diff --git a/_config.yml b/_config.yml index 048bf69..de78316 100644 --- a/_config.yml +++ b/_config.yml @@ -29,6 +29,9 @@ header_pages: - index.md - about.md - pricing.md +- recovery_policy.md +- data_storage.md +- q&a.md - contact.md style: dark # dark (default), light or hacker diff --git a/_layouts/landing.html b/_layouts/landing.html index e59eced..2a0f983 100644 --- a/_layouts/landing.html +++ b/_layouts/landing.html @@ -3,106 +3,165 @@ {%- include head.html -%} -
+
- {%- include header.html -%} + {%- include header.html -%} -
-
-
-

Distrust Key Escrow

-

The only fully open source, technology agnostic key escrow service.

- Documentation - Join Waitlist -
-
-
+
+
+
+

Distrust Disaster Recovery

+

+ The only fully open source, technology agnostic disaster + recovery and key escrow service. +

+ Documentation + Join Waitlist +
+
+
-
-
-
- -
- -

Quick Start

-

If you are ready to protect your data, you can use the wizard which will walk you through the process.

-
-
-
+
-
+
+
+

Quick Start

+
+

+ If you are ready to protect your data, you can use + the Wizard which will walk you through the process. +

+ Quick Start +
+
+
-
-
-

How it Works

+
-

Backup

-

1. Generate a recovery key

-

Any kind of key may be used, but recommendations for the type of key to use and how to manage its lifecycle can be found here

+
+
+

How it Works

+

+ Distrust used the + Quorum Key Management specification to generate + entropy offline and used it to derive a + PGP key which anyone can + encrypt to. +

-

2. Define recovery rules.

-

The standardized Distrust Key Escrow policy can be used to set rules for conditions under which the key can reclaimed.

+

+ The only way to reconstruct the private key which is + used to decrypt is by bringing together multiple shard + holders who are in separate geographical locations. +

-

3. Encrypt data and back it up.

-

The client is responsible for redundantly backing up data. This is to ensure that Distrust Key Escrow has no way to access the data.

-
-
+

+ Distrust Disaster Recovery will always verify the + recovery rules before + decrypting any client data. +

-
-
-

Recovery

+

+ Clients may choose to generate their own encryption key, + encrypt data, then encrypt that key to the + Distrust Disaster Recovery Public + Key. In this way the data is never exposed to + anyone, but can be protected using a form of + "crypto-shredding". +

+
+
-

1. Lose access to your data (oops...)

-

Data loss, even with great controls sometimes isn't fully prevented.

+
+
+

Security

+

+ Distrust Disaster recovery focuses on removing single points + of failure on all levels. +

-

2. Submit verifiable recovery request.

-

Submit a request to recover the data, which will be checked against the recovery rules.

- -

3. Your recovery key is returned.

-

The key which is held in escrow by Distrust Key Escrow is re-encrypted to a key provided by the client and released from escrow. This is to ensure that we never have access to your data in plaintext, only the key that you used to encrypt it.

-
-
+

Reproducible Builds

+

+ Being able to ensure that all of the software that's + used is deterministic is essential. Learn more about + why here + +

-
-
-

Security

-

Reproducible Builds

-

Being able to ensure that all of the software that's used for the QKM system is essential. Learn more about why here

+

Full Source Bootstrapped

+

+ Being able to verify the compiler by + + bootstrapping it in order to ensure it is not + capable of injection malicious code at runtime is an + essential part of supply chain security - and often + ignored. + +

-

Full Source Bootstrapped

-

Being able to verify the compiler by bootstrapping it in order to ensure it is not capable of injection malicious code at runtime is an essential part of supply chain security.

+

Side Channel Attack Resistance

+

+ Attacks that are able to exfiltrate data via + non-standard channels is an important consideration + when handling sensitive cryptographic material. + Because of this, HSMs are leveraged. +

-

Side Channel Attack Resistance

-

Attacks that are able to exfiltrate data via non standard channels is an important consideration when handling sensitive cryptographic material.

+

Cold Key Management

+

+ Ensuring that the lifecycle of cryptographic material is + handled in a fully air-gapped environment helps + drastically reduce surface area for attacks. +

-

Cold Key Management

-

Ensuring that the lifecycle of cryptographic material is handled in a fully air-gapped environment helps drastically reduce surface area for attacks.

+

Multi Party Access Control

+

+ Because eliminating single points of failure is an + effective way to reduce the likelihood of compromise + use of quorums where multiple individuals are required + to carry out actions is a core control mechanism for + Distrust Disaster Recovery. +

+
+
-

Multi Party Access Control

-

Because eliminating single points of failure is an effective way to reduce the likelihood of compromise is a core control mechanism for DKM.

