Encryption popularized
- Encryption: The act of transforming a message into a cipher-text. A cipher-text is an altered message that is protected by a secret. It is easier to get the message with the secret than it is without.
- Cipher: A cipher is a method of encryption. It can be thought as a mathematical function that transforms a plain-text, known as the message, into a cipher-text.
Encrypting data. You may have read about that dozens of times, but what does it means? Like a cooking recipe, you need a few ingredients to encrypt a message:
- The message: This is the element that we want to transmit in a way that is easy to read for our recipient, but hard to read for an eavesdropper.
- A shared secret: This is a bit of data both we and the recipient share, it may be a bit of data, or a mathematical property.
- A cipher function: There are numerous cipher functions, from simple ones that don't even have need for a secret to complex mathematical constructs.
An end-to-end encrypted cloud storage must resist attacks on its encryption, let's see what does this mean.
What does it means to be resilient?
Ciphers, also sometimes known as encryption schemes, have different properties. Let's go over the most basic ones:
- Key size: The amount of secret data the algorithm uses. Generally, we count that in bits. For example: 8 bits means that there are 256 possible keys; 2⁸ being equal to 256. This means that each bit makes the key twice as effective.
- Computational requirements: Ciphers take a different amount of time to compute. This makes them slower to use, but also safer. For example: the Salsa cipher has several variants: Salsa8, Salsa12 and Salsa20; the number at the end of the variant is the strengh of the variant: if it takes 1 second to encrypt something with Salsa8, it will take roughly \(\frac{20}{8} = 2.5\) seconds to encrypt with Salsa20. This is also valid for deciphering.
These basic properties describe how resilient a cipher is to what is called a brute-force attack. A brute-force attack consists in trying to decipher the data with all the possible keys until it makes sense.
You need to beware because while it may take 0.1 seconds to check for a key today, Moore law says that in 3 years, it will only take 0.025 seconds. This is equivalent to weakening the key by 1 bit every 1.5 years. This means that data in an encrypted cloud storage has a lifetime after which it is no longer safe. For a sufficiently encrypted data, that lifetime may be up to a few hundred years.
Linear cryptanalysis and other mathematical tricks
Linear cryptanalysis is one of the many techniques used to lower the resilience to attacks of a cipher. It uses the properties of the cipher to reduce the amount of possible keys that are needed to be examined. This means that the cipher used have to be checked for mathematical flaws regularly to ensure they remain safe for preservation in a cloud storage.
Side-channel attacks
Side-channels mean to break the secrecy by using data that is neither part of the cipher nor of the secret, but instead using data linked to the process itself. For example, some researchers could partially break an encryption scheme from a recording of the sound of a computer while it was encrypting the data. Remember that it means that lots of things can go wrong before you send your data to our encrypted cloud storage, meaning that we must make sure the code that runs on the computer that encrypts the data is safe.
Special attacks
Some ciphers can be attacked on their properties using different techniques like quantum computing for example. While it is unlikely an individual will be able to afford a quantum computer with sufficient capabilities anytime soon, large companies and countries can afford quantum computer nearly powerful enough. Quantum computing can however only solve a few very specific problems and hence can only break a select few ciphers.
The only perfect encryption
There is only one cipher that is considered perfect. It is called a One-Time Pad. It is a random key of the same size as the message that is mixed in piecewise with the data. Because no piece of the secret is used more than once, there is no pattern to examine. This means that the message could be any message of the same length.
This perfect scheme is usable in SStorage to protect the actual keys that you may use. This is part of the way SStorage ensure its security as an encrypted cloud storage.
Conclusion
Encryption is a critical piece for private safekeeping of information. Encrypted cloud storage is something that is primarily aimed at protecting the critical private data, for example medical or legal data.
I invite you to check the information at https://nekoit.xyz/, join us on Discord or Telegram, or follow me on Mastodon Archivist@social.linux.pizza