A common question we receive is how to reconcile our privacy claims with the fact that we store user data on remote servers, whereas many alternative end-to-end encryption solutions use only the local device for long-term storage.
In fact, the purpose of encryption is explicitly to avoid the need for trust in remote servers/networks to begin with! Any data that has been encrypted with a strong (256-bit) symmetric key, no matter how sensitive it may be, could be published for everyone in the world to see and it would be as indecipherable as random noise.
Therefore, there is no contradiction in synchronizing your encrypted data via the cloud while ensuring its strict confidentiality. The tradeoff is increased cost and complexity on our end, in exchange for a superior user experience and enhanced functionality.
Here is an overview of our encrypted cloud storage architecture:
- To log in, you will need your username (e.g. @ryan) and a long auto-generated password that we refer to as the master key (e.g.
synthesis sleek brandon doubling bagpipe immortal backroom anointer mccarthy).
- While the master key acts like a password in the context of the Cyph user interface, it is actually used as a strong encryption key (with a configurable level of entropy, bit 128-bit by default1) and impossible to crack via brute force attacks using any amount of computing power on Earth.
- A form of augmented PAKE is used to authenticate the user with the Cyph cloud infrastructure without revealing anything about the master key to our servers.
- As mentioned, a symmetric encryption key is derived from the master key (via Argon2id hashing), which is then used to decrypt an encrypted payload from the server that contains a second symmetric key.
- After that point, it’s the same in principle as full disk encryption, with that second key being used to encrypt and decrypt all user data; the only difference is that instead of a local disk the storage medium is a remote database.
- For messaging specifically, messages are all secured via the quantum-computing-resistant Castle encryption protocol before being persisted to each party’s encrypted cloud storage.