INTRODUCTION
Project Name: DeinLex
Name of individuals submitting the proposal: Princess Uhiene (Code Duchess) & Gift Eleojo (Gifetea)
Princess Uhiene (Code Duchess) is a developer with hands-on experience building full-stack applications in React, TypeScript, and Node.js. She previously contributed to two Sia Foundation-funded and completed grants under Dapp Mentors — SiaPeopleLearn, a decentralized eLearning platform built on Sia Renterd, and SiaLearn, a developer education program that produced a fully integrated video streaming application on Sia.
Gift Uhiene (Gifetea) is a developer with experience in smart contract development, full-stack Web3 applications, and developer tooling. She has spoken at multiple Google Developer Events in Port Harcourt, Nigeria, delivering technical sessions to local developer communities, and participated in the Encode Marathon 2025 hackathon as part of a winning team alongside Princess Uhiene.
Describe your project
People share sensitive files every day, large videos, high-resolution photos, datasets, scanned documents, and contracts over platforms like Google Drive, Dropbox, and WeTransfer. These services can access, modify, or delete your files at any time. Users have no way to prove a file hasn’t been changed after it was uploaded.
DeinLex is a decentralized file-sharing application built natively on Sia using indexd. A user uploads any file directly from their browser. The file is encrypted client-side before it ever leaves the device, stored across Sia’s distributed host network via indexd, and assigned a cryptographic integrity receipt with a SHA-256 hash tied to the upload. Anyone with the share link can download the file and independently verify it is byte-for-byte identical to the original upload, without trusting any server, company, or admin.
DeinLex is designed primarily for large single-file videos, high-resolution images, datasets, and documents where reliable availability and tamper-evidence matter most. It replaces vendor-locked tools with a Sia-native alternative where users own their data completely.
We’re building DeinLex because we believe that verifiable, user-owned file sharing should exist as a real tool not just a concept and Sia makes it possible in a way no centralized platform ever can.
How does the projected outcome serve the Foundation’s mission of user-owned data? What problem does your project solve?
Centralized file sharing tools take ownership of your data the moment you upload. They can alter, delete, or hand it over without your knowledge and you have no way to prove otherwise.
Files are encrypted in the browser using the WebCrypto API before they ever reach our middleware. indexd and the Sia host network only ever store encrypted bytes; they have no way to read your data. The integrity receipt is computed on the user’s device before upload, embedded in the share link, and recomputed on the recipient’s device after download. Our servers are not involved in verification at all. A user can independently confirm their file is untampered without trusting DeinLex, indexd, or any Sia host.
This is what user-owned data actually means in practice, not just stored on a decentralized network, but verifiable and private by construction.
Are you a resident of any jurisdiction on the restricted list? No.
Will your payment bank account be located in any jurisdiction on that list? No.
GRANT SPECIFICS
Amount requested: $10,000
The total grant requested is $10,000, to be paid in monthly USD wire transfers.
-
$8,500 — Development
Covers three months of development work by both Princess and Gift across the full application stack. -
$1,000 — Infrastructure
Funds 12 months of server hosting for the Node.js middleware and public demo deployment, ensuring DienLex remains accessible well beyond the grant period. -
$500 — Security Review
Allocated for an independent review of the client-side encryption and credential-handling implementation to validate the security model before public release.
High-level architecture overview
Data flow end-to-end:
-
User selects a file in the browser, any size, any type
-
WebCrypto API computes the file’s SHA-256 hash, this becomes the integrity receipt
-
WebCrypto encrypts the file using AES-256-GCM, the key is derived from the user’s keypair and never leaves the client
-
The browser sends only encrypted bytes to the Node.js middleware — no plaintext ever crosses the network
-
Middleware calls POST /slabs — indexd distributes erasure-coded encrypted shards across Sia hosts
-
Middleware calls POST /objects — registers the SHA-256 hash as the object key alongside the encryptedMasterKey and encrypted metadata
-
User receives a shareable link containing the object key and enough context for the recipient to fetch and verify
-
Recipient calls GET /objects/{key}, downloads the file, decrypts it, recomputes the hash, and confirms it matches the receipt — if a single byte has changed, verification fails automatically
Security practices:
-
No plaintext leaves the client. All encryption is performed in the browser via the WebCrypto API. The middleware and indexd only ever handle encrypted bytes
-
Content verification on every download. The SHA-256 hash is recomputed on the recipient’s device and compared against the receipt before decryption. Tampered or corrupted files are rejected
-
Key isolation. The AES-256-GCM key is stored in indexd’s encryptedMasterKey field, locked to the user’s public key. DeinLex’s server never holds a usable decryption key
-
Admin API never exposed publicly. The App API uses ed25519 keypair signing for all authentication
-
All secrets stored in environment variables, never committed to source control
-
HTTPS/TLS across all communication between the browser, middleware, and indexd
-
npm audit and Dependabot for dependency hygiene. Sia-specific dependencies limited to @siafoundation/indexd-js
Goals and timeline
Month 1 — Core foundations
-
GitHub repository and CI pipeline setup
-
React frontend and Node.js middleware scaffolding
-
indexd authentication and app registration flow
-
In-browser AES-256-GCM encryption and SHA-256 hashing via WebCrypto API
-
Large file upload and download via indexd including chunked streaming for multi-GB files
-
Share link generation with embedded integrity receipt
Month 2 — Verification interface and beta
-
File integrity verification UI — recipient pastes link, file downloads, hash verification runs automatically, pass or fail result displayed clearly
-
File management interface — users browse their uploaded files, view receipts, copy share links, delete files
-
Private beta with real users across a range of file types and sizes
-
Bug fixes and edge case hardening from beta feedback
Month 3 — Hardening and public release
-
Independent security review of the encryption implementation and credential handling
-
Cross-browser testing and documented compatibility notes for Chrome, Firefox, and Safari
-
Public demo deployed at a stable URL
-
Full user-facing documentation published
-
Final grant report submitted to the Sia Foundation
Who is the target user?
