How Does SecureDolphin Work?

Overview

SecureDolphin combines symmetric-key encryption and public-key encryption. E-mail messages are encrypted using a symmetric key. Each symmetric key is used only once. The encrypted message is sent to the receiver along with the one-time symmetric key.

In order to protect the symmetric key during transmission, it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the symmetric key. Given that the message is encrypted with the symmetric key, only the intended recipient of the message, who has the private key, can decrypt and read the E-mail.

How is it different?

So far the description of how SecureDolphin works may appear to be no different than any other E-mail system. It is largely true as it pertains to the actual encryption/decryption part. The biggest and most important difference is in the way SecureDolphin manages encryption keys.

Most often the key management in E-mail encryption world is done in one of two ways:

  • Centralized key management servers, often referred to as Public Key Infrastructure (PKI). Users pick a vendor, they trust. When need to encrypt an E-mail, users communicate with the centralized server, hosted by the vendor to lookup the public key of the E-mail recipient. The problem with this approach is that the vendor may cheat and send the user the wrong key, the one that vendor has. Messages encrypted with the fake key will be easily opened by the vendor or adversary that persuaded the vendor to cheat. Vendors can also fall victims of hacker attacks with similar results.
  • Web of Trust. The most prolific and well known example is Pretty Good Privacy (PGP). Web of trust, as the name implies, establishes a web of peer-to-peer trust relationships. For example, if Alice knows Bob and trusts Bob, she can ask him to vouch for Carl, who Alice does not know, but Bob does. In terms of keys that translates to requests to Bob to share the public key for Carl. It works great for a relatively small and dense network of participants who know each other well and have a means to establish direct relationships through each other. However, it does not work in cases when Alice needs to send an E-mail to someone not from her immediate network - it is challenging to find one or more trusted intermediaries that would lead from Alice to the recipient.

In a nutshell, secure E-mail systems have to choose the convenience of centralized server model at a cost of reduced security or trade it for greater security. SecureDolphin utilizes the NameCoin technology to resolve the contention.

The Secret Sauce

During user registration, SecureDolphin creates a record for the user and distributes it in the NameCoin network. The record contains user’s public key that can be looked up by correspondents, who would like to send an encrypted E-mail to user.

NameCoin provides several important assurances:

  • Uniqueness of records - given E-mail address can appear in the network only once, i.e. there can’t be two records for the same E-mail address
  • Tamper proof storage of records. No one other than the owner can modify the public key or any other part of the record once it is published in NameCoin.
  • In order to modify a NameCoin record one needs to have a private key that only the original record creator has. In case of SecureDolphin that is the user, who has the key on their laptop, desktop or device.
  • Redundant and reliable storage – NameCoin records are duplicated across hundreds of thousands of desktops, servers and laptops. As long as, at least, one of them is operational, the NameCoin network works. The number of NameCoin record copies grows every day as more users join the network.

Putting the pieces together

Potential correspondents perform public key lookup in the NameCoin network, using recipient’s E-mail address and use the public key to encrypt the message. NameCoin provides tamper-proof storage for public keys. Once public key is published and connected to user’s E-mail address the relationship between the two can’t be broken or altered, unless one has the secret key that only the E-mail owner has.