Skip to content

UnoLock VaultX Security

Overview

VaultX Drop is the anonymous sender client for Receive Addresses. Recipients create a Receive Address inside their Safe, then share the address (or a shareable link). Senders use the VaultX Drop Client with no account to deliver encrypted payloads. The result is anonymous intake without account creation or identity linkage, designed for high-risk environments and first-contact safety.

How It Works

  • Hashed addressing: Receive Addresses are hashed client-side and sent as vaultxAddressHash, so raw addresses are never transmitted.
  • Client-side encryption: The Drop Client encrypts payloads locally with ML-KEM-1024 + AES-256-GCM before upload.
  • Per-address keys: Each Receive Address has its own keypair, limiting blast radius between conversations.
  • Policy enforcement: Usage limits, throttling, and attachment permissions are enforced per address.
  • Sender-facing context: A public sender message can be displayed in the Drop Client before submission.
  • Client-side decryption: Only the recipient's Safe can decrypt the payload.
  • Sender-only: VaultX Drop has no inbox and cannot receive replies.
  • Local address book: The Drop Client can store addresses locally in a password‑encrypted address book.

Security Implications

  • Sender anonymity: No account or login is required for senders. For additional network privacy, access the Drop Client via Tor.
  • Metadata hardening: Servers only see hashed addresses and encrypted payloads, not raw Receive Addresses.
  • Compartmentalization: Per-address keys prevent one compromised address from exposing other conversations.

Use Cases

  • Whistleblower communications: Anonymous intake without creating accounts or linking identities.
  • Legal and journalism workflows: Share a rate-limited Receive Address for sensitive sources.
  • High-risk one-off drops: Rotate addresses after use to reduce exposure.

FAQs

Can UnoLock see message contents or raw addresses?

No. Payloads are encrypted client-side, and Receive Addresses are hashed before they are sent to the server.

Can anyone decrypt a VaultX Drop payload?

Only the recipient's Safe with the matching private key can decrypt the payload.

How does VaultX Drop protect against quantum attacks?

VaultX Drop uses ML-KEM-1024 for key encapsulation and AES-256-GCM for payload encryption.

Compliance & Privacy Regulations

  • GDPR Alignment: VaultX Drop avoids storing raw addresses and keeps message content encrypted client-side.

Integration with Other Features

  • Post-Quantum Encryption: ML-KEM-1024 + AES-256-GCM protect VaultX Drop payloads against future cryptographic threats.
  • Threat Detection: Runtime monitoring helps detect tampering in sensitive messaging flows.

Back to Security Overview