A lot of the software teams we've worked with since launching Antimatter share a concern about the strength of encryption: Is it too strong? Meaning, if the key used to encrypt and decrypt data is lost, what happens? We understand the apprehension. While unlikely, mistakes are possible, especially when the customer may have some control of the key, as is the case with Hold Your Own Key. Without a good data recovery plan, your company could land in sudden, catastrophic trouble.
Simple backups, while valuable for traditional forms of data recovery, don’t help with lost encryption keys. Losing a key is more like forgetting a password—the data is there, but you can’t get to it. There are many ways that companies traditionally solve account/password recovery: you’re no doubt familiar with the most common data recovery practice in which a company allows a user to regain access to an account via an emailed link or texted code. It’s a fast and convenient method for users. Unfortunately, if your encryption were designed such that a similar mechanism were possible, it would also have a convenient backdoor for bad actors attempting to gain access to private data.
Antimatter is built to eliminate backdoors, which means we’ll never send you a link to reset your encryption key, or recover it for you in any way—in fact, we can’t! Our product is designed to eliminate single points of failure, which means we’ll never have access to your encryption key. Even in the unlikely event that our data is breached, your key—along with your data, and your customers’ data—would remain secure.
Instead, we designed a recovery method based on Shamir's secret sharing (SSS), a methodology that breaks a key into key shards that are distributed to a number of stakeholders, requiring group collaboration for the key to be reassembled and used.
Our implementation of SSS, designed by Michael, our CTO, uses a series of physical smart cards (similar to credit cards). Our customers choose how many stakeholders at their company will carry one of these cards (each holding a key shard), and what fraction of these cards need to be physically present in order to enact the data recovery process. It’s important to designate a quorum that leaves room for reality; if one colleague loses their card, or accidentally brings it along on a faraway vacation, the recovery process should still be able to proceed without them. When an adequate number of these cards are tapped to their phones, or plugged into their computer, the customer will then regain access to their encryption key.
The smart card is a powerful piece of this solution. It carries FIPS 140-2 Level 3 and Common Criteria EAL 6 certifications, meaning an attacker cannot tamper with it, even if they are in physical possession of the card. Because of this, we can trust that a card is the only copy of a shard, and if you have the physical card, you know the key inside it is safe—unlike a laptop or cellphone where malware can be put on it without you knowing.
We're proud of the innovative, thoughtful effort Michael put into the design of our data recovery procedure. While most users will never have to use this process, it was important to get it right—and what we’ve built is the ultimate insurance policy. This algorithm gives our customers the best of both worlds: it provides bulletproof encryption with no backdoors or single points of failure, while still offering a simple disaster recovery mechanism.