Cloud Hosting

Proton AG, a Swiss-based securities services provider best known for its encrypted email product Proton Mail, is planning to roll out a new service that taps into blockchain technology as a way to help verify that users are contacting the people they believe theyre reaching out to.

The new service, calledKey Transparency, now in beta test mode, will allow users to verify email addresses and the encryption keys that they use to secure the messages sent to them against attackers. Although end-to-end encryption already protects against snooping, ensuring that the email address and encryption key of the other party are valid could be another matter.

Encryption between parties relies on public key cryptography, which breaks keys into two parts: a private key and a public key. When a user sends a message to another user, it uses the recipients public key to encrypt the message, and the receiver uses a private key to decrypt it.

According to Chief Executive and founder of Proton, Andy Yen, a problem can arise when retrieving the public key and identity of the other recipient from public key repositories, he toldFortunein an interview, and thats what Key Transparency is designed to prevent.

Maybe its the NSA that has created a fake public key linked to you, and Im somehow tricked into encrypting data with that public key, he said. This is a potential situation known as a man-in-the-middle attack, where a potential perpetrator sneaks in and pretends to be someone else, reads the message, then encrypts it again and sends it on without the sender or receiver knowing.

Blockchain technology uses multiple cryptographically protected ledgers that mirror one another to make it nearly impossible to tamper with them after an entry has been added. Every transaction submitted to a blockchain is also verified and agreed upon before its added to the distributed ledger network and then integrated into a block, which is then chained on top of previous blocks. The combination of cryptography and exact copies of distributed ledgers gives it enhanced security over basic databases.

At the time of creation, a cryptographic hash of the encryption key will be added to the Proton blockchain along with the email address that will allow the verification of the address and key, matching them together. This will allow the platform to quickly verify that the person who owns the address also created the key linked to that address.

Yen added that although blockchain technology is the core technology behind Key Transparency, there will be no cryptocurrency involved for users to concern themselves with. The technology itself will essentially be invisible to users but will enhance their security experience.

The Key Transparency beta version currently runs on Protons own private blockchain with its own set of internal decentralized validators. The technology may eventually move onto a public blockchain such as Ethereum after the current version has been piloted.

Users on Proton Mail canenable Key Transparencynow by joining the beta through their Encryption and keys settings and switching it on. Proton will periodically audit a users contacts keys and provide messages and warnings. These could include warning about changes that a user made to keys but not properly applied, detecting keys used in the past that might not be authentic, and warning that a key was disabled in the past but re-enabled. An audit doesnt verify contacts keys are safe; instead, it warns when there are potential issues.

Key auditing also exists in the composer, which is where emails are prepared and sent. If the web app successfully verifies a public key, a blue lock icon will be displayed next to the email address meaning that the email sent will be end-to-end encrypted, if there is an issue detected it will display a red icon and the ability to send messages will be disabled to protect security.

TheCUBEis an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate thecontent you create as well Andy Jassy

THANK YOU

Here is the original post:
Proton Mail plans to tap blockchain tech for email encryption key ... - SiliconANGLE News