Autonomi uses several layers of encryption to protect a user's anonymity and privacy. The Network is designed to be as 'zero-knowledge' as possible, to the extent that node operators cannot possibly figure out what chunks from which private file they are storing — even if it's their own.
By utilizing multiple levels of encryption, Autonomi provides a platform for applications that is both highly secure and anonymized by design.
All content (documents, images, videos, etc.) on Autonomi are encrypted.
When a client uploads a piece of content to the Network (for example a video) it is first broken into chunks. Those chunks are then ‘self-encrypted’, a process patented by MaidSafe by which each chunk is encrypted using its own hash and the hashes of the two previous chunks in the same file. These encrypted chunks are then hashed again to arrive at the XOR Network address where the chunk will be stored.
At the same time, a ‘data map’ is created on the client device, which maps the chunk number to the XOR network address of the chunk and the hash to decrypt it and its two successors, allowing the content to be recreated. A number of copies of each chunk are stored by nodes in the Section to ensure redundancy.
Data maps and other metadata are not encrypted, but on the network they are kept inside encrypted folders if the data is private.
The client retains the data map for the content it has uploaded and keys to decrypt it locally. That way no keys or passwords need ever leave a person's device. Users can choose to share content with others by sharing their keys / data map with them. They can also choose to make the content fully public, in which case the folders containing the relevant files are unencrypted.
Content on Autonomi is stored as encrypted chunks. The original content can be recreated from these chunks, provided we have a map of where the chunks are plus the keys to decrypt them. A 'file' on the Network is really a collection of chunks, with a datamap that allows us to discover all the chunks and decrypt the file.
The API for upload by default self-encrypts all files.
All content on Autonomi is encrypted by default. When content is stored on the Network it is first broken into chunks, hashed and then encrypted and these chunks are themselves encrypted using the hash of another chunk from the same file. This is ‘self-encryption’—a method patented by MaidSafe but now open-sourced. When content is made public, its containing folder is decrypted, meaning anyone can reassemble the chunks.
At the network level, the Autonomi uses the TCP, UTP and µTP protocols and all the data moved by these protocols is encrypted from 'bit 1'.
So communications between the Network and the user are always encrypted, never in plain text. Note that any node on the Network can be used as a bootstrap server so long as its IP address is added to the configuration file of the joining node. It does not have to be one provided by MaidSafe.
Files are kept in folders which are created as part of the process and are encrypted, meaning their contents are only accessible to their owner by default.
With data self-encrypted, and its many parts stored by their content address throughout the Network, any one single point of file access is removed, as by default the map to this data is not publicly accessible on the Network. Self-Authentication means access to this data, and the means to reassemble it into information, always resides with the user, never leaving their device (i.e. not accessible to a ‘cloud’).
Another key innovation of the Network—at no point does the Network ever store a user’s credentials, there is no chance of passwords being attacked, nor can any user’s data (individual, collective or organisation) be targeted on or via the Network.
The authentication system utilises Boneh-Lynn-Shacham Distributed Key Generation (BLS), so that users can securely and anonymously access data, with no central server required to mediate the login process, nor are trusted third parties to store and manage the users’ credentials. It means users can reliably and securely access data from any machine, without ever sending or sharing their details.
Furthermore, it also allows for multi-signature credentials for permission-less recovery, without a single point of failure.
Boneh-Lynn-Shacham Distributed Key Generation (BLS-DKG) is used to help users handle their authentication credentials so they don't automatically lose their data if they lose their key.
Credentials are thus extremely important, but credential loss can be a serious problem on decentralized networks where there is no central authority to help recover or reset forgotten passwords. The temptation may be to choose simple credentials that are easy to remember, but these will likely be insecure (easily guessed or cracked) and prone to collisions—other people may choose the same ones and inadvertently stumble upon the user's private information.
Autonomi requires at least two separate credentials, generally referred to as 'access keys', with the option to add more. In combination, these access keys have sufficient entropy (randomness) to make collisions vanishingly unlikely.
Onboarding for the first time requires the user to choose a password (the first access key) from which a second access key is generated in the form of a passphrase (12 random words with a checksum), which the user writes down, perhaps keeping copies in a few safe places. With these two access keys, we have something you know (the password), and something you have (the passphrase), and in combination, we can generate a suitable amount of entropy to avoid collisions. This is the minimum requirement for creating your data store on the Network.
The user may also choose to create a third access key, a device key, on a trusted smartphone or computer, which is where BLS-DKG comes in, enabling a 2-of-3 key scheme, or even further to any k-of-n!
Now instead of requiring the passphrase, on this trusted device the user can just use the password and the device key—something you have—maybe utilising some inbuilt biometrics too, for an element of something you are.
Additional access keys can be created to provide more flexibility and resilience. A backup passphrase is one example, and additional devices can be set up too. Then if the user forgets the password or loses a device, a combination of another device and or passphrase will allow the password to be reset.
In this way, Autonomi caters for people with security needs ranging from the everyday to the extreme.