Security - Self encryption
Security of a User's data is critical in the SAFE Network and this is, in part, provided by the self-encryption process. The SAFE Network requires that data be unrecognisable as data and resistant to decryption, even in the event of an encryption algorithm being compromised.
Self-encryption is used to mix up and encrypt data before it is sent out to the SAFE Network. This process is automatic and happens instantaneously.
As data is saved to a User's virtual hard drive, it is broken up into a minimum of three chunks, hashed and then encrypted. To further obfuscate the data, every chunk is then passed through another mathematical function using the hashes of other chunks. The key values from this final process are added to a table, called a data map, which is retained as part of the User's account information. The data map contains the network address locations of each chunk that makes up the file. The data map, with hashes before and after encryption, is used when retrieving and decoding the User's data, as the encryption process is otherwise nonreversible.
This entire process takes place in the Client so that data is always encrypted on the network and only Users with the correct credentials can decrypt the file. This also means that passwords can never be stolen from the network as they never pass beyond the User's computer. For additional security the data map is also run through the self-encryption process.
The SAFE Network incorporates data deduplication as a natural consequence of its design, ensuring that space is used efficiently when storing multiple copies of data which have been uniquely encrypted. The network is able to distinguish identical pieces of data by comparing the hashes of each chunk. As is described here, Vaults also use hashes to identify themselves.
Here is an overview of the self encryption process.