How our security measures work
The security behind Secrets Vault
At Secrets Vault, we provide a secure, easy way to access and protect sensitive info. We use Visual and Secret Sharing Cryptography. Our technology uses a novel scheme to split digital information into two parts: the Keepic and the Kvault. The Keepic is an image known only to the user. Anyone can copy and share it without restrictions in public. The Kvault is a cryptographic share. By default, Secrets Vault stores it in a secure manner. Users can choose to store it themselves. You can recover the original information only when you combine both the Keepic and Kvault. This method achieves quantum-resistant resilience, offering “everlasting” privacy.
Â
Read more
Our secret-sharing scheme is for image-based components. It is robust against manipulations of the original Keepic. Your Keepic will work for recovering your secret. You can compress, resize, or watermark it. This is common on social media and messaging apps. This allows for flexible storage and sharing of your Keepic.
Another key advantage is that the secret-sharing process does not alter the Keepic. It doesn’t store any information that could identify it as a component protecting information or granting access to a system. This makes the Keepic safe, even against advanced AI image attacks. So, your Keepic is easy to remember. You can share it on digital platforms in a way that does not raise suspicion.
Also, Secrets Vault’s custody service uses zero-knowledge proofs (ZKP) and multi-party computation (MPC) to protect the Kvault share. ZKPs verify your Keepic ownership before revealing the Kvault. This ensures that no one can access a custodied Kvault without its associated Keepic. MPC allows for decentralized Kvault custody. It boosts security and resists censorship. So, Secrets Vault is primed for web3 use.
How or security system works
Our approach maximizes data privacy by splitting sensitive information into two distinct cryptographic shares: the Keepic (an image you choose) and the Kvault (a secure share store externally by Secrets Vault). This two-part structure maintains the integrity of your information with advanced resilience.
Use images instead of passwords
By combining cryptographic secret-sharing with advanced image processing techniques, we securely protect sensitive information or grant access to systems in an intuitive, user-friendly way, equivalent in strength to a 24-word (256-bit) password.
Images resilient to modifications
The Keepic is robust against resizing, compression, and watermarking, enabling flexible sharing and storage across various platforms.
Zero-knowledge verification
Custody of the Kvault share requires a zero-knowledge proof of the Keepic before initiating any secret recovery. This ensures that the privacy of both shares remains uncompromised by any party involved in the recovery process.
On-device cryptographic operations
All encryption and security processes take place directly on your device, ensuring that Secrets Vault never accesses your secrets or Keepic. Our source code is fully open and available for your review.
Images remain unaltered
The image you provide as a Keepic remains completely unchanged, making it indistinguishable from any original image. In fact, you can use any public image as a Keepic without needing to modify or update it.
Dual-share secret protection
The information is safeguarded using Keepic and Kvault shares generated by our Secret Sharing Scheme. Each share reveals zero information about the information, ensuring trustworthy security.
Multi-party custody for security
The Kvault custodied share can be safeguarded by multiple independent parties through a Multi-Party Computation scheme, ensuring a decentralized, censorship-resistant recovery of the information.
Quantum-resistant cryptography
Our Secret Sharing scheme and supporting cryptographic components are designed for quantum-resistant resilience, ensuring your data remains secure against future quantum computing threats.
The cryptography mastermind
Jordi PuiggalĂ, a recognized expert in cybersecurity and cryptography, has made extensive contributions to both academic and industry research. His publications frequently focus on election security, cryptographic protocols, and secure online voting systems. You can explore his most notable works here:
Publications
Jordi PuiggalĂ
Co-founder & CTO
Jordi PuiggalĂ is a leading expert in IT, cybersecurity, and cryptography, with over 30 years of experience in secure technology.
As co-founder of Scytl, where he served in different C-level positions, he pioneered secure online voting innovations with cryptographic methods like Homomorphic Encryption, Zero-Knowledge Proofs, and Multi-Party Computation.
Graduating from the Universitat Autònoma de Barcelona (UAB), Jordi’s expertise in cryptography and image processing has driven his distinguished career in digital security. Today, he leads Secrets Vault’s technology, setting new standards in privacy and data protection.
Published research in cryptograhpy, cybersecurity and blockchain.
