure: The Ephemeral Key encrypts the public key to produce a ciphertext. Then, all intermediate values and raw responses are erased such that no key material exists.

4. Verification and Decryption: To verify authenticity or decrypt the file, the file owner releases the nonce. The verifier — which may be a smart contract or an authorized agent — collects the values and uses the CRP mechanism to compute challenges, extract the responses, reconstruct the Ephemeral Key, decrypt the Public Key, and finally decrypt the file's ciphertext to recover the file. If the file has been tampered with, the CRP mechanism fails, providing cryptographically enforced proof of authenticity.