Questions To Ask Your Cloud Provider

Cloud computing is great, right? You can outsource all of your storage needs to someone else, and let them do the heavy lifting, while you enjoy seamless access, whenever, wherever. However, this comes at a cost: They get to see your data. Sure, they do their part to ensure that it’s secure against adversaries, but they still have access to it.

Of course, this is necessary from a functionality point of view; after all, if the data was encrypted, how could they return search results to you when you wanted to search for a particular keyword across a massive set of documents? They couldn’t. Yes, there are apps for encrypting your data before it’s stored, but the cloud provider will need a copy of your keys in order to decrypt it prior to search. Otherwise, you’re going to have to download everything and search for it locally, making the appeal of cloud storage a lot less appealing.

Here’s a few questions you should be asking your cloud provider, to gauge where they fit in to the answer to “who has access to my data?”. While you might see them as an extension of your security, they might actually be exposing you to more threats. We’ll answer these questions from our perspective, so you’ll know where we stand.

What if I forget my password?

Unfortunately, if you forget your password, we’re unable to recover it for you. However, this is actually fortunate; it means we never have access to it in the first place. We provide strong cryptographic protection for your data, but not at the expense of requiring that you trust us with access to it. All passwords and keys are generated by you, the client, on your device.

What if an employee leaves and I need access to the data?

This can be a huge problem. In the “CIA” pyramid of “Confidentiality, Integrity, and Availability”, having company data rendered permanently unavailable can be just devastating as unauthorized access to it. You’ll hear things like “key recovery” and “key escrow” being tossed around, but don’t mistake these as synonyms for one another; they’re vastly different things.

It’s a good idea to have a secure key recovery process in place that will allow those with authorization to gain access to company data, should an employee’s key(s) become unavailable. However, this should be done locally; don’t trust a third party cloud provider that offers a “key escrow” service where they hold the keys. This is only making your attack surface larger by exposing you to more threats.

If you don’t have access to my keys, how do you search / organize my data?

You might be thinking, “You just said cloud providers can’t do this without access to my keys, right?” Right. That’s true. But that’s where homomorphic encryption comes in. We’ve built a secure and efficient search protocol powered by our fully homomorphic encryption scheme that’s based on multivariate polynomials. The really magical property of homomorphic encryption is that you can process encrypted data without decrypting it.

What this means for you is that not only can you store encrypted data in the cloud, but, using our API, the cloud provider can process encrypted search queries that you send to it, and return encrypted search results to you. The beauty of this is that the cloud provider never learns anything about what you’re searching for or the related documents. This makes compliance a lot easier, because you’re not outsourcing your trust along with your data.

In the near future, we’ll be posting more on how we’re looking to solve the “forgotten password” problem. In addition, we’ll also share more about how we’re looking to make authentication a lot easier, by supporting hardware solutions like Yubikey.

Looking Back on 2015; Looking Forward to 2016

With Kodex, we didn’t just want to do things better; we wanted to do more. This is why Kodex is pioneering efforts to bring searchable encryption to the mainstream. Kodex’s dynamic, multi-user searchable encryption scheme is powered by our own advancements in fully homomorphic encryption.

The crown jewel attribute of this type of searchable encryption is that data doesn’t need to be decrypted in order to be searched. The server never needs access to decryption keys. This makes it possible for Kodex to generate all keys client-side; these keys never touch the server in the clear. You can search for your data without the server ever learning what you’re searching for. And we are proud of this breakthrough.

We launched in September 2015, alongside generous coverage from Forbes. Since then, we’ve been growing our team to keep up with the growing interest in Kodex. We’ve been bringing aboard engineers of the utmost caliber, from institutions like Columbia, Stanford, and Waterloo, so that we can continue to refine our implementation of FHE, making it perform and scale even better in the browser. In addition to the engineering challenges we face with Kodex, we’re maintaining a UX-first approach to product design. To ensure we get this right, we’ve been bringing aboard designers who have worked on everything from luxury car interfaces to next generation operating systems. To cap it off, we officially added Jean-Charles Faugère and Ludovic Perret as two of Kryptnostic’s newest advisors; they were instrumental in the development and cryptanalysis of our KFHE scheme. We’re currently working on a deeper technical description and analysis of our KFHE scheme, and how it ties into our approach to searchable encryption.

We want Kodex to be a leader in raising the bar of expectations for what a good user experience feels like, as well as integrating the cutting edge in what cryptographic research has to offer. We’re only willing to build the best products we can imagine — products that allow users to do things they’ve never been able to do before.

2016 will find us working full-force. You’re going to see an even more amazing Kodex, a robust API for integrating our KFHE functionality, and a host of other awesome new things. Get ready. And reach us ( if you are looking for specific KFHE applications / use cases. We are listening.