Innovations in cryptographic protocols and secure technologies.
Decades of expertise across IT, cryptography, cybersecurity and blockchain.
Technical Advisory Committee
At Secrets Vault, our commitment to innovation and security is bolstered by our esteemed Technical Advisory Committee.
This growing group of leading experts helps shape our platform to ensure unparalleled security, resilience, and usability.
Drawing on decades of experience in cryptography, cybersecurity, blockchain and cutting-edge technologies, they provide invaluable guidance on safeguarding your digital assets.
With 15 years of experience in the crypto industry, pioneering innovation, shaping strategy, and effectively leading as the CEO and founder of several successful Web3 startups.
With 25 years in the IT industry, including experience with global startups and META in Silicon Valley, managing international IT teams, and specializing in scalable software and hardware architectures.
Security and privacy technologies Advisor
Director of IN3 at Universitat Oberta de Catalunya, expert in security and privacy, and author of numerous works on steganography, watermarking, and cybersecurity.
IT and information security Advisor
Global CISO and Head of Cloud Governance at Adevinta, with deep expertise in software engineering, cloud governance, FinOps, security, data privacy, and IT transformation.
Collaboration with third parties
At Secrets Vault, we believe that advancing cybersecurity and cryptography requires continuous collaboration with top experts and research institutions.
Our partnerships
Our partnerships with leading research centers and universities underscore our commitment to pushing the boundaries of secure technology, enabling us to rigorously test and validate our protocols against the latest security standards.
Specialists
By working alongside specialists in cryptography, computer vision, and cybersecurity, we gain invaluable insights into emerging threats, explore innovative defense techniques, and refine our solutions using the latest research.
Collaborations
These collaborations directly enhance the quality and resilience of our solutions, integrating insights from fields such as image processing, blockchain, homomorphic encryption, zero-knowledge proofs, post-quantum cryptography, and multi-party computation.
Challenges
This commitment keeps Secrets Vault at the forefront of security, delivering solutions that are not only innovative but also robust against future challenges.
Collaboration with leading research centers
Peer-reviewed cryptographic protocols
Independent third-party security audits
If you’re interested in collaborating with us scientifically, discussing our security protocols, or exploring our source code, please complete this form and share your specific areas of interest.
Visual Cryptography is a cryptographic technique that uses images to encrypt and/or decrypt information. A common example involves manipulating two separate images that, when overlaid, reveal a hidden secret—creating a visual-based secret-sharing scheme. However, traditional visual cryptography often struggles with resilience to image modifications such as resizing, compression, or watermarking, typically requiring unaltered images for accurate secret recovery.
At Secrets Vault, we leverage this concept of image-based secret protection but have adapted it for resilience against image modifications. Rather than relying on exactly the original image for recovering the information, we compute an invariant version of the image that remains consistent despite typical alterations. This invariant enables our secret protection algorithm to withstand common changes that occur when images are stored or shared on external platforms (e.g., social networks). Consequently, even if the original image undergoes compression or resizing, secrets can still be accurately recovered.
Steganography, like cryptography, is a technique within the field of information security, focused on protecting data (secret) by hiding it within another medium, such as an image or file. To achieve this, the medium is manipulated in a way that makes the embedded secret undetectable to anyone with access to the altered medium. A common example is modifying the least significant bits of an image’s pixels to hide “identifiers” for purposes like fingerprinting or watermarking. The primary goal of steganography is to keep the secret undetectable, with algorithms dedicated to identifying areas in the medium that can be subtly altered to achieve maximum invisibility. While these alterations may remain invisible to the human eye, advancements in computer vision and AI have made detecting such modifications increasingly feasible, requiring resource-intensive AI algorithms for effective hiding the secret against these attacks.
At Secrets Vault, we deliberately chose not to manipulate images to hide information, and therefore, our approach cannot be properly classified as steganography. Instead, we follow a visual cryptography approach—specifically, a secret-sharing scheme. In our method, images are not used as a container for hidden information, as in steganography. Rather, an image (the ‘Keepic’) serves as one of the essential shares in a cryptographic secret-sharing protocol used for protecting a secret.
