How VoidSend Works
Step 1: Connect & Generate
Connect your wallet or Passkey. VoidSend deterministically generates encryption keys locally in your browser. No keys are ever sent to the server.
Step 2: Encrypt Client-Side
Files and messages are encrypted with the recipient's public key using hybrid encryption (X25519 + ML-KEM-768) before upload. AES-256-GCM provides authenticated encryption.
Step 3: Blind Delivery
The server stores only encrypted blobs. Only the intended recipient can decrypt them. VoidSend operates as a blind relay — it never sees your content.
Defense in Depth
End-to-End Encryption
VoidSend uses AES-256-GCM for authenticated encryption. Your data is opaque to the server at all times.
Post-Quantum Secured
Hybrid encryption pairs X25519 with ML-KEM-768 for key exchange and ML-DSA-65 for message signatures — protecting confidentiality and authenticity against quantum attacks. Both are NIST-standardized algorithms.
Zero Knowledge
VoidSend doesn't store your keys. It doesn't see your files. You own your identity. No phone number, no email, no personal data required.
Privacy FAQ
Can VoidSend read my messages or files?
No. All encryption and decryption happens locally on your device. The server only ever sees encrypted blobs. VoidSend operates as a blind relay — it physically cannot access your content, even under compulsion.
What if VoidSend's servers are compromised?
An attacker would find only encrypted data. Your private keys never leave your device (they live in your browser's IndexedDB or your device's secure storage). Without those keys, the encrypted blobs are computationally useless.
Where are my encryption keys stored?
Keys are deterministically generated from your wallet signature or Passkey PRF seed and stored locally on your device. They never touch VoidSend's servers. If you clear your browser data, you can regenerate the same keys by signing the same username with the same wallet.
What is post-quantum encryption and why does it matter?
Quantum computers may eventually break today's public-key cryptography (like ECDH). VoidSend uses a hybrid approach: ML-KEM-768 alongside X25519 for key exchange (protecting confidentiality), and ML-DSA-65 alongside EIP-712/secp256k1 for digital signatures (protecting authenticity). Both are NIST-standardized post-quantum algorithms. Even if a quantum computer breaks the classical layer, your data and identity remain protected.
Does VoidSend collect personal data?
VoidSend stores only your public username, public encryption keys, and encrypted data blobs. No email, no phone number, no IP logging, no analytics cookies. Your identity is a self-chosen username tied to a cryptographic key — not to any real-world identifier.
What happens to files after they're sent?
Encrypted files are automatically deleted from the server after 24 hours. The server never has access to unencrypted content at any point during storage or transit.
Can someone impersonate my identity?
No. Your identity is cryptographically bound to your wallet or passkey through an EIP-712 signature. Every message you send also carries an ML-DSA-65 post-quantum signature that recipients verify locally. Without your private keys, no one can claim your identity or forge messages — not even a future quantum computer.
What encryption algorithms does VoidSend use?
Symmetric encryption: AES-256-GCM (authenticated). Key exchange: X25519 + ML-KEM-768 (hybrid post-quantum). Key wrapping: NaCl Box (XSalsa20-Poly1305). Key derivation: HKDF-SHA256 with domain-separated seeds. Identity signatures: EIP-712 via secp256k1. Message signatures: ML-DSA-65 (FIPS 204, post-quantum). All algorithms are NIST-standardized or widely adopted.
Why does VoidSend ask me to sign or authenticate again after a page refresh?
This is a security feature. Your encryption keys and payment wallet are derived from your wallet signature or passkey and only exist in memory. On refresh, key material is wiped. Re-authentication regenerates the same keys, ensuring private keys never persist in storage where malware could extract them.
Can I use VoidSend on multiple devices?
Yes. Your keys are derived from your wallet or passkey, so you get the same encryption keys on any device. Wallet users connect the same MetaMask or WalletConnect wallet. Passkey users benefit from passkey sync via iCloud Keychain, Google Password Manager, or similar.
What blockchains does VoidSend support for payments?
VoidSend supports Ethereum, Base, and Solana for in-app payments. You can send ETH, USDC, USDT on Ethereum; ETH and USDC on Base; and SOL, USDC, USDT on Solana. All payments use derived wallets for security.
Is VoidSend open source?
VoidSend will be fully open source once a comprehensive third-party security audit is complete. An internal audit has been conducted and all identified vulnerabilities addressed. The independent external audit is currently underway. Once complete, the full source code will be published on GitHub for anyone to verify.