If you watch the news you might have heard that 2020 was the year of cybercrime. Ransomware up by 700%. 155 million US people affected by leaks. 36Bn record exposed worldwide. You find this disconcerting? What if we told you that this is just a small step to cyberpocalypse? Year over year, corporations throw more and more money in the cybersecurity dumpster fire. Are we coming to a solution? Not even close. Each minute $3M is lost to cybercrime and no cybersecurity summit is going to fix this.
Is there a solution? The secret is to follow the best practices taught by experts in the field. In the end, it all comes down to the same old same old. End-to-end encryption. A zero-knowledge cloud storage based on a unique cryptographic architecture: that's it. What's with all this jargon, you might ask? No worries: we’re giving you the cliff notes down below.
What is end-to-end encryption (E2EE)? A deep dive into end to end encryption
End-to-end encryption (E2EE) is the process of encoding information so that only the sender and the recipient can decrypt the message. Sounds obvious, are we right? But trust us when we tell you it gets a little trickier down the road. The thing is, if you just know this and nothing else, you might be fooled by corporate technobabble, and we don't want that, do we? Let’s go deeper then.
Public key cryptography
Do you remember elementary school? When we were about 9 years old we discovered the Caesar cypher - before you think we’re a genius, they taught this at school, and it wasn’t even called that way. What is the Caesar cypher? It's a way to encrypt information by using a secret code. Spooky, uh? Imagine we want to send you a note during class (because of course, this is what we thought the Caesar cypher was supposed to be used for!). Let’s say we want to write this message
but we don’t want the teacher to read it in case they see us. How to? Easy. We write this message instead
To create this gobbledygook we just switched each character with the following one in the alphabet. If you know what method we use to come up with “Gpsuojuf upojhiu”, i.e. the secret code, it’s trivial for you to decrypt the message. If you don’t, it’ll take you some time, but it’s still doable.
The problem is, guess what, the secret code. What if the teacher finds it out? Sure, we can agree on one after school, but what if we were spies exchanging letters from many miles away? We’d have no other way but writing it down in a letter, hoping that no one would intercept us.
Lucky us, math comes to the rescue. Rather than a Caesar cypher, which is an instance of symmetric cryptography, we can use asymmetric cryptography, also called public key cryptography. Basically, rather than employing a secret code to encrypt the message we both use cryptographic algorithms based on one-way functions to create a pair of keys, one private and one public. As a result, each one of us has a set of one public key and one private key.
Now, let’s say you want to send us a confidential message. No problem: you know our public key - it’s public, after all. To send us the message you just need to encrypt it with our public key. The cool thing is, such a message can only be decrypted with the receiver's private key, which is only known to the receiver. In other words, the message is undecryptable for anyone else. Why? Because to create this set of keys we used one-way functions.
The defining property of a one-way function is preimage resistance, that is, given any string Y, it should be computationally infeasible to find X such that H of X is equal to Y. Easy, right?
Ok, we’re kidding you. In human terms, a one-way function is a function that is hard to compute but easy to verify. Still hard? Ok, then here’s an example. Take a number - say, 215. What is the factorization of 215? That is, what are the smallest prime numbers that multiplied together give 215 as a result? Not a simple question, uh? The answer, if you’re curious, is 5 and 43.
How do we know? We checked. But seriously, how do we know? How can we be certain that "5 and 43" is the answer? If you're looking for a shortcut, there is none. You must rely on the good ol’ trial and error. Really! There is literally no way to solve this problem - if you find one, please let us know: we'd love to win a Nobel prize. But if we ask you what 5 x 43 is, easy peasy, you grab a calculator and voilà: 215.
In short, one-way functions are like beauty. If we ask you what beauty is, you don't know. You might say, we'll tell you when we see it.
This has powerful implications. In this case, you can apply this mathematical miracle - that there are questions whose answers are hard to find but easy to verify - to make puzzles. Puzzles you can use to secure your information from eavesdroppers.
In-transit, at-rest, server-side and client-side encryption
Now that you understand E2EE, you must know that many services use this term inappropriately. In fact, what they call end-to-end encryption is something else entirely. Depending on the context, what they mean is actually one of the following types of encryption:
- In-transit encryption
- At-rest encryption
- Server-side encryption
- Client-side encryption
In-transit encryption means that the information is only encrypted while in transit. In layman terms, the platform you use to send the message encrypts it, but at the same time it holds your private key. The platform is, in other words, a trusted third party - which is codeword for security hole.
At-rest encryption, on the other hand, means that the information is only encrypted when it is not in transit. Take your hard drive for example. If it is at-rest encrypted, no one without your private key can decrypt it, but there’s no stopping anyone from decrypting it while in transit.
Server-side encryption means the information is encrypted on the server. In contrast, client-side encryption means the information is encrypted on the client, i.e. on your computer, mobile phone or whatever device you are using.
Zero-knowledge cloud storage explained: cryptographic architecture
A zero-knowledge cloud storage is based on a unique kind of cryptographic architecture where no one but the user of the service knows the user's private keys. Crystal clear, right? Sadly, no. More often than not, people use a service thinking their privacy is safeguarded, only to discover it is not when it’s too late.
If you care about privacy, you might have stumbled upon some recent news about cloud storage providers snooping around their users’ files. More than anything, this should be a wake up call for everyone, but once again, this is further evidence that zero-knowledge cloud storage is a necessity.
Cubbit: zero-knowledge cloud storage
With all this in mind, what kind of platform should you be looking at when it comes to cloud storage? The answer is Cubbit - shameless plug, we know.
Cubbit is a zero-knowledge cloud storage platform. In short, it enables real, unadulterated privacy for everyone. How does that work? Rather than storing their data on Big Tech’s server farms, Cubbit users secure their information in a peer-to-peer network of Cubbit Cells - servers in the hands of the users.
Files you store in Cubbit are not inside your Cubbit Cell – they’re distributed over the network via p2p channels in multiple encrypted copies. Should one of these copies go offline, Cubbit makes new ones automatically - all without ever getting access to your files.
This has many advantages over traditional cloud storage. For one, it is secure. Also, it is eco-sustainable.
As of today, data centers are responsible for a huge amount of CO2 emissions (which account for approximately 3.7% of those produced globally [source: TheShiftProject], while the ICT ecosystem is estimated to be responsible, as of today, for 10% of the total worldwide energy demand - equivalent to the combined energy production of Germany and Japan). Cubbit, on the other hand, it's up to 10x greener than traditional cloud storage solutions, allowing you to save 40KG of CO2 for every TB of storage you store on the cloud.
Pretty dope, right? And this is just the start.
Give it a try. Privacy is your right.