From keystroke to ciphertext galaxy in four steps.
The math is older than the internet. The architecture is new. Here is exactly what happens the moment you type a password into ShardKeep.
Your secret becomes a polynomial no one can read.
ShardKeep encodes your master secret as the y-intercept of a random polynomial, then samples N points along its curve. Each point is useless alone. Collect any K of them and the whole secret reappears by interpolation.
- K-of-N reconstruction — lose up to N−K shards and nothing is lost.
- Information-theoretically secure — fewer than K fragments leak zero bits of the secret.
- Defaults to 3-of-5 for personal vaults; tunable per shard group.
An attacker who compromises K−1 Bastions learns nothing. The mathematics are provably secure, not just hard to break.
Encryption happens on your device.
Always. No exceptions.
Before a single byte leaves your browser, key material derived from your wallet signature is stretched via PBKDF2 into an AES key, and every fragment is sealed with AES-256-GCM. The server never sees the plaintext, and the key never leaves the sandbox.
- PBKDF2-SHA256, 100,000 iterations — stretches wallet-signature key material against a versioned registry salt.
- AES-256-GCM — authenticated encryption; tampering is detected on recovery.
- WebCrypto (
crypto.subtle) — all primitives run inside the browser's native cryptographic sandbox. - Versioned salt registry — the salt-version byte travels inside the ciphertext header, letting the protocol rotate salts without re-encrypting every record.
If ShardKeep's servers were fully compromised tomorrow, attackers would walk away with nothing but ciphertext. No keys live server-side.
One operator can't betray you.
An army of them still can't.
Each encrypted fragment is handed to a different Bastion operator — an independent node that staked SHRD to earn the privilege. Bastions hold ciphertext only. They don't know which vault a fragment belongs to, what's inside it, or who owns it.
- Geographic & jurisdictional diversity is enforced by the Warden layer — no two fragments land on neighbors.
- Heartbeats and availability challenges prove liveness every epoch. Offline Bastions forfeit rewards; persistent offenders get slashed.
- Per-epoch rewards paid in SHRD for every shard still served.
- Opaque storage — the Bastion's blob format is structurally identical for every user.
Every Bastion sees the same thing: opaque blobs, timestamps, challenge nonces. They cannot identify users, vaults, or content.
The only thing you ever need
is a signature.
Your shard map — where the fragments live, not what they contain — is stored on Solana as a compressed NFT. Sign a challenge with your wallet and your vault reassembles itself. Lose your password? You never had one in the first place: your wallet is your authority.
- cNFT shard maps via Bubblegum + Helius DAS — cheap, composable, and queryable from any client.
- Wallet-based auth — sign a short challenge to unlock; no master passwords in the account model.
- Per-device unlock — optional biometric key kept locally for convenience.
- K-of-N tolerance — recovery succeeds even if some Bastions are offline.
Your wallet. Back it up like you'd back up a signing key for a country, because that is approximately the blast radius.
See the math. Trust the architecture.
Install the extension and your first vault is three clicks away.