What is Phenumbra?
A privacy coordination layer for Bitcoin built on MORPHiS
Blind-Signature CoinJoin
Chaum blind signatures break input-output linkage without a trusted coordinator, delivering on-chain plausible deniability.
Non-Amortizable PoW
Targeted proof-of-work on MORPHiS makes spam uneconomical. Work for one recipient cannot be reused against another.
Layered Encryption
Triple-wrapped transport: SSH (L1) + Dmail (L5) + session crypto box for CoinJoin traffic—no plaintext anywhere.
Architecture
Light and shadow: stacked defenses from transport to application
Stack Layers
- L7: CoinJoin engine (maker/taker, round coordination, blind signatures)
- L6: RPC / REST / WebSocket over TLS 1.3 with JWT (Ed25519)
- L5: Dmail V3 (DH Group 14 → AES-256-GCM, HKDF-SHA256)
- L4: Dpush announcements with targeted PoW
- L3: DHT task layer (iterative lookups, 8-node replication)
- L2: Chord/Kademlia core with relay for NAT traversal
- L1: SSH transport (Curve25519/DH14, AES-256-GCM/CBC, HKDF)
Security Anchors
- Node identity = SHA-512(RSA-4096 pubkey); mutual auth before data flows.
- All coordination encrypted in depth; operators cannot read stored blocks.
- PoW difficulty tuned to resist spam; work is recipient-specific.
- SQLCipher storage with Argon2id key derivation for local data.
- Tor-friendly: supports .onion routing and SOCKS5 isolation.
CoinJoin Flow
Coordinated anonymously, executed verifiably
1. Discover
Maker publishes orders via Dpush with PoW; takers find orders through encrypted DHT lookups.
2. Blind
Taker blinds outputs; coordinator signs without visibility, preserving unlinkability.
3. Assemble
Participants exchange !ioauth / !sig over Dmail envelopes; transaction built with authenticated session crypto.
4. Sign
Each participant signs the aggregate transaction; invalid signatures are rejected and peers can be blacklisted.
5. Broadcast
Final transaction is broadcast via Bitcoin testnet; Lightning testnet used for HTLC bridging when needed.
6. Persist
Encrypted artifacts stored on MORPHiS with k≥8 replication; nodes hold data without knowing its content.
Security Principles
Nothing unencrypted. Deniability by design.
Privacy Guarantees
- Triple encryption: SSH transport, Dmail envelope, session crypto box.
- No plaintext logs; operators cannot link storage blocks to users.
- Blind signatures sever input/output linkage—coordinator learns nothing.
Operational Posture
- Tor-friendly routing with stream isolation; no cleartext endpoints.
- Local storage encrypted (SQLCipher + Argon2id); keys zeroed in memory.
- PoW difficulty floors prevent spam and sybil amplification.