MystSafe white paper updates

crypticana
Feb 13
7 min read

Problem

No tools exist that allow users to store and transfer their personal and business secrets

privately, anonymously, with crypto-grade security and undeniable accessibility.

Traditional password managers and secret vaults require users to disclose their

personally identiable information. User identity, secrets, and activity history can be

stolen by hackers or subpoenaed by governments. Access can be denied or blocked by

corporations.

To protect their identity, data, and activities, users must maintain multiple accounts and

use fake names, disposable email addresses, burner phones, VoIP numbers, VPN

services, or hardware devices which come with an extra cost and inconvenience.

Solution

We offer an app with zero identification and zero activity tracking where users can

manage their personal, family, and business secrets in a single account:

● Password manager (a primary feature) to store any personal and business

secrets such as crypto wallets, website passwords, credit card numbers, or

database credentials.

● Private chat (a bonus feature) to transfer the secrets privately to other users and

send confidential messages.

● Secret vault (an upcoming business feature) to congure any app to access secrets without

encryption keys or additional software, from any cloud or on-prem location.

Product

MystSafe app stands out in the crowded eld of digital security with its unique blend of

standard features and innovative differentiators.

Key Differentiators

These are not found in traditional solutions and therefore are unique and exclusive to

MystSafe users:

● Anonymous Proles: Account registration does not require providing any

personal data such as name, phone number, email, or address. Payments for

premium plans are decoupled from the user accounts so there is no link between

user identity and account activities.

● Unbreakable Database: While traditional password managers rely on a

cryptographically weak "master" password, MystSafe adopts a

cryptocurrency-inspired approach. It utilizes a blockchain-like permissionless database where secrets and messages are encrypted end-to-end using a 12-word security phrase, which ensures that even if the database is compromised, the data remains secure against

unauthorized access.

● Untraceable Activities: MystSafe employs technology found in privacy-preserving

cryptocurrencies that hides the owner of the secret records as well as the sender

and the recipient of the chat messages.

● Undeniable Service: MystSafe's design ensures that no corporation or

government can block accounts or restrict user services, providing continuous

access to essential data such as cryptocurrency wallet secret phrases. This

feature guarantees that users can always access and manage their funds,

reinforcing their autonomy and nancial freedom.

● Inclusive Access: MystSafe offers unrestricted and equal access to all, ensuring

no discrimination based on location, nationality, or nancial history. This

commitment allows anyone to use the app, with premium features payable via

cryptocurrency for those without traditional banking means.

● Built-in Chat: MystSafe enables users to share secrets directly from the secret

screen and send instant direct messages securely and discreetly through its

integrated chat interface.

● Offline Mode: MystSafe stores secret and chat data locally on the user’s device

and syncs with the network only when updates are made, enabling read-only

access without internet communication and thereby reducing the online

footprint.

● TOR Support: The MystSafe app can work through the TOR network which

enables an extra layer of security and privacy protection while eliminating the

need for a paid VPN service.

● Unlimited Accounts: MystSafe users can open as many accounts as they want,

for free, which allows them to differentiate their interactions with users from

different groups and separate public and private affairs.

● Open Source: MystSafe source code is open for anyone to examine the

cutting-edge algorithms used to protect user privacy and security.

● Local Biometric Authentication: Instead of using passwords to protect the app on a user device, MystSafe uses a passkey authentication that supports biometric, passwordless access methods such as fingerprint and Face ID. The authentication is processed locally, no credentials are stored outside of the device.

● Yubikey Integration (Upcoming): MystSafe will include support for Yubikey as an optional hardware-based MFA method. Additionally, it will enable secure, passwordless backup and restore of the 12-word security phrase, offering an extra layer of protection and convenience for users.

● Crypto Licensing (Upcoming): MystSafe’s Crypto Licenses feature ensures user identities stay protected even when using privacy-exposing payment methods like credit cards or mainstream cryptocurrencies. It employs stealth addresses, ring signatures, and decoy license blocks to unlink payment details from user accounts, making it impossible to correlate users with their stored secrets.

Standard Features

These are the standard features found in traditional solutions, but also very important:

● Unlimited Devices: The users can sync their data between multiple devices, with

any hardware platform or operating system, while preserving the security of their

data and the privacy of their actions.

● End-to-end Encryption: All data (no exceptions) is encrypted/decrypted by

default end-to-end within user devices.

Market

In today's digital landscape, the growing concern for privacy and security is evident from

the increasing number of individuals adopting tools designed to protect their personal

information. These trends not only validate the market for privacy-centric products but

also highlight the vast potential for new entrants in this eld.