Anyone who needs to share large files and be able to prove those files have not been altered. This includes:
-
Individuals sharing contracts, medical records, financial documents, or personal photos who want a Sia-native alternative to Google Drive and Dropbox
-
Developers and researchers sharing large datasets, build artifacts, or high-resolution assets where tamper-evidence and reliable, contract-based availability matter
-
Journalists and investigators who need source materials and recordings stored somewhere that cannot be taken down or quietly modified
-
Legal professionals and NGOs who need independently verifiable file records
-
Privacy-conscious users looking for a vendor-lock-in-free replacement for WeTransfer and similar tools
Why is this use case needed and why is Sia the right fit?
Demand for private, verifiable file sharing is well established. Tools like Magic Wormhole, OnionShare, and Keybase File System have large active user bases precisely because people distrust centralized storage for sensitive files. WeTransfer processes billions of transfers annually yet offers zero tamper-evidence and full vendor control. There is no mainstream indexd-native equivalent in the Sia ecosystem today.
Sia is the right fit architecturally. Unlike IPFS-based tools, Sia’s host contract model ensures files remain available and retrievable over time, not just cached temporarily. The combination of client-side encryption, indexd’s content-addressed object storage, and erasure-coded distribution across independent hosts creates a tamper-evidence model that no centralized tool can match by architecture, not just by policy. The integrity receipt is verifiable by anyone without ever contacting DeinLex’s servers.
What are your plans for this project following the grant?
Post-grant focus is on real-world adoption. Initial target users are individuals, developers, and privacy-conscious professionals whose feedback will inform what gets built next. Community channels on Discord and BlueSky will be set up at launch for feedback and updates.
Long-term, DeinLex moves to a freemium model, free for individuals, with paid storage tiers for heavier users. Storage costs are passed directly to users in Siacoin, keeping DeinLex’s infrastructure lean and self-sustaining without ongoing grant funding.
Future development directions informed by real usage after launch may include team folder sharing, mobile support, and increased file size limits as Sia host capacity grows. These are post-grant and driven by what users actually need, not built into this scope.
One thing we do plan to do naturally as the codebase matures is keep the indexd integration layer clean and well-documented, so other developers building on Sia can learn from it or adapt it. That’s not a formal deliverable of this grant but it’s something we care about as developers who benefited from reading other people’s open-source Sia code when we were getting started.
Potential risks that will affect the outcome of the project
-
Sia host availability. Development and testing will be done on the Zen testnet first. Mainnet deployment only after host availability is confirmed stable for the file sizes we are targeting.
-
Large file streaming. Multi-GB files require chunked streaming uploads to avoid browser memory limits. Streaming via the indexd slab API will be implemented and tested with representative large files, videos and datasets during Month 1, not left to the end.
-
WebCrypto browser differences. Chrome, Firefox, and Safari handle key derivation slightly differently. All three will be tested throughout development. Known limitations will be documented clearly in the public release.
-
indexd maturity. Some areas of indexd are still maturing. We plan to test against the Zen testnet early and will report any undocumented behaviour or edge cases we encounter back to the community as part of our monthly progress reports.
DEVELOPMENT INFORMATION
Will all of the project’s code be open-source? Yes. All code will be released under the MIT license.
Where will code be accessible for review? https://github.com/Uhiene/deinlex
Do you agree to submit monthly progress reports? Yes. Monthly reports will be submitted to the Sia Forum with milestone summaries and links to all relevant pull requests.
CONTACT
Email: [email protected]
Other contact methods:
Discord: code_queen_
Telegram: @Uhiene_Princess
X: @chenemi_U