Comprehensive Privacy for Private Contracts

Most blockchain solutions force a trade-off: sacrifice privacy for verification, or sacrifice verification for privacy. You either expose your documents to the world or give up the benefits of blockchain verification.

Integra resolves this paradox through a fundamental architectural principle: public proof of private information.

Your documents never touch the blockchain. Not the content, not encrypted versions, not even references to storage locations. Only cryptographic hashes appear on-chain—mathematical fingerprints that prove document existence and content without revealing anything about what the document contains.

How Privacy is Preserved

The SHA-256 cryptographic hash is a one-way function. Given a document, you can compute its hash. Given only the hash, you cannot recover the document. This is mathematically guaranteed—not a policy promise, but a mathematical certainty.

What the blockchain sees:

integraHash: 0x7f83b1657ff1fc53b92dc...
documentHash: 0xa3b8e4d2c156f890ab12...
owner: 0x1234567890abcdef...
timestamp: 1735689600

What the blockchain does NOT see:

• Document content
• Document title or name
• File type or format
• Party names or terms
• Any identifying information

Verification requires the actual document. Without it, the hash is meaningless—and that's exactly the point.

Document Storage Independence

Integra has no opinion about where you store your documents. Keep them in:

• Enterprise document management systems (SharePoint, Google Drive, Dropbox)
• Local encrypted storage (your own servers)
• Cloud storage (AWS, Azure, GCP)
• Air-gapped systems (for maximum security)

The blockchain only stores the hash. Your storage infrastructure is completely independent of Integra's infrastructure.

Integra implements defense in depth—multiple independent security layers that would each need to fail for a breach to occur. Even if one layer is compromised, the others maintain protection.

Layer 1: 2-of-2 MPC (Mathematical Security)

Your signing key is split between you and Integra using threshold cryptography. Neither party holds the complete key. Even if Integra's systems were fully compromised, an attacker would have only half a key—mathematically useless without your half.

Built on Coinbase's cb-mpc library, the same technology securing billions in institutional custody.

Layer 2: AWS Nitro Enclave (Hardware Isolation)

Integra's key share is processed inside AWS Nitro Enclaves—hardware-isolated virtual machines with no network access, no storage, and no visibility from the host system. Even a full server compromise cannot access enclave memory.

Layer 3: KMS Encryption (At-Rest Protection)

Key shares are encrypted using AWS Key Management Service. Decryption requires both valid attestation from a Nitro Enclave and proper IAM authorization. Database breaches yield only encrypted ciphertext.

Layer 4: Cryptographic Attestation (Code Integrity)

Before any decryption, AWS verifies that the code running in the enclave matches expected values. Modified or malicious code fails attestation and cannot access encrypted data.

Layer 5: Document-Based Address Derivation (Unlinkability)

Each document receives its own derived blockchain address. An observer seeing multiple addresses cannot determine they belong to the same user without the underlying documents.