BoxTomorrow science

Confidentiality and Security Information: how does it work and how can BoxTomorrow protect your data.

Claude Shannon

Claude Shannon and the Communication Theory of Secrecy Systems

Before passwords, before the conflicts between Alice and Bob, before RSA keys, before Edward Snowden, and before the Perfect Forward Secrecy, at the dawn of computing - that more or less everyone knows was born in this era thanks to cryptography - the Communication Theory of Secrecy Systems was born.

Communication Theory of Secrecy Systems was published by Claude E. Shannon - a great American mathematician - in 1949.

Encryption, Enigma Machine, Codes and Mathematical Properties

To make a very long story short, it was the dawn of cryptography and computer science when we immediately understood a concept as extraordinary as simple. The concept is that the security of a communication does not rely so much on the algorithm with which it is hidden (as the failure of the Enigma Machine developed by the Axis in World War II shows), it actually relies on the mathematical properties related to the secrecy of the code that preserves the communication itself.

In other words, a piece of information can not be said secure only because encrypted by a very long and complex algorithm. To be secure it has to be obscured by mathematical properties related to a code (KEY, KEY MATERIAL, MASTER KEY) that others do not know and may not derive from additional knowledge or information they may have known in any way.


Shamir Secret Sharing

It was 1979 when in a memorable presentation, the cryptographer Adi Shamir proposed a very elegant algorithm that exploited the principles of the Information Theory for sharing secrets. Today that algorithm is known as "Shamir Secret Sharing" and protects some of the most secret information in the world, as well as the launch codes for nuclear warheads that all of us inherited at the end of the Cold War.


master key

Master Key: what is it?

Shamir's algorithm selects a secret key (a master key in the language of BoxTomorrow) and fragments it in several subkeys (beneficiary's keys). Each subkey is assigned to someone (beneficiary). The creator of the Master Key (the creator of a BoxTomorrow box) can establish a Quorum - a minimum number of people. All the beneficiaries must enter their subkey to let the Master Key of the creator be known.

That's it! The secrets in the boxes, guarded by BoxTomorrow, are protected by this algorithm. The creator of each box can decide how many beneficiaries will receive a portion of the MasterKey and how many of them will be needed to be able to reconstruct the MasterKey after his death.

Can BoxTomorrow open one of my boxes?

Most of you will wonder: " Can Box Tomorrow access my box? ". No, it can not do it, and to achieve this result it has used various tricks. First, the encryption code of BoxTomorrow is written in simple javascript, this means that it is open and inspectable. The encryption code is executed in the browser of who accesses BoxTomorrow, so the information will leave the browser only after being fully encrypted by AES. In order to verify the correctness of the information, BoxTomorrow does not store the Master Key, neither the Keys of the beneficiaries, but only a 512bit SHA3 HASH of the keys.

These measures ensure that all the people who rely on BoxTomorrow to leave information to their beneficiaries can enjoy the results obtained by the fathers of encryption (v.Shannon) and by others among the brightest cryptographers still alive (v.Shamir).

sicurezza della scatola

For a more formal and comprehensive analysis we suggest to directly inspect the javascript code in the pages of BoxTomorrow. Any other word would be superfluous and would compromise the elegance and magic in the solution.

Enjoy the rest. BoxTomorrow Team

Create your box