Zero-Knowledge • Wallet-First • Private
🚧 Pre-Launch: The future of truly private email is being built. Star this repo to be notified when we go live!
Blanc is a zero-knowledge, end-to-end encrypted email platform that uses your crypto wallet as your identity. No passwords, no personal information stored on our servers, no ability for anyone (including us) to read your emails.
┌─────────────────┐ 🔐 Encrypted ┌─────────────────┐
│ Your Wallet │ ──────────────────→ │ Recipient's │
│ 📱 MetaMask │ Transit │ Wallet │
│ 🦊 Phantom │ │ Rainbow │
│ 💙 Coinbase │ ←────────────────── │ WalletCon │
└─────────────────┘ 🔒 E2E Secure └─────────────────┘
↓ ↓
┌──────────┐ ┌──────────┐
│Your Keys │ │Their Keys│
│Generated │ │Generated │
│from Sig │ │from Sig │
└──────────┘ └──────────┘
- 📧 Gmail, Outlook: Your emails are scanned, analyzed, and used for ads
- 🔓 "Secure" Email: Still requires personal info and can be subpoenaed
- 🔑 Complex PGP: Too technical for everyday users
- 👤 Identity Issues: Email addresses can be impersonated or compromised
Traditional Email: Blanc Email:
┌─────────────┐ ┌─────────────┐
│ Your Data │ │ Wallet Sig │
│ + │ VS │ + │
│ Server Key │ │ Zero Data │
│ ↓ │ │ ↓ │
│ Readable │ │ Encrypted │
└─────────────┘ └─────────────┘
- Your private keys are derived from wallet signatures - never stored anywhere
- We literally cannot read your emails, even if we wanted to
- No personal information required - just connect your wallet
- Use MetaMask, Phantom, Coinbase, WalletConnect, or any major wallet
- Your wallet address is your email identity (
0x123...@blanc.email) - ENS names supported (
vitalik.eth@blanc.email)
- Curve25519 elliptic curve + XSalsa20-Poly1305 authenticated encryption (same primitives as Signal)
- HKDF key derivation from wallet signatures using SHA-256
- Forward secrecy with ephemeral keys for each conversation
- Built on Cloudflare Workers for global edge distribution
- No single point of failure
- Wallet-based auth makes it impossible to ban specific users
// Your wallet signs a deterministic challenge
const signature = wallet.sign("blanc-key-derivation-v1:your-address")
// We use HKDF to derive your encryption keys
const masterKey = HKDF(signature, salt, "MASTER_KEY")
const encryptionKey = HKDF(masterKey, salt2, "PRIVATE_KEYS")
// Keys are generated deterministically - same signature = same keys📝 Compose Email
↓
🔐 Encrypt with recipient's public key (Curve25519)
↓
📤 Send encrypted blob to server
↓
📥 Recipient retrieves blob
↓
🔓 Decrypt with their derived private key
↓
✉️ Read plaintext email
- Server only stores: encrypted blobs + wallet addresses
- Server never sees: your private keys, email content, or personal data
- Even metadata is minimized and encrypted where possible
┌─────────────────┐
│ Next.js App │ ← Frontend
├─────────────────┤
│ better-auth + │ ← Wallet Authentication
│ SIWE (Ethereum) │
├─────────────────┤
│ TweetNaCl + │ ← Crypto (Curve25519 + XSalsa20)
│ HKDF Derivation │
├─────────────────┤
│ Prisma + PostgreSQL │ ← Encrypted Data Storage
├─────────────────┤
│ Cloudflare Workers │ ← Edge Deployment
└─────────────────┘
- Signature Standard: SIWE
- Key Derivation: HKDF-SHA256
- Symmetric Encryption: XSalsa20-Poly1305 via TweetNaCl
- Asymmetric Encryption: Curve25519
- Forward Secrecy: Ephemeral key exchange per conversation
# Clone the repository
git clone https://github.com/puiusabin/blanc.git
cd blanc
# Install dependencies
npm install
# Set up your environment
cp .env.example .env.local
# Add your DATABASE_URL and other config
# Run database migrations
npx prisma db push
# Start development server
npm run dev- Node.js 18+
- PostgreSQL database
- Cloudflare account (for deployment)
- Frontend: Next.js 15 + React 19 + Tailwind CSS v4
- Authentication: better-auth + RainbowKit + Wagmi
- Crypto: TweetNaCl + HKDF + Viem
- Database: Prisma + PostgreSQL + Accelerate
- Deployment: Cloudflare Workers + OpenNext
- UI: Radix UI + Lucide Icons + Magic UI
🔍 Internal Review: ✅ Ongoing
🏛️ Third-Party Audit: 📋 Planned for Q1 2026
🐛 Bug Bounty: 💰 Will launch with public beta
🔐 Code Review: 👥 Open source - review welcome
- Wallet authentication & SIWE
- End-to-end encryption infrastructure
- Basic email compose/send/receive
- Inbox and message threading
- Mobile-responsive web app
- File attachments with encryption
- Client-side email search
- Contact management
- Email organization (folders/labels)
- Multiple wallet support per user
- Email aliases and custom domains
- Improved mobile experience
- Performance optimizations
We welcome contributions! See our Contributing Guide for details.
# Areas where we need help:
🔐 Security review & audit
📱 Mobile UI/UX design
🧪 Test coverage
📚 Documentation
🌍 InternationalizationGPL-3.0 License - see LICENSE for details.
Why GPL-3.0? We believe privacy tools should remain free and open source forever.
Q: How is this different from ProtonMail? A: ProtonMail still requires personal info and can be compelled to hand over data. Blanc uses wallet-based identity with zero-knowledge architecture.
Q: What if I lose access to my wallet? A: Your emails are tied to your wallet's private key. We're exploring social recovery options while maintaining zero-knowledge principles.
Q: Can you read my emails? A: Technically impossible. Your encryption keys are derived from your wallet signature and never leave your device.
Q: What about spam and moderation? A: We're developing wallet reputation systems and user-controlled filtering that work without compromising privacy.
🌟 Star this repo to get notified when Blanc launches!
Built with ❤️ by privacy-focused developers who believe email should be truly private.