How to design

Here, we will briefly introduce how we designed TimeBox.

(P1)

P1 provides a schematic overview of the processing flow. Clearly, user data is encrypted at the browser side, and the encryption key is directly saved in the Lit network nodes, ensuring that no one except the user themselves can access the data during this process.

All user data is encrypted on the client side with a 256-bit randomly generated key. The encrypted data is then uploaded to our servers, which are responsible for uploading it to the Arweave network (the servers cover the Arweave network fees). The key, along with the user's wallet signature, is directly stored in Lit network nodes from the browser side.

About Data Storage

All user data is encrypted and stored on the Arweave network.

Arweave is a decentralized storage network designed to offer permanent, immutable data storage. Unlike traditional cloud storage solutions, Arweave operates on a blockchain-based infrastructure, ensuring that data is stored across a distributed network of computers, making it highly resistant to censorship and data loss.

How to view your data stored on the ARWEAVE network?

You can view your stored data on the TimeBox details page. We provide the ARWEAVE TXID (Transaction ID) for the stored data. Simply click on it to view the data.

Regarding Encryption

Your data(Timebox Content and Attachments) is encrypted using AES-256. The encryption key is randomly generated and once the data is encrypted on the browser, the key is automatically saved to the Lit network.

The encryption key is not cached in any form.

Lit Protocol is a system for creating decentralized key management networks, powered by threshold cryptography and secure encrypted virtualization. The Lit network provides a generalizable key management layer for encryption, compute, and programmable signing.

You might be wondering if the key could be controlled by us or other organizations. You don't have to worry about that at all. Your key will be shredded and dispersed, stored across the Lit network. Only the owner of the TimeBox will be able to retrieve the key and decrypt the data.

How do you know if you are the owner of a particular TimeBox? The Lit protocol offers a set of access policies that verify ownership by checking the TimeBox NFT contract. As for the logic, it is permanently and immutably written into the metadata file, which is then stored on the Arweave network.

What does the centralized server do?

To enhance user experience, we have introduced the concept of centralized servers. These servers assist users in effortlessly uploading encrypted data to the ARWEAVE network for permanent storage, with the costs covered by the server. Additionally, the server caches publicly available user data to improve access speed (e.g., data from public TimeBoxes). Overall, our goal is to maximize the product usability without compromising user privacy.

Next, we plan to launch and open-source a fully decentralized TimeBox Viewer (TimeBox Peek).