Z-TextDocs

Security & Privacy

Z-Text is built from the ground up with a zero-trust security model. No analytics, no tracking, no server-side data storage.

PIN Protection

Your wallet and messages are protected by a 6-digit PIN that you set during initial setup. The PIN is required to:

  • Open the app
  • Send transactions (messages and BTCZ transfers)
  • Export your seed phrase
  • Change security settings

The PIN is stored as a salted hash on your device. After multiple failed attempts, the app enforces a cooldown period to prevent brute-force attacks.

Biometric Authentication

On supported devices, you can enable fingerprint or facial recognition as an alternative to PIN entry for app access. Biometric data is handled entirely by the device's secure enclave -- Z-Text never accesses raw biometric data.

Two-Layer Encryption

Z-Text employs a dual encryption architecture that provides defense-in-depth:

Layer 1: Blockchain Shielding (zk-SNARKs)

The BitcoinZ blockchain's shielded transactions use zk-SNARKs to encrypt the transaction memo field. This means:

  • The message content is encrypted on-chain
  • The sender and recipient z-addresses are hidden
  • The transaction amount is hidden
  • Only the holder of the z-address viewing key can decrypt the memo

Layer 2: Contact Key Encryption

Before placing the message in the transaction memo, Z-Text encrypts it with the shared key derived from the handshake. This adds a second layer of protection:

  • Even if someone obtains your z-address viewing key, they cannot read messages
  • The shared key is unique per contact pair
  • The key is derived through ECDH and never transmitted directly

Why Two Layers?

Layer 1 protects against blockchain observers. Layer 2 protects against viewing key compromise. Both layers must be broken to read a message -- an extremely difficult proposition.

zk-SNARKs Explained

Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs) are cryptographic proofs that allow one party to prove they know a value without revealing the value itself.

In Z-Text's context, zk-SNARKs prove that a transaction is valid (correct balances, authorized sender) without revealing who sent it, who received it, or how much was transferred. This is what makes shielded transactions truly private.

Zero Telemetry

Z-Text collects absolutely no user data:

  • No analytics or tracking of any kind
  • No crash reporting that sends data externally
  • No phone-home connections to Z-Text servers
  • The only network connections are to BitcoinZ blockchain nodes
  • No IP address logging (the app connects to decentralized nodes)

Open Source

Z-Text is open source. You can audit the code yourself to verify there is no hidden telemetry or data collection.

Threat Model

Z-Text is designed to protect against:

ThreatProtection
Server compromiseNo servers -- messages live on the blockchain
Network surveillancezk-SNARK shielded transactions hide all metadata
Device theftPIN/biometric protection, encrypted local storage
Viewing key leakLayer 2 encryption prevents message reading
CensorshipDecentralized blockchain cannot be shut down
Previous
Password Manager
Next
Settings