For Crypto to Be Useful, the Product Must be Usable

UX-Driven Real-world Cryptography

Kodex is our UX-driven answer to the problem that is poor usability in cryptographic software. Since the early ’90s, when PGP first came about, we’ve watched the demand for strong cryptography grow tremendously, while the overall user experience of many crypto products remains largely stagnant and unapproachable. There’s one certainty to be learned: strong cryptography isn’t useful if the product isn’t usable. Exposing the complexities of crypto, at all, is a sure-fire way towards a shelved product.

It should come as no surprise that cryptographic products for collaboration have yet to be widely adopted, given that UX design expertise is brought in at a late stage or not at all. The design problem has always been framed, “how do we make it easier for people to encrypt?” In reality, nobody wants to encrypt; this fallacy would have been caught with even a basic understanding of consumer product UX. People want to feel safe, secure, and private, but they also have their own sets of things to get done — cryptography not among them.

With Kodex, we reframe the design question to, “how do we let users know they’re safe, while not interfering with their productivity?” Getting this right means building an inviting product that provides solid functionality (in our case, frictionless messaging and file sharing), while hardening this functionality behind the scenes (authenticated message/file encryption + searchable encryption), with just the right feedback and cues for the user to know that their user experience is also a safe one.

Consumers Use Products — Not Cryptography

This mentality spurred an important movement here at Kryptnostic. The design problem thus reframed, we put a focal emphasis on the user experience of what we’re building — not just the myopic viewpoint of thinking only about security and privacy. After all, consumers use products — not cryptography — and that’s actually a good thing. Our job is to build in the benefits of strong cryptography without burdening users with complexity. However, that means we also have to build products that empower them to be better at being productive.

Kryptnostic’s In-house UX Team

In addition to building our team of engineers and cryptographers, we’re also building our team of designers, with design chops from institutions like Savannah College of Art and Design, BMW, and Nokia. This team is working hand-in-hand with our engineers and cryptographers to ensure that our work towards securing user data begins with the end of great usability in mind. Kodex, our collaboration tool with searchable encryption, is only the first product we’re applying this design philosophy towards. Our next product offerings are aimed at giving software developers the same great experience with cryptography.

Try Kodex:

Let us know what you think, and what you want out of a product like this.

Distinction Between KFHE and Searchable Encryption

In preparation for an upcoming paper on KFHE, and the search protocol that makes use of it, we wanted to expound a little on the distinction between these two things.

KFHE is a fully homomorphic encryption primitive based on multivariate polynomials that supports arbitrarily chaining together supported operations to arbitrary depth. The underlying hard problem is the functional decomposition problem (FDP) [1] that is setup as an obfuscated instance of the isomorphism of polynomials (IP) [2].

FDP is concerned with the decomposition of multivariate polynomials; IP is concerned with recovering a particular transformation between two sets of polynomials, thus making it possible to obtain one set from the other (e.g., key recovery). KFHE’s security relies on the hardness of these problems, which are fundamental to the cryptanalysis of schemes that fall within the scope of multivariate cryptography.

Much of the work in this space has been pioneered by both Faugère and Perret — with whom we’ve been working in order to build a primitive that’s hardened against the classes of cryptanalytical attacks they’ve published.

The security model we have in mind when analyzing the KFHE primitive is IND-CCA1, indistinguishability against non-adaptive chosen-ciphertext attacks. Our search protocol is modeled as a searchable symmetric encryption scheme that uses KFHE as a primitive; the security model we have in mind when analyzing this searchable encryption scheme is that of IND-CKA2, or indistinguishability against adaptive chosen-keyword attacks.

In coming weeks, we’ll have a draft of our KFHE paper publicly available, with detailed implementation information, benchmarks, and a description of our search protocol. In the meanwhile, feel free to reach out for any clarifications!

[1] Faugère, J.-C. & Perret, L. (2006). Cryptanalysis of 2R- Schemes.. In C. Dwork (ed.), CRYPTO (p./pp. 357-372), : Springer. ISBN: 3-540-37432-9

[2] Faugère, J.-C. & Perret, L. (2006). Polynomial Equivalence Problems: Algorithmic and Theoretical Aspects.. In S. Vaudenay (ed.), EUROCRYPT (p./pp. 30-47), : Springer. ISBN: 3-540-34546-9


Problems Reaching through Tor

We’ve received some feedback from Tor users that when trying to access, they were instead being informed that their IP was blacklisted. We tried to reproduce this and, sure enough, the feedback was right. We were eventually able to access, but only after several failed attempts, as it appears quite a few IPs are affected.

While we aren’t doing anything on our end to purposely block IPs, the built-in protection of our CDN, CloudFlare, seems to be what’s triggering it. Fortunately, we’re able to toggle the settings, so we’ve relaxed them a bit to see if this alleviates the issue for most users. After testing, we’re currently hitting without any issue.

