https://negura.IMAGE.store/

An experimental exploration of privacy, encryption, and content-addressable storage

What happens when encrypted fragments are indistinguishable from random noise?

Negura is a thought experiment implemented in code. It explores the technical and philosophical boundaries of privacy-preserving image storage using XOR-based decomposition and content-addressable storage.

The Name

Negura (Romanian: /ne'gu.ra/) means mist or fog. Just as fog obscures the landscape while each water droplet remains visible, negura.store obscures images while each layer blob remains publicly accessible. The individual pieces reveal nothing; only with the complete URL can the fog lift and the image emerge.

How It Works

Client-Side XOR Decomposition

When you upload an image, your browser (not the server) splits it into three layers:

Original Image ──┬──► Layer 1 (random or reused from existing blob) │ ├──► Layer 2 (random or reused from existing blob) │ └──► Layer 3 = Original XOR Layer1 XOR Layer2

The XOR operation ensures that:

Any single layer reveals nothing - each layer alone is indistinguishable from random noise
Any two layers reveal nothing - you need all three to reconstruct the image
Reconstruction is lossless - Layer1 XOR Layer2 XOR Layer3 = Original

Content-Addressable Storage

Each layer is stored by its SHA-256 hash. The server has no metadata linking layers together:

Layer 1 ────► /api/blob/a3f8c... (stored by hash) Layer 2 ────► /api/blob/7b2e1... (stored by hash) Layer 3 ────► /api/blob/f91d4... (stored by hash) Server sees: Three unrelated blobs of random-looking data URL holds: negura://800,600.a3f8c...,10,20.7b2e1...,0,0.f91d4...

The URL is the only index. The server cannot determine which blobs form an image, or even if any blobs are related at all. Only the person holding the URL can reconstruct the original.

Layer Mixing (Maximum Entanglement)

When possible, both Layer 1 and Layer 2 are reused from existing blobs on the server. This creates deep "entanglement" where only Layer 3 is unique to your image:

Blob X participates in: Blob Y participates in: ├── Image A (as Layer 1) ├── Image A (as Layer 2) ├── Image B (as Layer 1) ├── Image D (as Layer 1) └── Image C (as Layer 1) └── Image E (as Layer 2) Each reconstruction yields a completely different image. There's no way to determine which image any blob "belongs to."

Random Offsets

When cropping from a larger blob, random offsets are chosen. Different offsets from the same blob produce completely different XOR results, further increasing ambiguity.

URL Format

negura://W,H.hash1,ox1,oy1.hash2,ox2,oy2.hash3

W,H          = Target image dimensions
hash1,ox1,oy1 = Layer 1 hash and crop offset
hash2,ox2,oy2 = Layer 2 hash and crop offset
hash3        = Layer 3 hash (exact size, no offset)

Embedding on Other Sites

Include the loader script and use negura:// URLs in image tags:

<script src="https://your-server.com/loader.js"></script>
<img src="negura://800,600.a3f8c...,0,0.7b2e1...,0,0.f91d4..." alt="...">

The loader fetches all layers, performs XOR reconstruction in the browser, and displays the result.

Technical Properties

Lossless - Images are stored and reconstructed without any quality loss
Client-side encryption - Original image never leaves your browser
No server-side index - Layers are unlinkable without the URL
Content-addressable - Duplicate layers are automatically deduplicated
Layer ambiguity - Same blob can participate in multiple unrelated images
Offset randomization - Adds another dimension of unlinkability

Philosophical Questions

On storage: If data is provably random, what is being "stored"? The meaning exists only in the URL fragment, which never touches the server.

On encryption: XOR with a one-time pad is information-theoretically secure. Each layer provides zero information about the original without the others.

On identity: When the same blob participates in reconstructing thousands of different images, does it "contain" any of them?

On responsibility: Where does responsibility lie when the server genuinely cannot know what it stores?

Experimental Project
This is a technical exploration, not a production service. It exists to probe questions about privacy, encryption, and content-addressable storage. Do not use this for production, just for experimentation and philosophical discussion.

Limitations

Maximum image size: 3840x2160 (4K)
Only PNG output (lossless)
URL length increases with hash size
Requires JavaScript for reconstruction
No alpha channel - transparent areas are flattened to white before processing

Source & License

This is an experimental, philosophical project exploring the boundaries of privacy-preserving storage. The concepts and implementation are provided for educational purposes.

"The server stores random noise. The meaning exists only in the link."