Back to Trust Center

Syfra Encryption Algorithm

Syfra3 min read

In the world of self-custody and digital assets, your seed phrase is everything. If someone gets access to it, they control your funds. That’s why Syfra was built with one clear mission: create a secure, offline-first encryption system that protects seed phrases without relying on centralized storage.

What Is the Syfra Encryption Algorithm?

The Syfra Encryption Algorithm is a hybrid cryptographic design that combines modern authenticated encryption with strong key derivation techniques. It is specifically engineered to protect highly sensitive secrets like wallet seed phrases before they are written to an NFC card.

Syfra does not store plaintext seed phrases. Instead, the seed is encrypted locally on the user’s device, and only the encrypted payload is written to the NFC card.

🛡 Core Cryptographic Components

Syfra uses battle-tested, industry-standard cryptographic primitives:

1️⃣ Argon2id – Secure Key Derivation

To protect against brute-force attacks, Syfra derives the encryption key from the user’s password using Argon2id.

  • Memory-hard function

  • Resistant to GPU and ASIC cracking

  • Configurable cost parameters

  • Designed for password-based key derivation

This ensures that even if someone extracts the encrypted data from the NFC card, cracking the password would be computationally expensive.

2️⃣ Authenticated Encryption (AEAD)

Syfra supports modern AEAD algorithms such as:

  • AES-256-GCM

  • ChaCha20-Poly1305

Both provide:

  • Confidentiality (data is encrypted)

  • Integrity (tampering is detectable)

  • Authentication (ensures the ciphertext is valid)

If a single bit of encrypted data is modified, decryption fails.

🔄 Encryption Flow

Here’s a simplified overview of how Syfra protects your seed phrase:

  1. User enters seed phrase.

  2. User sets a password.

  3. A random salt is generated.

  4. Argon2id derives a strong encryption key from the password + salt.

  5. A random nonce is generated.

  6. The seed phrase is encrypted using AES-256-GCM or ChaCha20-Poly1305.

  7. The NFC card stores:

    • Salt

    • Nonce

    • Ciphertext

    • Authentication tag

No plaintext is stored. Ever.

📦 Storage Format

The Syfra encrypted payload contains structured metadata:

[ version | salt | nonce | ciphertext | auth_tag ]

This allows:

  • Forward compatibility

  • Algorithm upgrades in the future

  • Safe validation during decryption

🔐 Why Offline-First Matters

Unlike cloud-based password managers or custodial wallets, Syfra:

  • Does not upload seed phrases

  • Does not rely on external servers

  • Does not expose secrets over APIs

All encryption happens locally on the device before writing to the NFC card.

This drastically reduces the attack surface.

🚀 Designed for Real-World Threats

Syfra protects against:

  • Physical NFC extraction attacks

  • Brute-force password cracking

  • Data tampering

  • Memory scraping (by avoiding plaintext persistence)

The result is a practical, portable, and highly secure solution for seed phrase storage.

Final Thoughts

Security isn’t about inventing new cryptography — it’s about using proven algorithms correctly. The Syfra Encryption Algorithm builds on trusted primitives like Argon2id and AES-256-GCM to deliver a secure, offline-first solution tailored for modern crypto users.

Because when it comes to seed phrases, there’s no room for compromise.

Back to Trust Center