User GuideCryptographic Identity

Cryptographic Identity

Synapsis uses a robust cryptographic identity system to ensure that every action you take on a node is mathematically tied to you and impossible for anyone else to impersonate.

Overview

Unlike traditional social networks where your identity is a username/password pair stored on a central server, Synapsis identities are based on Decentralized Identifiers (DIDs) and public-key cryptography.

Your identity is defined by a public-private key pair:

  • Public Key: Shared with the network via your profile.
  • Private Key: Kept securely on your device, used to sign every action.

Implementation Details

Synapsis uses the ECDSA P-256 (ES256) algorithm for all user-level signing. This is a modern, widely-supported elliptic curve algorithm that provides high security with relatively small signature sizes.

Secure Key Handling

Security is a top priority in Synapsis. We follow strict rules for handling your private keys:

  • Memory-Only: Once decrypted, your private key stays in memory only. It is never stored in localStorage or cookies in an unencrypted state.
  • Client-Side Signing: All signing happens in your browser. Your decrypted private key never leaves your device.
  • Identity Lock: If you refresh the page or close the tab, your identity “locks,” and you must re-enter your password to decrypt the key for use.

Signed Actions

Every state-changing action in Synapsis (posting, liking, following, etc.) is a Signed Action. Before an action is sent to the server, the Synapsis client:

  1. Constructs a JSON payload containing the action data.
  2. Canonicalizes the payload (sorting keys and ensuring consistent formatting) so that the signature is deterministic.
  3. Generates a Nonce (random value) and a Timestamp to prevent replay attacks.
  4. Signs the canonical string with your private key.

The server then verifies this signature against your public key before processing the request. This ensures that even the node operator cannot forge an action on your behalf.

Replay Protection

Each signed action includes a nonce and a ts (timestamp). The server maintains a deduplication log:

  • Actions older than 5 minutes are rejected.
  • Any nonce used within that 5-minute window is logged; if it is seen again, the request is rejected as a replay attack.

Mathematical Sovereignty

This system provides Mathematical Sovereignty. Because every action requires a signature that only you can produce, your digital presence is truly yours. Even if a node is compromised, your identity remains secure as long as your private key (and the password used to encrypt it) is safe.

Account MigrationOverview