ComparisonCondensation vs. cloud services

Condensation vs. cloud services

Cloud storage is ubiquitous, and has a lot of practical advantages. Users have access to their data anywhere, at any time, and on all their devices. Condensation offers all these advantages, too, but uses a different model.

Common cloud model

Common cloud storage services encrypt the data for transmission, but decrypt it on the server. Data transformation such as indexing is carried out on the server, and index queries require a connection to the server:

Plaincontent User's device Friend's device Server encryption Plaincontent decryption indexing Plaincontent Plainindex decryption encryption

Data sharing is implemented using access rights management on the server.

Note that some cloud storage services re-encrypt the data on their storage systems. This offers some security benefits to the provider, but does not substantially increase data security for the user.

Condensation model

Condensation relies on end-to-end encryption:

Plaincontent Encryptedcontent User device Friends' device, or trusted service Server encryption Encryptedindex Plainindex Plaincontent Plainindex decryption indexing

The server is used for storage only. It does not possess the encryption keys, and therefore cannot decrypt the data.

Data transformations are carried out on the client, and the result (e.g., the index) is end-to-end encrypted and stored just like any other data. As a side effect, index queries can be performed locally.

Data sharing is implemented through a message passing scheme. The sender thereby encrypts the data using the public key of the receiver rather than his own public key.

Similarly, data can be sent to (trusted) remote services for processing.