# Key Security Features

## Key Security Features

1\. Access Control\
\
\- Government Addresses: Added via add\_government\_address(), can decrypt any document\
\- Regular Users: Must register via register\_user() to decrypt their own documents\
\- Encryption ID Prefix: Ensures documents are bound to specific whitelists\
\
2\. Threshold Encryption\
\
\- Requires agreement from multiple Seal key servers (threshold: 2)\
\- Prevents single point of failure\
\- Distributed trust model\
\
3\. Session Key Management\
\
\- Temporary keys with TTL (Time To Live)\
\- Personal message signature for authentication\
\- Reusable within TTL period\
\
**Data Flow Summary**\
Encryption:\
1\. Generate encryption ID: \[whitelist\_id]\[nonce]\
2\. Encrypt with Seal SDK (threshold: 2)\
3\. Upload to Walrus storage\
4\. Store metadata (blob ID, encryption ID)\
\
Decryption:\
1\. Create and sign session key\
2\. Download from Walrus aggregator\
3\. Decrypt with Seal SDK using move call authorization\
4\. Display decrypted content