What is zero-knowledge encryption?

Zero-knowledge means the service provider cannot read the data it stores. In Ciphek, your browser derives encryption keys from your master password and encrypts every photo and video before upload. The server stores only ciphertext and byte counts. We never hold the keys, so we cannot decrypt your media even under legal compulsion.

Can Ciphek see my files?

No. Ciphek stores encrypted blobs, the byte count of each blob, and opaque UUIDs. Filenames, tags, and EXIF data are encrypted before upload. Ciphek can see the email address you registered with, your IP address at the time of each request, your total storage usage, and payment metadata handled by Stripe or NOWPayments. Ciphek cannot see plaintext file content, filenames, tags, search queries, or thumbnail images.

What happens if I lose my master password?

Your vault becomes unrecoverable unless you saved the 24-word BIP39 recovery mnemonic generated at registration. The recovery mnemonic is shown exactly once during signup. If you lose both the master password and the recovery mnemonic, the encrypted data remains on our servers but can never be decrypted — by you or by us. This is the tradeoff zero-knowledge architecture makes.

Has Ciphek been audited?

Ciphek has not yet received a third-party security audit. The cryptographic primitives Ciphek uses — @noble/ciphers (Cure53 audited, 2024) for XChaCha20-Poly1305 and hash-wasm for Argon2id — have their own published audits. A full third-party audit of the Ciphek implementation is planned post-launch. Audit posture is disclosed on the Security page.

What ciphers does Ciphek use?

XChaCha20-Poly1305 for authenticated encryption of media chunks (256-bit key, 192-bit nonce, 128-bit Poly1305 tag). Argon2id for master-password key derivation (64 MiB memory, 3 iterations, 32-byte output). HKDF-SHA256 for per-purpose subkey derivation. AES-KW for per-file key wrapping. TOTP (RFC 6238) for two-factor authentication. BIP39 for the 24-word recovery mnemonic.

Security

Last updated: April 13, 2026

Zero-knowledge in three sentences

Your master password is stretched in your browser into a 256-bit key by Argon2id. That key derives the keys that encrypt your media with XChaCha20-Poly1305 before it leaves your device. Ciphek's servers store opaque ciphertext, byte counts, and the metadata listed in the Privacy Policy — nothing the master password can decrypt.

If our infrastructure is compromised or compelled by lawful process, what becomes available is the encrypted blob set. The plaintext does not exist on Ciphek's systems.

Cipher suite

Every primitive Ciphek uses is named below. The full parameter set, source library, and audit lineage live in the whitepaper.

Primitive	Purpose	Parameters	Source
`Argon2id`	Master password key derivation (login, enrollment)	64 MiB memory, 3 iterations, p=1, 256-bit output	hash-wasm 4.12 (RFC 9106 reference)
`XChaCha20-Poly1305`	Authenticated encryption for media chunks	256-bit key, 192-bit nonce, 128-bit tag	@noble/ciphers 2.1 (Cure53 audit, 2024)
`AES-KW`	Per-file key wrapping under derived wrapping key	256-bit KEK, NIST SP 800-38F	Web Crypto API (browser native)
`HKDF-SHA256`	Subkey derivation (auth key, metadata key, file wrapping key)	SHA-256, distinct info labels per subkey	@noble/hashes 2.x
`TOTP (RFC 6238)`	Two-factor authentication codes	30s step, 6 digits, SHA-1; secret encrypted at rest	otpauth 9.5
`BIP39`	Recovery mnemonic encoding	24 words, 256-bit entropy	@scure/bip39 2.x

Audit posture

Ciphek has not yet completed a third-party security audit of its own codebase. The cryptographic primitives we use rely on upstream audit lineage: @noble/ciphers (Cure53, 2024, OpenSats funded), the RFC 9106 reference for Argon2id, and the browser-platform-audited Web Crypto API. A full third-party audit of Ciphek's integration is planned post-launch and will be linked here when complete.

Pen-test results from internal milestones (v1.0: 0 critical, 0 high) are summarized in the whitepaper Audit Results section.

Full whitepaper

For the threat model, key derivation hierarchy, encryption pipeline detail, TOTP storage scheme, and the explicit list of attacks outside Ciphek's scope, read the security whitepaper.