What does encryption guarantee?

31 de outubro de 2023

Or better said: what can ensure that companies don't have access to my data?

Short answer? Nothing.

Long answer? Nothing. But we can assume one or two things regarding the math behind this subject.

First of all, encryption is typically based on a pair of keys (one private and one public) used for data encryption/decryption. Your public key is stored on the server and is used to encrypt data on it. Your private key resides on your device and is used to decrypt content from the server. In theory, only someone with both keys can read your messages. The concern with companies is whether they can access your device to capture your private key. Ideally, this access shouldn't exist (it would be a backdoor). However, closed-source code may have mechanisms to decrypt messages with an intermediary key if necessary, but this is unlikely due to computational cost. A simple cryptographic key (RSA) uses prime numbers, and predicting/generating them is challenging (solving the Riemann Hypothesis would be worth $1 million) [1].

This is a very simplified explanation.

Regarding Apple, they have a well-documented approach to encrypting volumes on macOS. Their strong encryption is bolstered by the Secure Enclave, used in SoC chips (T1, T2, and M series). Trust in these companies not accessing your data relies on faith and their reputation in the privacy field. Currently, Apple has one of the best reputations in this regard.

***

[1]: In 2018, Michael Atiyah claimed to have a proof of the Riemann Hypothesis. While he was well-known in mathematics (a Fields Medal winner), the topic has since received less attention.