Encryption on-chain: Akord's approach
Introduction
More than ever, data security is of paramount importance. To address this issue, the concept of end-to-end encryption has gained prominence. End-to-end encryption ensures that data leaving a user's device is encrypted before transmission, preventing any unathorized access of the data. However, it is essential to understand the nuances of this encryption method as well as the considerations for encrypting data on a blockchain.
Understanding end-to-end encryption and Its importance
End-to-end encryption guarantees that data remains encrypted throughout its journey—from transit to processing and storage. This means that any information leaving a user's device is encrypted and can only be decrypted by the intended recipient.
Ownership of encryption keys is crucial in this process. If you don’t own the keys, then it is not end-to-end encryption. It is encryption by proxy, and you’re back to the web2 world where there is a backdoor.
The vault system: secure data sharing in Akord
Akord's vault system provides a secure environment for data sharing among its members. To illustrate this, let's imagine a vault with five members, each having their own unique public address.
Akord employs a common encryption key shared among the vault members to secure the data. Whenever a member is added or removed from the vault, the keys are rotated, generating a new set of keys. As a result, any new data sent to the vault is encrypted using these updated keys.
The vault's timeline reflects a sequence of events, such as the owner inviting two people, rotating keys, inviting more members, rotating keys again, and removing individuals from the vault. This ensures that each member only has access to the data within the vault during their active participation.
Ensuring data privacy: limitations and challenges of encryption on the blockchain
While encryption on the blockchain provides significant advantages, there are inherent limitations that must be considered. Let’s start with the basis of encryption: the cost to brute force. By that we mean our encryption is only as good as it cannot be brute force attacked. So if you take AES256, if we took all the computers on Earth working together the average time taken to brute force crack AES-256 is: 13,668,946,519,203,305,597,215,004,987,461,470,161,805,533,714,878,481 years. In other words, it’s basically not possible to brute force AES256.
However, encryption methods like elliptic curve and RSA, which rely on prime numbers, are susceptible to potential decryption through quantum algorithms. Storing such encryption on the blockchain poses risks since the extended lifespan of blockchain data provides ample time for computing power to catch up and potentially decrypt the information.
Symmetric and asymmetric encryption
In the world of encryption, two prominent approaches are symmetric and asymmetric encryption. Symmetric encryption utilizes a single key for both encrypting and decrypting data. For secure communication between two parties, the shared key must remain confidential.
Asymmetric encryption, on the other hand, employs a pair of keys: a public key and a private key. The public key is freely distributed, allowing others to encrypt data that only the private key holder can decrypt. While asymmetric encryption is commonly used in blockchains today, its vulnerability to quantum computing attacks necessitates careful consideration.
Akord’s encryption methods for on-chain storage
To ensure data security in on-chain storage, it is crucial to select encryption methods that are resilient to potential quantum computing attacks.
Akord does not use any asymmetric encryption methods like elliptic curve or RSA encryption on the Arweave blockchain, as these methods may become susceptible to decryption in the future. Quantum-resistant encryption techniques, such as lattice-based encryption, are being developed but are still in their infancy. At Akord, we use AES256 encryption on-chain, and we use asymmetric encryption between the members to exchange the symmetric key, but that’s executed off-chain.
To further enhance the security of the vault system, Akord employs hashing functions to secure public addresses. Rather than storing public addresses directly on the blockchain, we apply cryptographic hashing algorithms to transform the public addresses into unique hash values. This approach adds an additional layer of protection by concealing the actual public addresses and preventing any potential identification or tracking of vault members solely based on their public addresses. By securely hashing public addresses, Akord reinforces the privacy and anonymity of its users within the vault system.
Conclusion
In conclusion, Akord's approach to data encryption encompasses both end-to-end encryption and careful consideration to on-chain encryption methods, ensuring comprehensive data security throughout the entire data lifecycle.
Through the use of end-to-end encryption, data remains encrypted during transit, processing, and storage outside the user's device. Akord's vault system takes data protection a step further, specifically employing AES256 encryption for on-chain storage, off-chain asymmetric encryption for secure key exchange, and hashing functions to safeguard public addresses.
With ongoing research and development in quantum-resistant encryption, we remain committed to continually evolving our encryption protocols to ensure the long-term protection of our users' sensitive information. By adhering to best practices in encryption and implementing cutting-edge techniques, Akord empowers individuals and organizations to confidently share and collaborate on sensitive data on-chain, while maintaining the highest levels of confidentiality and data integrity.
Learn more
Interested in more on this topic? Check out these related articles:
Make your first upload to Arweave for free
Upload public or private data to Akord’s digital vaults. The only app to provide free storage on the Arweave blockchain.