Rabbithole
  • English

      • Rabbithole — encrypted storage without trust

      What if your cloud storage couldn't read your files — not because of a policy, but because of mathematics?

      Rabbithole is a decentralized file storage built on the Internet Computer. Unlike traditional encrypted storage services, Rabbithole doesn't ask you to trust a company. It replaces trust with verifiable cryptographic guarantees.

      The core idea

      Every encrypted storage service promises "we can't read your files." But there's a fundamental difference between policy and math:

      Policy-based securityMath-based security (Rabbithole)
      "We don't read your files"PromiseImpossible by design
      Encryption keysStored on company serversNever exist in one place
      Government requestCompany may complyNothing to hand over
      Company shuts downData may be lostData persists on blockchain
      Who owns the infrastructureThe companyYou

      Why vetKeys change everything

      Most encrypted storage services derive your key from a password. That means: if someone gets your password, they get your files. If the company is compelled, they can potentially recover keys.

      Rabbithole uses vetKeys — a threshold cryptography protocol built into the Internet Computer:

      • Your encryption key is computed on-demand by 13-34 independent nodes cooperating
      • No single node ever knows your complete key
      • The key is derived from your identity — no passwords to lose or steal
      • Each file gets a unique derived key — compromising one file doesn't compromise others
      • The math is based on BLS12-381 threshold signatures and Identity-Based Encryption (IBE) — well-studied cryptographic primitives
      In simple terms

      Imagine 13 to 34 guards, each holding a piece of a key. Only when enough of them agree it's you, the pieces combine into a key that exists only in your browser, for a split second, and then vanishes. No guard ever sees the full key.

      How it compares

      ServiceE2E EncryptedZero-KnowledgeOpen SourceDecentralizedYou own infrastructureKey derivation
      Google DriveCompany keys
      DropboxCompany keys
      TresoritYesYesPassword-derived
      ProtonDriveYesYesPartialPassword-derived
      InternxtYesYesYesPassword-derived
      FilenYesYesPartialPassword-derived
      StorjYesYesYesYesClient-side
      RabbitholeYesYesYesYesYesThreshold crypto (vetKeys)

      What sets Rabbithole apart:

      • No passwords for key derivation — your key comes from your Internet Identity, computed by the network itself
      • Per-user canister — you own the smart contract where your data lives. After deployment, Rabbithole removes itself as controller
      • Verifiable — all code is open source, the encryption runs in your browser, and the key derivation is enforced by blockchain consensus

      How it works (in 30 seconds)

      1. You own your canister — a personal smart contract deployed just for you. See Data Sovereignty
      2. You sign in with Internet Identity — passkeys, biometrics, or social login. No passwords
      3. You upload a file — it's encrypted in your browser using keys derived via vetKeys
      4. Encrypted fragments are stored in your personal canister
      5. When you download, fragments are fetched and decrypted locally

      The server never sees your plaintext data. Not because we promise — because it's mathematically impossible.

      Want to go deeper?