-
-
+
+
+

The Approach

+

+ Distrust Key Escrow has been designed with the utmost + care to eliminate single points of failure to ensure + that your backups are inaccessible by any single + individual, under any circumstances. +

+

+ This may seem like a big claim, but all our processes + and software are fully open source - so yo can verify + for yourself. If you still don't trust us, that's okay, + you can use our blueprint to set up the system yourself + - and we invite you to do so. You can find the + documentation on how QKM works + here

-
-
-

The Approach

-

Distrust Key Escrow has been designed with the utmost care to eliminate single points of failure to ensure that your backups are inaccessible by any single individual, under any circumstances.

-

This may seem like a big claim, but all our processes and software are fully open source - so you can verify for yourself. If you still don't trust us, that's okay, you can use our blueprint to set up the QKM system youself - and we invite you to do so. You can find the documentation on how QKM works here

- -

Most, if not all current commercial backup/disaster recovery systems have many single points of failure and sell a service which is simply not suited for many contexts - especially for backing up digital asset wallets. The lack of transparency on how their systems work means that you as the end user can't verify whether their approach to security matches your desired threat model, and you are left with blind trust, rather with transparency.

-
-
-
- {%- include footer.html -%} -
+

+ Most, if not all current commercial backup/disaster + recovery systems have many single points of failure and + sell a service which is simply not suited for many + contexts - especially for backing up digital asset + wallets. The lack of transparency on how their systems + work means that the end user can't verify whether their + approach to security matches your desired threat model, + and security properties, and what remains is blind trust, + rather with transparency. +

+

+ We invite you to question any part of our system. +

+
+ + + {%- include footer.html -%} + - + \ No newline at end of file diff --git a/_layouts/pricing.html b/_layouts/pricing.html index 4a9c994..80a16cc 100644 --- a/_layouts/pricing.html +++ b/_layouts/pricing.html @@ -13,14 +13,17 @@

Pricing

-

USD $10,000/yr base subscription

-

USD $25,000 for a recovery ceremony within 72h

-

USD $50,000 for a recovery ceremony within 48h

-

USD $100,000 for a recovery ceremony within 24h

- -

Ceremony recoveries are only performed in person, in a secure location, with the client present.

-

Storage of the encrypted data is always the responsibility of the client. Refer to this document to learn more.

-

The encrypted data is not available to Distrust except for during the ceremony.

+

+ We use simple pricing. There is no setup fee. Our flat + fee is USD $10,000/yr which includes up to 10mb of + storage. All paying customers additionally get + discounted expedited recoveries. +

+

+ Expedited recoveries start at $30,000, and depend on the + complexity of the Recovery Rules the client uses. You + may contact `sales at distrust.co` for more details. +

