Convergent encryption allows cloud storage services to deduplicate data, without the service having access to the encryption keys used to protect customer files. It provides better privacy than traditional cloud storage.
How it Works – Technical Details
Normally, when cloud services encrypt data, they use their own encryption key. With convergent encryption, the encryption key is derived from the file itself. As such, it produces identical ciphertext from identical plaintext files.
List of Services that Use Convergent Encryption
Convergent encryption lets cloud storage providers store large amounts of data at low prices, while offering better privacy than traditional cloud storage.
Privacy concerns have been raised with cloud storage services deduplicating data via convergent encryption. This is because deduplication can be used to “discover” which users are storing a file, if the attacker also has a copy of the file. For instance, an oppressive government could find out which users are storing copies of banned books. Or it could be used to discover which users are storing copyrighted material. This assumes direct access to the servers is given to the outside party. Private key encryption can be used to bypass deduplication, and force the cloud storage service to store a unique copy of the file(s).
You must be extra careful to safeguard your passphrase. There’s usually no “password reset” with convergent encryption, so if you forget it you’ll lose access to all your cloud data.