⬡ AGPLv3 · Open Protocol · USPTO #99657348

Clawback Protocol

You shared it. You can unshare it.

Cryptographically enforced, revocable, time-limited data sharing with provable destruction. Not a policy. A mathematical guarantee.

View on GitHub → Read the Whitepaper

Core Properties

Data revocation as a first-class primitive

🔐

Zero-Knowledge Broker

The broker stores encrypted payloads and never sees plaintext. Your data stays yours.

⚡

Instant Revocation

Revoke access in real time. The share key is destroyed on the broker — access becomes mathematically impossible.

📋

Provable Destruction

Tamper-evident destruction receipts prove deletion cryptographically. Not "trust us" — math.

🔑

Per-Share Keys

Each recipient gets a unique derived key. Revoke one share without affecting others.

⏱️

Time-Limited Access

Set expiry on any share. Access auto-revokes when the window closes — no action required.

🌐

Open Standard

AGPLv3. Designed for IETF standardization. Built to become an internet primitive, not a product.

Protocol Flow

How it works

Sender encrypts data locally → registers with Broker

↓

Broker holds ciphertext + per-share key (never sees plaintext)

↓

Receiver presents share token → gets encrypted blob + share key

↓

Receiver decrypts locally → reads plaintext

↓

Sender revokes → Broker destroys share key instantly

↓

Receiver tries again → 403 REVOKED

↓

Destruction receipt logged → cryptographic proof of deletion

Cryptographic Stack

Built on proven primitives

Key Exchange X25519

Encryption ChaCha20-Poly1305

Key Derivation HKDF-SHA256

Destruction Proof HMAC-SHA256

Reference Impl Rust + axum

Future Umbral PRE + ZK

Build on Clawback Protocol

Open source, AGPLv3. Reference implementation in Rust. Whitepaper available. Contributions welcome.

View on GitHub → Get in Touch