One common way to protect sensitive information is by encrypting it with keys created from passwords. This method, called Password-Based Key Derivation, is used to secure things like files or digital certificates. Typically, a secure key length of at least 128 bits is recommended. But in encryption, it’s not just about the key length; it’s also about how strong the password is that generates the key. For example, if a key has 128 bits but is generated from a password with only 50 bits of strength, the security is limited to 50 bits, making it easier to break. This is why passwords need to be both long and complex to provide the best protection—ideally, they would reach a security level close to 128 bits.
However, making passwords secure enough often means they become harder to remember. For example, using uppercase and lowercase letters, numbers, and a few special characters, each character adds about 6 bits of strength. To reach 128 bits, a password needs at least 21 characters, which results in something difficult to memorize, like ‘jlE5FSPTT7fi4YnZ63Xy2.’
Could an image serve as an alternative? In terms of security, an image is made up of many pixels, with each pixel containing color information. Even a small 200 x 200 image, for example, can provide up to 120,000 bits of potential security—nearly 1,000 times the security of a long password. This shows that images could be a strong alternative to long, complex passwords.
Yes, as long as alterations don’t significantly change the core of the image (e.g., resizing rather than cropping). Our protocol is designed to withstand common image manipulations encountered when storing or sharing images on external platforms like social networks.
Unlike other methods, where even a single pixel change can prevent recovery, Secrets Vault’s technology processes the image to extract unique, invariant information. This ensures that typical modifications like compression, resizing, or watermarking won’t hinder recovery. This approach makes storing and sharing your Keepic more flexible and secure than encrypting it directly with a derived key.
No, our cryptographic scheme has no specific limitations on the type or length of the secret. However, technical constraints on the client device performing the cryptographic operations may apply. Currently, we limit the secret size to 8 megabytes for browser clients, but we aim to increase this to around 100 megabytes soon.
The only limitation is on the minimum image size to ensure sufficient bits can be extracted for secure protection. The current lower limit is 50,000 pixels (approximately a 224×224-pixel image). While we may reduce this limit in the future, it’s already low enough given that most images used today exceed this size. For example, a VGA-resolution image (640×480 pixels) has over 300,000 pixels.
No. Our scheme is designed to maintain its security strength regardless of the image size, allowing you to resize the original image (Keepic) without compromising security. We currently set the minimum resize limit at 50,000 pixels (e.g., 224×224 pixels) to ensure 256-bit quantum-resilient security. We are working to further enhance and potentially reduce this limitation in future versions.
The Keepic is essential for recovering your secret; without it, recovery is impossible even with access to the Kvault. Losing the Keepic is like losing the keys to an encrypted secret. We recommend keeping several copies of the Keepic in different, reliable locations. Since the Keepic can be any public image, you could choose one that is widely accessible (e.g., a museum painting) or store it on public platforms or social media without concern for compression or resizing. Since the Keepic itself is unaltered, it’s indistinguishable from standard images, making it blend seamlessly among publicly available or shared images.
No, the Kvault alone isn’t enough to recover the secret. It’s created through a secret-sharing method that also requires the Keepic to complete the recovery. This makes Kvault safe to store with a trusted third party if needed. To protect your secret, it’s best to keep the Keepic and Kvault separate, as having both allows full recovery—similar to storing an encrypted file alongside its password. The Kvault on its own doesn’t reveal any information about the secret, so there is no risk of security compromise.
Currently, Secrets Vault also stores a Vault share needed for recovery, making the process easier for users. However, we’re developing a decentralized storage system with Multi-Party Computation, which will make storing and retrieving the Vault share even more secure and resistant to interference.
Our cryptographic scheme is designed to execute entirely on the user’s device, ensuring that neither the secret nor the Keepic is ever exposed to third parties. The only component that leaves the user device is the Kvault, which is securely custodized by the Secrets Vault platform. Along with the Kvault, a Keepic commitment is sent to Secrets Vault for future retrieval. This commitment enables Secrets Vault to validate a zero-knowledge proof provided by the user before releasing the Kvault, confirming that the user has the correct Keepic without revealing it. This setup ensures that the Keepic remains private and prevents impersonation attempts by unauthorized users.
Any more questions?
Contact our team!
