Encryption

Read first about our Data Security Framework here!

Overview

Akave uses robust encryption mechanisms to secure data during storage and transmission. Encryption ensures that data is accessible only to authorized users, preventing unauthorized access and tampering.

Key Components

1. Master Encryption Key

   • A user-provided 32-byte AES-256 key serving as the foundation for generating file-specific encryption keys.

2. Derived Encryption Keys

   • Unique keys created from the Master Encryption Key, combined with identifiers such as bucket and file names.

   • Ensures that each file has a distinct encryption key.

3. File Chunk Encryption

   • Files are encrypted in chunks to optimize processing and ensure secure storage.

4. Wallet Key

   • A separate key used for blockchain transactions, ensuring secure access and operations within the Akave ecosystem.

Process Flow

1. Key Generation

   • A secure random number generator creates the Master Encryption Key.

   • Derived Encryption Keys are generated using cryptographic functions, combining the Master Key with file identifiers.

2. File Upload Encryption

   • Files are divided into chunks, and each chunk is encrypted with a Derived Encryption Key.

   • Encrypted chunks are structured into a Directed Acyclic Graph (DAG) using IPFS/UnixFS like protocols.

3. File Download Decryption

   • Encrypted chunks are retrieved and decrypted using the corresponding Derived Encryption Key.

   • Decrypted chunks are reassembled to reconstruct the original file.

Security Contributions

• Confidentiality: Ensures data is encrypted before leaving the client’s environment.

• Integrity: Protects data from unauthorized modifications.

• Granularity: Encrypts data at the chunk level, enhancing security and reducing processing overhead.