Loading...
private.me Docs
Get Deaddrop
PRIVATE.ME · Technical White Paper

Deaddrop: Physical Dead Drop Messaging

Encrypt a message, split it into physical QR shares placed at separate locations, and let the recipient collect K shares to reconstruct. Zero digital trail. Zero metadata. Air-gapped by design. Double XorIDA provides information-theoretic security.

v1.0.0 72 tests passing @private.me/xdrop Gold Standard Bronze Double XorIDA 2-of-N threshold
Section 01

The Problem

Digital communications leave metadata trails. Even end-to-end encrypted messaging reveals sender, recipient, timing, and frequency. No truly air-gapped messaging protocol exists for high-threat environments.

All encrypted messengers require electronic communication channels that produce metadata. Intelligence agencies, hostile governments, and sophisticated adversaries can exploit metadata — who talked to whom, when, and how often — without ever decrypting content.

Physical dead drops have existed for centuries, but they suffer from single-point-of-failure: if the drop location is compromised, the entire message is exposed. There is no threshold protection, no fault tolerance, and no cryptographic integrity verification.

The Old Way

Secret Message Single document or digital channel Single Drop One location or one channel Compromised Full message exposed + metadata trail
Section 02

The PRIVATE.ME Solution

Messages are AES-256-GCM encrypted, then split via Double XorIDA into QR shares placed at K separate physical locations. Single-use nonces via NonceStore prevent re-scanning. No electronics required for the drop itself. HMAC verification ensures integrity before reconstruction.

Deaddrop transforms the dead drop from a single-point vulnerability into a distributed threshold system. The sender places QR shares at independent locations. The recipient collects K shares from different sites. No single location contains enough information to reconstruct.

The NonceStore ensures each share is single-use: once scanned, the nonce is consumed and the share cannot be replayed. This prevents adversaries from covertly scanning and re-placing shares without detection. Each share carries an HMAC-SHA256 tag for tamper detection before reconstruction.

The New Way

Message AES-256-GCM Double XorIDA + NonceStore QR Share 1 Drop site A QR Share 2 Drop site B QR Share 3 Drop site C K-of-N Scan Reconstruct MSG
Section 03

How It Works

Five-step protocol: encrypt, split, place, collect, reconstruct. Every step is designed for air-gapped operation with no electronic communication between sender and recipient.

1. Encrypt AES-256-GCM 2. Split Double XorIDA 3. Place N drop sites 4. Collect K sites visited 5. Reconstruct Decrypt + verify
KEY SECURITY PROPERTIES
Zero metadata: No electronic communication between sender and recipient. No IP addresses, no timestamps, no message headers.
Single-use nonces: NonceStore ensures each share can only be scanned once. Covert interception is detectable.
2-of-N threshold: Double XorIDA allows N-2 couriers to fail or be intercepted without compromising the message.
HMAC verification: Every share is verified before reconstruction. Tampering is detected immediately.
Section 04

Use Cases

Journalism
Journalist Source Drops

Sources distribute QR shares at pre-arranged physical locations. Journalists collect K shares. No digital communication links source to journalist. Plausible deniability preserved.

Source Protection
Intelligence
Intelligence Dead Drops

Split-channel physical drops replace traditional single-location dead drops. Compromise of any single site reveals nothing. Courier failure tolerated via threshold redundancy.

SIGINT Resistant
Civil Liberties
Whistleblower Submissions

Whistleblowers split evidence across locations accessible to oversight bodies. No electronic submission trail. Threshold ensures evidence survives partial interception.

Whistleblower Protection
Operations
Air-Gapped Messaging

Communicate across air-gapped environments where no electronic channel is trusted. Physical QR shares bridge the gap with information-theoretic security guarantees.

