# Encryption

IronWeave implements a sophisticated and inherently private encryption mechanism that is central to its *new data unit* concept, and differs significantly from other blockchains.

Here's a detailed explanation:

* **Individual Block Encryption:** At its core, IronWeave ensures privacy and security by encrypting each individual data unit (each block) with its own unique set of keys. Each block functions like a *separate vault*, or *separate safe deposit box*. This approach to individual block encryption means that only the participants involved in a specific interaction (the shared block) can access its contents, and only those participants are aware that the interaction even exists.<br>
* **Key Management System:** IronWeave employs a dual-key system for managing access to chains and blocks.
  * **Chain Key:** This is a public/private key pair that governs access to an entire chain. The public key is used by the system to encrypt each unique Block Key, while the private key decrypts the Block Key.
  * **Block Key:** This is a unique key generated for each individual block. It is decryptable by the chain's private key and provides access to the individually encrypted block payload(s).
  * The IronWeave fabric and its nodes have *zero knowledge* of the encrypted data, and at no point do they gain the keys to decrypt such data.

<figure><img src="/files/9o9EGwhJssczUtAKo7yd" alt=""><figcaption></figcaption></figure>

* **Inherent Privacy by Design:** Unlike monolithic blockchains where transaction details are often exposed and scannable by anyone, IronWeave's Shared-Block Architecture eliminates a single central chain to which all interactions must reconcile. Since blocks are created only on participating chains and are encrypted, no one outside of the direct participants even knows the interaction exists or occurred. This prevents the mass scanning, copying, and brute-force attacks that are possible on public ledgers, even those attempting privacy with ZK Proofs or Fully Homomorphic Encryption (FHE).
* **Componentized and Pluggable Encryption for Future Innovations:** IronWeave's encryption mechanisms are designed with a componentized approach, which means that the encryption protecting the blocks is not fixed within the system, but rather, can be replaced or updated. This is crucial for quantum resistance as it allows stronger encryption methods, such as quantum-resistant schemes, to be implemented and replace the default encryption used in IronWeave as these advances become available. After such replacement of the default encryption, any future blocks created would benefit from the stronger encryption employed by the new encryption scheme. This componentized approach to core encryption in the IronWeave fabric helps to "future-proofs" applications built on IronWeave against emerging threats.&#x20;
* **Data Security at All Stages:** Data stored on IronWeave is encrypted in transit and at rest. The system ensures that all data is considered private and takes appropriate precautions to secure it from unauthorized access on a block-by-block basis.
* **Access Control with Zero-Knowledge Proofs (ZKPs):** For retrieving blocks from Storage nodes, a Zero-Knowledge Proof (ZK proof) is required unless the chain's Access Control List (ACL) is intentionally set to public by its owner. This ensures that only authorized readers can access the data without revealing the keys themselves.<br>

IronWeave's encryption creates a highly secure, individual data vault for every single piece of data exchanged, and then connects those vaults directly, and *only*, those authorized to open them. The design ensures that even the system itself doesn't hold the master key to all data vaults, and the type of lock on these safes can be upgraded over time to withstand any new picking technologies that emerge.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ironweave.io/privacy/encryption.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.