Technical Architecture

System Overview

┌─────────────────────────────────────────────────────────────┐
│                        User's Browser                        │
│  ┌────────────────────────────────────────────────────────┐ │
│  │  ZKFile Web App (React/Next.js)                        │ │
│  │  ┌──────────────┐  ┌──────────────┐  ┌─────────────┐  │ │
│  │  │  Encryption  │  │  ZK Proofs   │  │   Wallet    │  │ │
│  │  │   Service    │  │   Service    │  │  Connector  │  │ │
│  │  └──────────────┘  └──────────────┘  └─────────────┘  │ │
│  └────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘

                              │ HTTPS (Encrypted Data Only)

┌─────────────────────────────────────────────────────────────┐
│                     ZKFile Backend API                       │
│  ┌────────────────────────────────────────────────────────┐ │
│  │  Next.js API Routes                                    │ │
│  │  ┌──────────────┐  ┌──────────────┐  ┌─────────────┐  │ │
│  │  │   Upload     │  │   Download   │  │    Auth     │  │ │
│  │  │   Handler    │  │   Handler    │  │   Service   │  │ │
│  │  └──────────────┘  └──────────────┘  └─────────────┘  │ │
│  └────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘

                 ┌────────────┼────────────┐
                 │            │            │
                 ▼            ▼            ▼
         ┌──────────┐  ┌──────────┐  ┌──────────┐
         │   IPFS   │  │  AWS S3  │  │  Solana  │
         │ Storage  │  │  Backup  │  │ Metadata │
         └──────────┘  └──────────┘  └──────────┘

Data Flow

Upload Process

  1. User selects file in browser

  2. Encryption Service encrypts file with AES-256-GCM

  3. ZK Proof Service generates proof (e.g., size validation)

  4. Wallet signs authentication message

  5. Backend verifies signature

  6. Encrypted file uploaded to IPFS + S3 backup

  7. Metadata stored in database with IPFS hash

  8. Decryption key stored locally (or derived from password)

Download Process

  1. User requests file by ID or hash

  2. Wallet signs access request

  3. Backend verifies signature and permissions

  4. Encrypted file retrieved from IPFS (or S3 fallback)

  5. Client decrypts file with user's key

  6. Original file restored in browser

Sharing Process

  1. Owner generates time-locked access grant

  2. Access grant signed with owner's private key

  3. Recipient receives shareable link

  4. Recipient's wallet verifies access grant signature

  5. If valid, recipient can download and decrypt (with shared key)

PreviousKey DifferentiatorsNextCore Components

Last updated