SafeDrop
System design

A layered architecture for verifiable file sharing

SafeDrop separates concerns into explicit layers so each subsystem can be built, tested, and extended independently. The architecture keeps frontier research out of the critical MVP path.

System layers

Architecture layers

From storage primitives at the bottom to user-facing explanation surfaces at the top.

🗃
Layer 1

Content-addressed storage

Chunking, deduplication, deterministic manifests. Every file becomes a Merkle tree with a stable root hash that anchors the entire evidence chain.

📑
Layer 2

Evidence & audit

Append-only audit log, signed segment receipts, delivery confirmations, and exportable evidence bundles. Useful before any ZK wrappers are added.

🔗
Layer 3

Share lifecycle

Link creation, capability tokens, expiry enforcement, resumable transfers, and revocation. Each state transition emits an audit event.

🌐
Layer 4

Reachability

UPnP/NAT-PMP port mapping, signed external probes, ICE hole-punching, dynamic DNS binding, and encrypted relay fallback.

👁
Layer 5

Privacy & policy

Metadata aliases, size bucketing, timestamp coarsening, consent tracking, and regulatory-compliant export bundles.

💬
Layer 6

Explanation surface

Human-readable evidence cards, admin dashboard, status explanations, and operator trust interface. Explain, never hide.

Diagrams

Visual system model

Architecture stack

Layered component view

Each component communicates through defined interfaces. No layer reaches through another.

Architecture stack diagram
Reachability flow

Path selection with evidence

The reachability subsystem tries direct binding first and falls back through progressively more assisted methods.

Reachability flow diagram
Security

Threat model highlights

The threat model covers network adversaries, storage compromise, relay trust, and metadata inference.

Network

Path integrity

Every reachability path is signed and bound to the session. Man-in-the-middle attacks are detected through certificate pinning and signed probes.

Storage

At-rest protection

Envelope encryption with per-object keys. Deletion uses crypto-shredding with attested key destruction events.

Relay

Zero-knowledge relay

The relay sees only encrypted ciphertext and blinded session identifiers. No file contents or metadata are exposed to the relay operator.

Explore the full specification

The complete API spec, data model, and threat model are available in the GitHub repository.

View on GitHub