Whitepaper: Viral Encrypted Security (VES)
Current encryption technology is impractical for mainstream use on any stored content because of the tradeoff between full privacy and the safety of not losing information due to key loss. Viral Encrypted Security (VES) is a solution to this problem, offering the full privacy of end-to-end (e2e) encryption while also providing an easy, reliable and efficient means to recover encrypted content in the event the owner loses all copies of his/her keys.
VES uses industry standard AES and RSA encryption in conjunction with a scrambling process based on linear algebra, similar to Shamir’s Secret Sharing.
Each user has a Shadow Vault that is encrypted by a distinct asymmetric key pair, different from the user’s primary vault asymmetric key pair. The User pre-selects a number of friends, N, who can assist the User in Recovery of his/her encrypted content should the User lose all copies of his/her main passphrase, the VESkey. The User also selects the number of friends, X, needed to achieve Recovery. Using the scrambling process, the Recovery Key is translated into N Tokens, each representing a linear equation with X variables, whereby any X of the N Tokens are needed to solve the linear equations and reconstruct the Recovery Key. Any number of Tokens less than X is useless in reconstructing the Recovery Key – Tokens are essentially as difficult to unscramble as is 256-bit AES encryption.
Each Token is allocated to the vault of a friend, and is hence encrypted with each friend’s public asymmetric key. Only that particular friend can unlock the Token. When the User loses his/her primary key, he/she creates a new key and all friends are notified. Each friend must enter his/her VESkey to unlock the Token, encrypt it with the User’s new public key and send it to the User. When the User has received X Tokens, he/she can descramble the Recovery Key and use it to unlock the Shadow Vault to retrieve the lost contents, which are promptly re-encrypted with the new primary vault key and deposited in the new primary vault. All old shadow vault items, keys and Tokens are then deleted.
The VES viral network is structured to enable an interactive chain reaction Recovery process. Once any user has Recovered their Shadow Vault, they have also Recovered any Tokens that were stored in it, and can then assist anyone who needs Recovery assistance, and so on. Every link in this chain reaction requires a user supplied, generally manually entered, VESkey to continue the chain reaction, making it essentially impossible for the chain reaction to continue from one person’s vault to the next without the manual involvement of each person at each link in the chain. One user can simultaneously launch multiple chain reactions.
Using the below recurrent formula, it can be shown that even a small VES viral network of friends will realistically provide a very high probability of Recovery.
Variable X and N have already been identified. p0 is the probability that any single user will lose his/her keys and L is the total Level of friends in the network (e.g., L = 0 is just the user, L = 1 adds the User’s friends, L = 2 adds the friends’ friends, etc.). For the situation of p0 = 30%, the User has 5 friends who each have five friends so that N = 5, X = 2, and L = 2 for a total of 31 people in the network, the odds that the User will not Recover the lost content are approximately 1 in 92 million. When the network extends to L = 3 the odds go to 1 in 4.8*1031. A properly setup VES viral network is a very effective and dependable backup for key loss.
The VES viral network also creates a unique 3rd factor authentication, independent from the traditional factors: something I know and something I have. Each friend can be required to voice or video verify the person seeking Recovery is actually the User they know before assisting in the Recovery process. Unlike information that can be stolen and stored for later use, such as a password or fingerprint, VES 3rd factor authentication cannot be conceptually stolen or stored. The VES 3rd factor also addresses the account theft vulnerability by blocking the thief from executing a Recovery as a means to bypass the existing VESkey. Generally, VES is as secure as non-VES e2e encryption for stored data.