How GhostPaste Works Under the Hood
A technical deep dive into our edge-first, zero-knowledge architecture built for developers who want to understand how things actually work.
Edge Computing
Zero-Knowledge
TypeScript
Web Crypto API
The Big Picture
Your Browser
- Encrypts files with AES-256-GCM
- Packs data into custom binary format
- Keeps encryption keys in URL fragments
- Handles all crypto operations locally
Edge Network
- Cloudflare Workers in 275+ locations
- 50ms CPU budget per request
- Stateless request handling
- Low-latency responses from nearest edge
Storage
- Cloudflare R2 for encrypted blobs
- Automatic expiration handling
- Only encrypted data stored
- Global distribution with smart placement
Why Edge-First Architecture?
The Traditional Problem
- Geographic Latency: Single server location means slow responses for global users
- Trust Requirements: Users must trust the server operator with their unencrypted data
- Infrastructure Complexity: Managing databases, backups, scaling, monitoring
- Single Point of Failure: Server downtime = service unavailable
- Legal Vulnerabilities: Centralized data storage subject to jurisdictional requests
Our Edge Solution
- Global Performance: Edge functions run within milliseconds of every user worldwide
- Zero-Knowledge by Design: Encryption happens client-side, we never see plaintext
- Serverless Simplicity: No databases to manage, automatic scaling, built-in redundancy
- Inherent Reliability: Distributed across 275+ data centers with automatic failover
- Regulatory Resilience: Can't decrypt data we don't have keys for
Key Architectural Decisions
Client-Side Encryption with Web Crypto API
Why This Works
- • Hardware-accelerated AES on modern devices
- • Cryptographically secure random number generation
- • Native browser support (no external dependencies)
- • Keys never leave the client browser
Trade-offs
- • Requires modern browser (no IE support)
- • JavaScript must be enabled
- • HTTPS required for crypto API access
- • Client-side performance varies by device
Custom Binary Format
Why Not JSON?
- • 40-60% smaller payload size
- • Streaming-friendly structure
- • Built-in versioning support
- • No parsing overhead on server
Complexity Cost
- • Custom serialization/deserialization logic
- • More complex debugging
- • Need tools for format inspection
- • Migration complexity for format changes
Stateless Edge Functions
Advantages
- • Infinite horizontal scalability
- • No database maintenance overhead
- • Cold start times under 1ms
- • Automatic global distribution
Constraints
- • 50ms CPU time budget per request
- • Limited to edge-compatible APIs
- • No persistent connections
- • All operations must be atomic
Working Within Edge Runtime Constraints
Edge functions have strict resource limits
Limited CPU time, memory, and APIs mean we had to rethink how traditional file sharing works.
Design Constraints
- CPU limits: No long-running operations or complex computations
- Memory constraints: Can't buffer large files in memory
- API limitations: Subset of Node.js APIs available
- Cold starts: Functions must start quickly from scratch
Our Solutions
- Streaming processing: Handle data as it flows through, no buffering
- Async operations: Non-blocking I/O for all external calls
- Efficient formats: Binary data structures for minimal parsing
- Edge-native APIs: Web Crypto instead of Node.js crypto libraries
What Makes It Zero-Knowledge?
Technical Implementation
- URL Fragment Keys: Encryption keys are stored in URL fragments (after #) which never reach any server
- Client-Side Crypto: All encryption/decryption happens in your browser using Web Crypto API
- Encrypted-Only Storage: We only store the encrypted blob, never plaintext or keys
- Metadata Encryption: Even file names and descriptions are encrypted with the same key
Real-World Implications
- Legal Protection: We cannot comply with requests to decrypt data we don't have keys for
- Server Breach Safety: Even if our systems are compromised, your data remains encrypted
- No Trust Required: You don't need to trust us with your sensitive data
- Audit-Friendly: Open source code means you can verify our claims
Want to Dive Deeper?
This is just the architectural overview. We're planning deep dives into cryptography implementation, binary format specification, performance optimization, and more.
Questions about our architecture? Found something interesting?
We'd love to hear from developers who are curious about how things work.