Key Management & Encryption
At MoonadSwap, user security is the highest priority. All private keys are encrypted using industry-leading standards and never exposed in plaintext — not even to the system developers.
🔐 AES-256 Encryption
Private keys are encrypted using AES-256 (Advanced Encryption Standard), a symmetric-key algorithm trusted by governments and security institutions worldwide.
Each user’s key is:
Encrypted individually
Never stored in plaintext
Decrypted only in memory, during runtime
🔑 Unique Key Derivation per User
For each user, a unique AES-256 encryption key is generated using HKDF (HMAC-based Key Derivation Function). This adds a second layer of security beyond standard encryption.
HKDF uses SHA-256 as the underlying hash function
Ensures that even if two users have the same private key, their encrypted forms are completely different
Key derivation is deterministic and secure
🧊 Nonce-Based Encryption
To make encryption results non-reproducible, MoonadSwap applies a random nonce during encryption. This ensures:
Even identical private keys result in different ciphertexts
Encryption is resilient against pattern-based attacks
Replay attacks and duplication are effectively prevented
🔄 Runtime Decryption Only
Decryption happens only when necessary — typically during a user-initiated action such as a swap.
The decryption process is isolated to the Application Layer
Once decrypted, private key data is stored only temporarily in memory
After execution, the memory is immediately cleared
🧱 Layered Security Architecture
MoonadSwap’s encryption model is built on layered protection:
HKDF-derived unique AES-256 key per user
Random nonce per encryption cycle
No plaintext storage at any time
Runtime-only decryption with no memory persistence
Even if an attacker gains access to the encrypted database, the data remains practically unbreakable — requiring billions of years to crack via brute force using today's most powerful supercomputers.
Last updated