Research Division

PrivLab

Our dedicated research arm, focused on advancing encryption performance, file transfer privacy, and zero-knowledge architecture. We publish findings. We keep methods proprietary.

All research is conducted using synthetic test data in isolated environments. We never analyze, inspect, or collect data from real user activity. Our zero-knowledge architecture means we couldn't - even if we wanted to.
14
Published Studies
3
Active Projects
94%
Metadata Reduction
<50ms
Encryption Overhead

Latest Research

Peer-reviewed internally. Results published. Methodology classified.

Encryption 2026-05-14

AES-256-GCM vs ChaCha20-Poly1305: Real-World File Transfer Benchmarks

We tested both ciphers across 10,000 file transfers (1KB-250MB) on consumer hardware. Our findings challenge common assumptions about ChaCha20's performance advantage on non-AES-NI devices, revealing a crossover point at 4MB file sizes that has implications for dynamic cipher selection.

10,247 transfers tested
6 device classes
4MB crossover point
Read findings →
Privacy 2026-04-28

Metadata Leakage in "Zero-Knowledge" File Sharing Services: A Comparative Audit

We analyzed 8 popular file sharing services claiming zero-knowledge architecture. Results show that 6 of 8 leak file size, upload timestamp, and geographic origin to their infrastructure layer. We demonstrate how PrivDrop's architecture eliminates these vectors through client-side padding and timing obfuscation.

8 services audited
94% metadata reduction
6/8 failed audit
Read findings →
Architecture 2026-03-22

Proof-of-Deletion: Cryptographic Guarantees for Ephemeral File Storage

We designed and tested a proof-of-deletion protocol that provides mathematical certainty that expired files are irrecoverable. Our implementation achieves verification in under 200ms with zero false negatives across 50,000 deletion events.

50,000 deletions verified
0 false negatives
<200ms verification
Read findings →
Privacy 2026-03-08

Timing Attack Resistance in Browser-Based File Uploads

Upload timing can reveal file size even over encrypted connections. We implemented a constant-time upload padding system that normalizes transfer duration regardless of actual file size, eliminating this side-channel with less than 3% bandwidth overhead.

<3% bandwidth overhead
Constant-time uploads
12 attack vectors mitigated
Read findings →
Encryption 2026-02-19

Key Derivation Under Pressure: PBKDF2 vs Argon2id for Client-Side Secrets

We benchmarked key derivation functions across mobile browsers where memory and CPU are constrained. Argon2id with tuned parameters achieved 4x brute-force resistance compared to PBKDF2-SHA256 at equivalent user-perceived latency of 150ms.

4x brute-force resistance
150ms target latency
8 browser engines tested
Read findings →

Research Focus Areas

Encryption Engineering

Cipher selection, key derivation optimization, hardware acceleration detection, and adaptive security levels based on threat models.

File Transfer Privacy

Metadata stripping, timing analysis prevention, file size obfuscation, and network-level privacy during transfer operations.

Zero-Knowledge Architecture

Server-side blindness verification, proof-of-deletion protocols, and cryptographic guarantees that operators cannot access user data.

Performance Profiling

Browser crypto benchmarks, memory pressure analysis, worker thread optimization, and device-class adaptive processing strategies.

Our Process

Every PrivLab study follows a rigorous internal protocol. We publish results and conclusions - never the implementation details that give topriv its competitive edge.

Phase 01

Hypothesis

Define the privacy or performance problem. Establish measurable success criteria.

Phase 02

Controlled Testing

Isolated environments. Real-world data sets. Statistical significance required (p < 0.05).

Phase 03

Peer Review

Internal review by at least two team members. Methodology validation before publication.

Phase 04

Publish & Implement

Findings published. Successful optimizations integrated into production systems.

Stay Updated

Get notified when we publish new research. No spam, unsubscribe anytime.