diff --git a/data_storage.md b/data_storage.md new file mode 100644 index 0000000..667583b --- /dev/null +++ b/data_storage.md @@ -0,0 +1,44 @@ +--- +title: Data Storage +layout: default +permalink: /data-storage.html +--- +# Data Storage + +As a disaster recovery service, Distrust offers several different options for +different threat models. An inconvenient truth that the current solutions in the +market don't share with you is that they have the ability to access your data in +plaintext. Additionally, they do not use geographical separation for their +decryption key, exposing your data to single points of failure. Our system is +fully transparent and we have nothing to hide about any aspect of how it works +as it's cryptographically sound. + +## Trust Based + +In this setup, Distrust is responsible for backing up your encrypted data, and +being able to recover it on your behalf upon request. This does mean that +Distrust has the ability to access your data without your approval. In order to +do this, Distrust would have to gather key material from several different +geographical locations and re-assemble it before being able to decrypt your +data, adding a highly resilient protection mechanism. Additionally, Distrust is +not motivated to break client trust as our entire careers are built on +protecting people's freedom, security and privacy. + +## Distrust Based + +In this setup, the encrypted data is never shared with Distrust, and it remains +redundantly backed up to several online data storage services as well as offline +storage. Because Distrust does not hold your encrypted data, there is no way for +the data to be decrypted without your interaction. This offers a more risk +averse approach. + +## Custom + +If you would like, you can work with a third party of your choosing or one of +our partners, to have your encrypted data backed up with them, while we protect +the encryption key for it. This way you achieve a threat model where instead of +trusting Distrust only, you select a third party which removes single points of +failure. + +If there is a different threat model you are interested in, feel free to reach +out at sales@distrust.co \ No newline at end of file diff --git a/q&a.md b/q&a.md new file mode 100644 index 0000000..a32f0b3 --- /dev/null +++ b/q&a.md @@ -0,0 +1,60 @@ +--- +title: Q&A +layout: default +permalink: /q&a.html +--- + +# Q&A + +#### How does the Distrust Disaster Recovery system work? + +The Distrust Disaster Recovery system is based on +[Quorum Key Management (QKM)](https://docs.distrust.co/qkm), a highly +opinionated framework for managing cryptographic material securely in offline, +hardened environments. One of the core tenants of QKM is that the cryptographic +material is sharded (split up), and distributed in different geographical +locations, so that it takes the cooperation of multiple individuals from +different regions in order to reconstruct the key which allows for decryption. + +#### Where is the data stored? + +You may choose to have Distrust Disaster Recovery redundantly store your +encrypted data, but this means that Distrust Disaster Recovery staff would be +able to decrypt your data, although it would require a quorum of +[Shard Bearers](#what-are-shard-bearers) to assemble physically as all +cryptographic material is stored fully offline. This is very much unlike the +current market offerings which store both your encrypted data, and the keys used +to decrypt it in online environments, with questionable security, and certainly +no transparency into how they actually manage your data. With Distrust, the key +for decryption and any decryption is always performed in fully air-gapped +environments, and is the reason that recovery is slower - but far more secure. + +Alternatively, you may opt to generate an encryption key, encrypt your data +using this key, then encrypt that key using the Distrust Disaster Recovery +public key. You could then destroy the key you used for encrypting your data, +effectively creating a setup where the only way to decrypt the data is to +recover the encryption key via DDR. In this setup DDR has no way to decrypt your +data in plaintext, but you are responsible for encrypted data backups. + +You can learn more about data storage [here](/data-storage.html) + +#### What are "Shard Bearers"? + +Shard Bearers are Distrust Disaster Recovery employees who are responsible for +managing a shard which is used to reconstruct the private key which can +decrypt client data. At least 2 shard bearers are required in order to perform +this task, and the shards are stored offline, and never exposed to any +environments other than specifically tailored air-gapped environments according +to [Quroum Key Management](https://docs.distrust.co/qkm) specification. + +#### What quorum threshold does DDR use? + +2 of 3 threshold is used, with [Shard Bearers](#what-are-shard-bearers) located +in 2 states in the USA, and in Canada. + +#### Can Distrust Disaster Recovery be used instead of Coincover or Keyternal? + +Yes, it can, although the speed of recovery is slower, the security guarantees +far surpass those currently available in the market. Additionally, Distrust +Disaster Recovery is the first offering of its kind that allows encryption of +*any* data as opposed to only blockchain wallet data. \ No newline at end of file diff --git a/recovery_policy.md b/recovery_policy.md new file mode 100644 index 0000000..d746054 --- /dev/null +++ b/recovery_policy.md @@ -0,0 +1,62 @@ +--- +title: Recovery +layout: default +permalink: /recovery.html +--- + +# Recovery + +Distrust performs recovery ceremonies 4 times a year, and paying customers can +be part of these recovery ceremonies for free. + +During the quarterly ceremony, Distrust will publish a signature of the latest +bitcoin block to prove control of the decryption keys. + +If a client requires an expedited recovery, additional fees apply (available +on the pricing page (TODO)). + +## Recovery Policy + +The recovery policy is a document which is a set of rules or conditions under +which the recovery may be made. The different conditions can be sufficient on +their own, or a multitude of them has to be satisfied in order to constitute a +valid recovery request. + +The main conditions of a Recovery Policy are: +* Time lock until year/month/day +* n of m cryptographic signatures (PGP) +* n of m KYC verifications + +At least one of cryptographic signature or kyc verification is always required. +One may choose to require both. + +If you are interested in different or custom rules, please reach out to use at +sales@distrust.co (TODO make sure we have this email set up / catchall). + +## Time Lock + +Time locks allow the user to set a date after which the recovery will be +possible. The data will not be recoverable until the day after the lock date. + +## Cryptographic Signature Verification + +This method supports PGP, BTC, and ETH cryptographic signatures. One may +register as many as 32 public keys, and set how many of those keys are required +for a valid recovery request, for example, 3 of 7. + +## KYC Verification + +KYC Verification is based on verifying both the individuals identity and their +intent to recover data. + +- The data is gathered at the beginning of the relationship. The [Distrust Disaster Recovery Wizard](todo) can be used. Distrust will verify your data once it's submitted. + +- The identity of authorized individuals is verified in person by Distrust staff +or legal council representatives. They will verify the individual in person +using visual verification, ID documentation, and record a video of the +individual's intent to recover. + +- The KYC verification is threshold based, so one may list any number of +individuals, and require any number of individuals to express intent to recover. +For example, the total number of individuals may be 7, and 3 of them are +required to initialize the recovery process.