Thanks for letting us know, and please reach out should you have trouble accessing anything!

Introducing Kodex: Secure Chat + Collaboration + FHE-encrypted Search

User Experience + Strong Cryptography

Every good user experience is marked by a winning trait: it enables users to be a better version of themselves. Real-world cryptography hasn’t traditionally exhibited this trait, despite being the decisive factor for whether or not users can actually benefit from what cryptography provides. All too often, complex details are exposed to the user, asking them to make decisions they don’t know how to safely make. Cryptography should enhance what the user can accomplish; it should enable them to be better — not add to their workload and hold them back. A poor user experience shouldn’t cost users security and privacy. We innovate by making good user experiences more secure and private.

Chat + Collaborate + Encrypted Search

Kryptnostic’s first contribution to more usable crypto applications is a new enterprise chat and collaboration platform that uses fully homomorphic encryption for encrypted search, and we’re launching it today.

Welcome the first addition to Kryptnostic’s family of usable crypto products:

What’s distinctive about Kodex is that, while we’re implementing the time-tested, industry standard crypto you’d hope for in an enterprise product, we’re also progressively building on a type of cryptography that offers a lot, but has been challenging to harness in an efficient way, due to its computational constraints — that being, fully homomorphic encryption (FHE).

Homomorphic encryption makes it possible to perform meaningful computations on ciphertext without needing the decryption key; what this means is that a service that has your data can process it and do useful things with it, at your request, without needing access to your keys or ever seeing plaintext. Want to search through your data in the cloud, but don’t want to tell the cloud provider what you’re searching for? Done. That’s just one outstanding problem for which homomorphic encryption provides an answer.

KFHE: Kryptnostic’s Fully Homomorphic Encryption

With ongoing cryptanalysis and advisement from French cryptanalysts, Ludovic Perret and Jean-Charles Faugère, we’ve spent the last couple of years designing a fully homomorphic encryption scheme that finds its basis in both the functional decomposition problem (FDP) and an obfuscated instance of the isomorphism of polynomials problem (Obfuscated-IP) (i.e., polynomial linear equivalence.)

What we call KFHE (Kryptnostic FHE) can be summarized by this snippet from our upcoming paper:

Screen Shot 2015-09-09 at 2.51.20 PM

KFHE is a dynamic, parallel scheme with a search time of \(\mathcal{O}(n)\), and an index size of \(\mathcal{O}(mn)\), where \(n\) is the document collection size and \(m\) is the keyword space. We’ve designed this scheme to be secure in the IND-CKA2 (Indistinguishability under Adaptive Chosen-Keyword Attack) model.

We employ KFHE for encrypting search queries across text and media. In a nutshell, what this means is that when you want to search for conversation text or uploaded media, you send a KFHE-encrypted query to the server, which, in turn, returns an AES-encrypted result. The beauty is that the server never needs to know, or retain, your credentials, but you’re still able to search through your encrypted data without it being decrypted at any point. All the server ever sees is ciphertext.

Data in Use and Safe Functionality

This satisfies the goal of encrypting data in use (data that’s not in transit, or at rest, but being actively worked on and used), which removes the liability of credentials and plaintext being exposed to third-party services. Not only that, but you don’t have to sacrifice the functionality of searchable data in order to get security and privacy. Kodex is about safely preserving what you need in order to be productive.

We’re currently in beta, and invite you to try it out at Note that our search functionality is still in the process of being implemented. For us to improve, we need your feedback, and, as always, we’re fully transparent with what we’re doing and will maintain Kodex’s KFHE core as open-source.

Two Meter Exhaust Vents

For our first post we wanted to share a little bit about what motivates us to do what we do.
We believe that people should be secure and in control of their digital assets. People shouldn’t have to fear that a single compromise of a service or datacenter will result in the exposure of their private data to unauthorized third parties.

In short, we want to end the feudal area of cloud computing and commoditize confidential computation. While encryption at rest protects offline data, it does nothing for data that must be worked with online. Today’s approach to cloud security is focused on constructing fortresses and castles around data in the cloud– and hoping that there aren’t any two meter exhaust vents. Humans are notoriously bad at dealing with the tail risk presented by rare events. We’ve created a world where our data centers are much like the bankers trading the mortgage products that caused the financial crisis– not quite picking up pennies in front a steam roller, but close. At Kryptnostic, we’re developing technologies to disperse the risk and securing the cloud by enabling online processing and querying of the data without it ever having to be decrypted.

With practical fully homomorphic encryption it is possible to build a scalable key-value store for the most sensitive data. By distributing the points of failures to each customer’s key, while maintaining the centralized the computation on commoditized hardware, we hope to create a world where our customers won’t have to worry that a single hack will result in an exposure of their own customer’s confidential information. While an individual user’s computer might get hacked, it is now a compromise of one– not one million.