Cloudflare's patent 10484176 and Vault's Key Splitting on Seal/Unseal

Vault
1

I was reading through the patents Cloudflare has registered and found Patent 10484176.

The description says:

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Also:

FIG. 1 illustrates an exemplary system for encrypting data in such a way that no single key can decrypt the encrypted data and any K-combination of N unique keys (where N is greater than 1 and K is less than or equal to N) are capable of decrypting the encrypted piece of data according to one embodiment;

That sounds very similar to the Key Splitting technique Vault features by implementing Shamir’s Secret Sharing

Is that something Vault users should be worried about?

2

Hi there,

With appropriate caveats being IANAL and I have not read through the patent, I’ll note that the patent’s earliest provisional form dates to 2014. Shamir’s Secret Sharing was publicly described by Adi Shamir in 1979 (https://dl.acm.org/doi/10.1145/359168.359176). Many further scholarly articles were written about the mechanism and its properties; support for the scheme is a part of the PKCS#11 and KMIP standards, both of which significantly predate 2014; and many actual implementations exist dating to well before 2014.

It is very common for companies to file defensive patents as a strategy to discourage other companies from suing them for patent infringement, in order to increase the cost of and decrease the likelihood of successful litigation. I would guess that’s what’s going on here, and I do not think users of Vault should be concerned. That said, if you are an enterprise Vault customer and your legal team is concerned, reach out through your TAM and your legal team can get engaged with ours to discuss.