Air-Gap Bridge
Section 05

Integration

Quick Start — Core Package
import { createDeadDropManager } from '@private.me/xdrop';

const manager = createDeadDropManager();

// Drop a message with a 2-of-3 split and a 24-hour TTL
const dropResult = await manager.dropMessage(message, 2, 3, {
  anonymousSender: true,  // unlink sender identity
  selfDestruct: true,    // destroy after first read
});

// Each share carries an HMAC-SHA256 tag; threshold K verified on pickup
if (dropResult.ok) {
  console.log('Pickup token:', dropResult.value.pickupToken);
}

// Recipient: pick up the message using the pickup token
const pickupResult = await manager.pickupMessage({
  identifier: dropResult.value.pickupToken,
  timestamp: new Date(),
});
// HMAC verified before reconstruction
Status Checks & Lifecycle Control
// Check message status without reading (does not consume a read)
const statusResult = await manager.checkStatus(dropResult.value.pickupToken);

if (statusResult.ok) {
  console.log('Available:', statusResult.value.available);
  console.log('Reads remaining:', statusResult.value.remainingReads);
  console.log('Time until release:', statusResult.value.timeUntilRelease);
}

// Sender can delete a message before expiry
await manager.deleteMessage(dropResult.value.pickupToken, senderDid);
createDeadDropManager(): DeadDropManager
Creates a dead drop manager instance. The returned manager exposes dropMessage, pickupMessage, checkStatus, and deleteMessage for the full message lifecycle.
manager.dropMessage(message: DeadDropMessage, threshold: number, totalShares: number, options?: DeadDropOptions): Promise<Result<DropReceipt, DeadDropError>>
Splits the message into totalShares (N) shares with a K-of-N (threshold) reconstruction requirement via XorIDA. Each share includes an HMAC-SHA256 integrity tag. Options support anonymousSender, selfDestruct, ttl, releaseDelay, and maxReads. Returns a DropReceipt with a pickup token.
manager.pickupMessage(request: PickupRequest, shares?: MessageShare[]): Promise<Result<DeadDropMessage, DeadDropError>>
Verifies HMAC-SHA256 on each share before reconstruction, reconstructs via XorIDA, and returns the original message. Accepts a PickupRequest with a pickup token or message ID; uses stored shares when shares are not supplied. Honors self-destruct and read-limit policies.

Implementation Status

72
Tests Passing
2
Packages
Gold
Standard Bronze
PRODUCTION-READY
Core Package: @private.me/xdrop with XorIDA threshold splitting, HMAC-SHA256 verification, time-delayed release, and self-destructing messages.
Anonymous Unlinking: Optional anonymous sender and recipient modes break the link between drop and pickup.
Physical-Digital Bridge: Asynchronous dead-drop delivery — no direct electronic channel required between sender and recipient.
Section 06

Security Properties

PropertyMechanismGuarantee
Message SecrecyAES-256-GCM + Double XorIDADual-layer: encryption + information-theoretic split
Zero MetadataPhysical-only transportNo electronic sender/recipient/timing records
Replay PreventionNonceStore single-useEach share scannable exactly once
Courier Tolerance2-of-N thresholdN-2 couriers can fail without message loss
IntegrityHMAC-SHA256 per shareTamper detection before reconstruction

Performance & Guarantees

0
Metadata exposed
1x
Single-use nonce
2-of-N
Threshold
<1ms
Typical payload
VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL
Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →
GET STARTED

Ready to deploy Deaddrop?

Talk to Sol, our AI sales engineer, or book a live demo with our team.

Book a Demo

Deployment Options

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

  • Zero infrastructure setup
  • Automatic updates
  • 99.9% uptime SLA
  • Enterprise SLA available
View Pricing →

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

  • npm install @private.me/xdrop
  • TypeScript/JavaScript SDK
  • Full source access
  • Enterprise support available
Get Started →

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

  • Complete data sovereignty
  • Air-gap capable deployment
  • Custom SLA + dedicated support
  • Professional services included
Request Quote →

Enterprise On-Premise Deployment

While xDrop is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

  • Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
  • Air-gapped environments — SCIF, classified networks, offline operations
  • Data residency requirements — EU GDPR, China data laws, government mandates
  • Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →

Other Requirements? Need white-label deployment or custom integration? Contact our enterprise team →

Pricing

PRICING
Coming Soon
Pricing details will be available when this ACI launches. Subscribe to updates to be notified.
Questions about this ACI? Contact us