Addressing the state of end-to-end encrypted cloud storage: Insights from Tresorit’s CEO
A recent study from ETH Zurich entitled "End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem" has sparked significant discussion, claiming that the end-to-end encrypted (E2EE) ecosystem is “largely broken.” The report delves into vulnerabilities within E2EE cloud storage providers, highlighting challenges in the security landscape.
At Tresorit, where security has always been our cornerstone, we see this as an important opportunity to contribute to the ongoing dialogue around secure cloud storage. To unpack the findings and discuss what they mean for the industry and our platform, we sat down with Istvan Hartung, CEO of Tresorit. Below, we share his thoughts on the report, its implications for E2EE solutions, and Tresorit’s approach to maintaining a robust security posture.
Is the ecosystem really “broken”?
The study’s assertion that the E2EE ecosystem is “broken” raised eyebrows across the industry. What was your initial reaction to this?
Istvan Hartung: The claim that the end-to-end-encrypted (E2EE) cloud storage ecosystem is "largely broken" feels like an overstatement. However, the study does highlight a crucial reality: the term "end-to-end encryption" is not uniformly applied across providers. Different companies interpret and implement E2EE in varying ways, which means the level of security can differ significantly depending on the provider.
This variation can sometimes lead to vulnerabilities, not because the concept of E2EE itself is flawed, but due to inconsistent practices, design choices, and trade-offs made by providers. For instance, some might prioritize usability or compatibility over stringent cryptographic principles which can leave gaps in security.
How do you see Tresorit’s role within the E2EE storage landscape, especially given the challenges and vulnerabilities highlighted in the report?
Istvan Hartung: The report’s findings affirm the careful planning and rigorous standards we've maintained since our inception. Tresorit was founded by cryptographers, and our close collaboration with academic partners continues to reflect in our work. Striking the right balance between robust security and usability is always a challenge. Our goal is to deliver solutions that meet strict security requirements while remaining responsive to always evolving customer needs and providing intuitive products that people actually love to use. Above all, we are committed to transparency, ensuring our customers understand the level of security our products and features provide.
Do any of the vulnerabilities identified by the researchers apply to your system and if so, how do you mitigate them?
Istvan Hartung: The research team examined the possibility of ten classes of attacks on end-to-end-encrypted cloud storage systems, including confidentiality breaches and file injection vulnerabilities. The findings confirmed that Tresorit’s thoughtful design and cryptographic choices made our system largely unaffected by these attacks. While we are pleased with these results, we also recognize the untapped potential the research highlighted.
Some of the vulnerabilities have already been partially addressed e.g. presenting public key fingerprints when sharing folders to prevent key replacement attacks by allowing out-of-band verification. We already do this for business invitations so the user can get cryptographic evidence about their future data administrator before joining. Our Common Criteria EAL4 + AVA_VAN.5 evaluated client software — a first among cloud storage services — requires out-of-band key authentication for folder sharing, too. Having it for our base product is on our 2025 roadmap. This will prevent key replacement attacks by allowing out-of-band verification.
Regarding the possibility of tampering with metadata, the risks are valid. For metadata such as original file size and last modification time, we maintain an encrypted and authenticated source, but proper bookkeeping of storage quota is a key requirement both for the customers and for us, the vendor. Tresorit initially did not store the original file sizes as a server-side property; however, we began receiving numerous complaints from customers who noticed discrepancies — specifically, their storage quota was decreasing by an amount that didn’t match the total size of the files they had uploaded.
Striking a balance between stringent security and a user-friendly experience is one of the toughest challenges. But our focus remains clear: deliver solutions that users trust and love to use.
One specific vulnerability discussed in the report relates to public key authentication. While Tresorit uses its own certificate authority (CA) to sign certificates, potential risks from an adversary accessing Tresorit’s servers were noted.
Istvan Hartung: We mitigate risks by implementing features like displaying admin key fingerprints for verification during registration. Specifically, Tresorit deploys certificates to provide authentication of keys. However, since the certificates are signed using Tresorit’s own CA, an adversary with access to Tresorit’s servers could theoretically sign arbitrary certificates. This could allow an attacker to replace public share keys (pksh) or even admin keys (pkA). Replacing pkA during registration, for instance, could grant an attacker complete control over a user account. To counter this, our application displays the admin key’s fingerprint, enabling out-of-band verification and reducing the risk of unauthorized key replacement.
What do you believe makes end-to-end encryption in cloud storage so challenging to secure, even for major providers?
Istvan Hartung: End-to-end encryption (E2EE) in cloud storage is challenging because it requires balancing robust security with usability, scalability, and performance. Ensuring that data is encrypted on the user’s device and remains inaccessible to anyone else, including the provider, demands rigorous cryptographic design and implementation.
For major providers, the challenge often lies in integrating E2EE into complex systems while maintaining seamless user experiences. Features like file sharing, collaboration, and synchronization across devices add layers of complexity, as they must be secured without compromising functionality or speed.
Additionally, metadata management presents a unique hurdle. While encrypting file content is straightforward, ensuring that metadata — such as file names, sizes, and timestamps — remains secure while still enabling efficient service delivery is more complicated.
Does Tresorit work with external auditors or third-party cryptographic experts to identify and mitigate potential vulnerabilities?
Istvan Hartung: Yes, we actively collaborate with external auditors and third-party cryptographic experts to ensure the robustness and reliability of our security measures. Independent assessments are a cornerstone of our approach to maintaining the highest standards of end-to-end encryption. For instance, our software has undergone rigorous evaluation, earning the prestigious Common Criteria EAL4+ certification, a benchmark for trustworthiness and security in IT systems.
How does Tresorit plan to stay ahead in terms of security advancements as the E2EE cloud storage field evolves?
Istvan Hartung: Our goal isn’t simply to claim the title of “most secure” but to consistently deliver on our security promise. Our focus is on providing a reliable platform that empowers departments, teams, and solo entrepreneurs to collaborate effectively and securely with coworkers, customers, and partners.
One last question, how shall the industry respond to the study’s findings?
Istvan Hartung: We all benefit when the industry moves toward better, more transparent security standards. Providers must adopt a proactive approach —continuously auditing and improving their security posture. The ETH Zurich report serves as a wake-up call, reminding us that the journey toward truly secure cloud storage is ongoing. At Tresorit, we remain steadfast in our mission to provide trusted, transparent, and robust solutions for our users.
