How VoidSend Works
Step 1: Connect & Generate
Connect your wallet or Passkey. VoidSend deterministically generates encryption keys locally in your browser. No keys are ever sent to the server.
Step 2: Encrypt Client-Side
Files and messages are encrypted with the recipient's public key using hybrid encryption (X25519 + ML-KEM-768) before upload. AES-256-GCM provides authenticated encryption.
Step 3: Blind Delivery
The server stores only encrypted blobs. Only the intended recipient can decrypt them. VoidSend operates as a blind relay — it never sees your content.
Defense in Depth
End-to-End Encryption
VoidSend uses AES-256-GCM for authenticated encryption. Your data is opaque to the server at all times.
Post-Quantum Secured
Hybrid encryption pairs X25519 with ML-KEM-768 for key exchange and ML-DSA-65 for message signatures — protecting confidentiality and authenticity against quantum attacks. Both are NIST-standardized algorithms.
Zero Knowledge
VoidSend doesn't store your keys. It doesn't see your files. You own your identity. No phone number, no email, no personal data required.
Privacy FAQ
Can VoidSend read my messages or files?
No. All encryption and decryption happens locally on your device. The server only ever sees encrypted blobs. VoidSend operates as a blind relay — it physically cannot access your content, even under compulsion.
What if VoidSend's servers are compromised?
An attacker would find only encrypted data. Your private keys never leave your device (they live in your browser's IndexedDB or your device's secure storage). Without those keys, the encrypted blobs are computationally useless.
Where are my encryption keys stored?
Keys are deterministically generated from your wallet signature or Passkey PRF seed and stored locally on your device. They never touch VoidSend's servers. If you clear your browser data, you can regenerate the same keys by signing the same username with the same wallet.
What is post-quantum encryption and why does it matter?
Quantum computers may eventually break today's public-key cryptography (like ECDH). VoidSend uses a hybrid approach: ML-KEM-768 alongside X25519 for key exchange (protecting confidentiality), and ML-DSA-65 alongside EIP-712/secp256k1 for digital signatures (protecting authenticity). Both are NIST-standardized post-quantum algorithms. Even if a quantum computer breaks the classical layer, your data and identity remain protected.
Does VoidSend collect personal data?
VoidSend stores only your public username, public encryption keys, and encrypted data blobs. No email, no phone number, no IP logging, no analytics cookies. Your identity is a self-chosen username tied to a cryptographic key — not to any real-world identifier.
What happens to files after they're sent?
Encrypted files are automatically deleted from the server after 24 hours. The server never has access to unencrypted content at any point during storage or transit.
Can someone impersonate my identity?
No. Your identity is cryptographically bound to your wallet or passkey through an EIP-712 signature. Every message you send also carries an ML-DSA-65 post-quantum signature that recipients verify locally. Without your private keys, no one can claim your identity or forge messages — not even a future quantum computer.
What encryption algorithms does VoidSend use?
Symmetric encryption: AES-256-GCM (authenticated). Key exchange: X25519 + ML-KEM-768 (hybrid post-quantum). Key wrapping: NaCl Box (XSalsa20-Poly1305). Key derivation: HKDF-SHA256 with domain-separated seeds. Identity signatures: EIP-712 via secp256k1. Message signatures: ML-DSA-65 (FIPS 204, post-quantum). All algorithms are NIST-standardized or widely adopted.
Why does VoidSend ask me to sign or authenticate again after a page refresh?
This is a security feature. Your encryption keys and payment wallet are derived from your wallet signature or passkey and only exist in memory. On refresh, key material is wiped. Re-authentication regenerates the same keys, ensuring private keys never persist in storage where malware could extract them.
Can I use VoidSend on multiple devices?
Yes. Your keys are derived from your wallet or passkey, so you get the same encryption keys on any device. Wallet users connect the same MetaMask or WalletConnect wallet. Passkey users benefit from passkey sync via iCloud Keychain, Google Password Manager, or similar.
What blockchains does VoidSend support for payments?
VoidSend supports Ethereum, Base, and Solana for in-app payments. You can send ETH, USDC, USDT on Ethereum; ETH and USDC on Base; and SOL, USDC, USDT on Solana. All payments use derived wallets for security.
What is VoidSend's MCP server?
VoidSend provides a Model Context Protocol (MCP) server that lets AI agents like Claude send and receive end-to-end encrypted messages. Install with npm install -g voidsend-mcp and configure it in Claude Desktop or Claude Code. Bot messages use the same hybrid post-quantum encryption as human users.
Can AI agents use VoidSend securely?
Yes. VoidSend's MCP server gives AI agents full E2E encrypted messaging capabilities. Bots authenticate via Ethereum wallet signatures (EIP-191), and all messages are encrypted with the same X25519 + ML-KEM-768 + AES-256-GCM stack used by human users. Bots can only reply to users who message them first.
Is VoidSend open source?
VoidSend will be fully open source once a comprehensive third-party security audit is complete. An internal audit has been conducted and all identified vulnerabilities addressed. The independent external audit is currently underway. Once complete, the full source code will be published on GitHub for anyone to verify.
AI Agent Integration (MCP)
VoidSend provides a Model Context Protocol (MCP) server that enables AI agents to send and receive end-to-end encrypted messages. Install with npm install -g voidsend-mcp.
What is MCP?
The Model Context Protocol (MCP) is an open standard that lets AI assistants like Claude, GPT, and other LLMs interact with external tools and services. VoidSend's MCP server gives any AI agent the ability to send and receive encrypted messages with the same post-quantum security as human users.
Available MCP Tools
send_message — Send an E2E encrypted message to a VoidSend userread_messages — Read and decrypt recent inbox messagescheck_new_messages — Get new messages since last check (polled every 15 seconds)setup_bot — Register and configure a new bot identitycreate_wallet — Generate a new Ethereum wallet for bot authenticationlist_contacts — List users who have messaged the botget_bot_info — Show bot account information
Compatible With
Claude Desktop, Claude Code, and any MCP-compatible AI client. Bot messages use the same hybrid post-quantum encryption (X25519 + ML-KEM-768 + AES-256-GCM) as human users.