Data privacy and security are very important components of the Storj network and are primarily maintained through client-side encryption of file paths, content, and metadata. By encrypting client-side, we avoid the danger of making this data available to attackers, and anyone else who is unable to derive the necessary encryption keys.
When designing our method for encryption, we had to consider future features and how our encryption method might impact them. For example, we plan to implement bucket, file, and directory sharing, which places constraints on how files and file paths are encrypted. We need to maintain the security of encrypted components while still allowing for the possibility of decryption without direct control of the root secret used to upload files. In the new V3 network, we make this possible by hierarchically deriving keys based on the root secret and file path. This method is detailed more below.Read More →