DocsKnowledge BaseBlockchain & Encryption Basics

Blockchain & Encryption Basics

A plain-English primer on how bervice uses blockchain for billing and how our end-to-end encryption protects your data. Learn what’s on chain (and what isn’t), how keys work, and the basics of sharing securely.

What We Use Blockchain For

  • Subscriptions: Plan changes and renewals are recorded by smart contracts (“on chain”).
  • Transparency: You can verify payments on a block explorer.
  • Not for your data: Vault contents are never stored on chain.

See Payment Options.

End-to-End Encryption (E2EE)

Encryption happens locally before data leaves your device. Only you have the keys to decrypt. bervice cannot read your plaintext.

Keys & Algorithms

  • Symmetric keys encrypt items/files efficiently.
  • Asymmetric keys wrap/share those symmetric keys securely.
  • KDF (e.g., ) derives strong keys from your master password.

Key Hierarchy

  • Master Password → Vault Key (via KDF)
  • Vault Key → Item/File Keys
  • Sharing: Item Key is re-wrapped for each recipient

On Your Device

  • Plaintext (while unlocked)
  • Decryption keys (never leave device)
  • Local cache & previews

In Transit / Storage

  • Only ciphertext (encrypted data)
  • Integrity tags to detect tampering

On Chain

  • Subscription state
  • Transaction references
  • Never your vault contents

How Secure Sharing Works

  1. You keep the item encrypted with its Item Key.
  2. For each recipient, the Item Key is encrypted to their public key (“re-wrapped”).
  3. Recipients decrypt the Item Key locally and then the item—bervice never sees plaintext.

Manage access in team spaces with roles and permissions. See Sharing & Roles.

Integrity Checks

Each encrypted block includes an authentication tag (AEAD). If anything changes in transit or storage, the tag won’t verify and the client will re-fetch the data.

See Encryption Errors.

Signed Updates

Installers and updates are signed. The app verifies signatures to ensure builds are authentic and unmodified.

See Verifying Downloads.

About “Quantum-Resistant”

We choose modern, well-studied primitives and key sizes and design for agility so algorithms can be upgraded. For background on our approach and roadmap, see Blockchain & Quantum Encryption Overview.

Threat Model (High Level)

  • Server compromise: Attackers see only ciphertext, not your keys.
  • Network adversary: TLS + AEAD; tampering is detected.
  • Lost device: Requires master password/key file to decrypt; revoke device access.
  • Phishing/social: We never ask for your master password, seed, or key file.

Best Practices

  • Use a strong, unique master password (or passphrase).
  • Enable biometric unlock + auto-lock timer.
  • Back up your recovery seed/key file offline.
  • Keep the app updated for security patches.

Common Myths

  • “Support can decrypt my data.” → False.
  • “Blockchain stores my files.” → False; only billing state is on chain.
  • “Clearing cache deletes my vault.” → False; cache is re-generable.

Encryption Overview

Design goals & roadmap.

Fix Decryption Errors

Key mismatch, integrity, cache.

On-Chain Billing

Wallets, receipts, refunds.

Previous

Glossary of Terms

Next

Quantum Computing 101