Market Size

The following visualization reects a signicant opportunity for MystSafe within the

privacy-focused digital tools sector. The gures underscore the increasing demand and

potential revenue, positioning the product as a strong contender in the industry.

Market Growth

The password management market is demonstrating a robust growth trajectory, as

evidenced by the compelling projections detailed in the following graph. This growth

underscores the increasing value and necessity of password management solutions in

safeguarding digital identities across diverse sectors, reecting an escalating demand

that MystSafe product is well-positioned to meet.

Business Model

MystSafe is offered as a service via an app that is hosted on the user's device.

There are both free and premium plans available.

Free Plan

The free plan serves as a trial that does not require payment or money-back concerns.

However, unlike most solutions, MystSafe's free plan can be used indenitely beyond

the trial period. This is enabled through a blockchain-like architecture where data

records and their modications are represented by individual blocks with timestamps.

Once the trial period expires, the network deletes the expired blocks, effectively freeing

up the resources.

Users can still add new secrets and start new chats, which remain valid for another trial

period. Additionally, editing an existing record effectively resets its expiration date,

allowing users to perpetually refresh their data.

Premium Plan

The premium plan allows users to maintain their records indenitely by attaching a

license proof block to every data block. MystSafe will roll out different types of licenses

for premium plans in phases:

Premium License

The license will be purchasable via the MystSafe license portal

(https://checkout.mystsafe.com) for one, two, or three years. Users receive Reward

points with every premium plan purchase, which are non-expiring even after the license

itself expires.

Go to Market Schedule

The project is structured into several phases:

First Phase: Initial Design and MVP

This phase introduced the fully functional MystSafe beta app.

Current Phase: Crypto Licensing and Yubikey Integration

Currently underway, this phase includes the addition of various new product features such as the crypto licensing model and Yubikey integration.

Next Phases: Secret Vault for Business and Group Chats

Future features such as group chats and a business-oriented secret vault will be added.

Technology

The MystSafe system, designed to ensure robust privacy and security, consists of three primary components: the App, Relay Node, and Database. The App operates as a client application across various devices, ensuring that all private keys remain confined to the client device. On top of default end-to-end data encryption, the communication between the App and Relay Nodes is secured with TLS encryption, and can be supplemented by optional VPN or/and TOR use for added anonymity.

Permissionless database

The MystSafe Database is a permissionless, noSQL, directed acyclic graph (DAG) that stores encrypted user secrets and messages, accessible through Relay Nodes that facilitate outdated records deletion using specialized garbage collection protocols. Data within the database is structured in interconnected blocks and blockchains, masking any direct associations between users and their data.

Stealth addresses

MystSafe blocks have stealth addresses that only the recipient of the message can decode. The network does not know where a message is going and who has sent it. The stealth addresses are not linked to any sender’s or recipient’s public addresses. The public addresses never appear in the network database in clear text.

Crypto Licenses

A major privacy concern with any paid service is the disclosure of a user's identity through payment details. When a payment is made using privacy-preserving cryptocurrencies such as Monero (XMR) or Firo (formerly known as Zcoin, XZC), the identity of the payer can remain hidden. However, what if the user wishes to pay with a privacy-exposing coin or token, such as Bitcoin, or any other of the 99% of cryptocurrencies? Or even worse, what about payment with a credit card, which solidly links the payment to the user's identity?

MystSafe does not publicly expose payment information. But what if MystSafe's payment records are hacked? And how can the data records, linked through the license key, be decoupled from the payment information that points to user identity?

MystSafe incorporates a special layer of protection. It utilizes cryptographic technologies, such as ring signatures and stealth addresses, to separate the license blocks, issued by MystSafe, from the user accounts. After payment is processed, MystSafe issues a special encrypted block with the account license key, which can only be decrypted by the account owner. This owner finds this block by scanning the license database and looking for a stealth address that matches their account address.

Furthermore, when creating a license proof and attaching it to a new data block, the system employs a ring signature that conceals the actual license block behind multiple 'decoy' license blocks. The ring signature contains one real public license key, which belongs to the user account, and several 'decoy' public keys from other users' license blocks. Since all these license blocks are valid, MystSafe verifies that all the license keys in the ring belong to valid licenses, but it cannot determine which one is the actual user's. Thus, by examining the license and data blocks, it is impossible to discern who created the secrets or messages.

These components collectively establish a secure and private secret management and communication platform, analogous to a container ship that carries data containers without knowledge of their origins, contents, or destinations.