Proton AG, a Swiss-based securities services provider best known for its encrypted email product Proton Mail, is planning to roll out a new service that taps into blockchain technology as a way to help verify that users are contacting the people they believe they’re reaching out to.

The new service, called Key Transparency, now in beta test mode, will allow users to verify email addresses and the encryption keys that they use to secure the messages sent to them against attackers. Although end-to-end encryption already protects against snooping, ensuring that the email address and encryption key of the other party are valid could be another matter.

Encryption between parties relies on public key cryptography, which breaks keys into two parts: a private key and a public key. When a user sends a message to another user, it uses the recipient’s public key to encrypt the message, and the receiver uses a private key to decrypt it.

According to Chief Executive and founder of Proton, Andy Yen, a problem can arise when retrieving the public key and identity of the other recipient from public key repositories, he told Fortune in an interview, and that’s what Key Transparency is designed to prevent.

“Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he said. This is a potential situation known as a “man-in-the-middle attack,” where a potential perpetrator sneaks in and pretends to be someone else, reads the message, then encrypts it again and sends it on without the sender or receiver knowing.

Blockchain technology uses multiple cryptographically protected ledgers that mirror one another to make it nearly impossible to tamper with them after an entry has been added. Every transaction submitted to a blockchain is also verified and agreed upon before it’s added to the distributed ledger network and then integrated into a “block,” which is then “chained” on top of previous blocks. The combination of cryptography and exact copies of distributed ledgers gives it enhanced security over basic databases.

At the time of creation, a cryptographic hash of the encryption key will be added to the Proton blockchain along with the email address that will allow the verification of the address and key, matching them together. This will allow the platform to quickly verify that the person who owns the address also created the key linked to that address.

Yen added that although blockchain technology is the core technology behind Key Transparency, there will be no cryptocurrency involved for users to concern themselves with. The technology itself will essentially be invisible to users but will enhance their security experience.

The Key Transparency beta version currently runs on Proton’s own private blockchain with its own set of internal decentralized validators. The technology may eventually move onto a public blockchain such as Ethereum after the current version has been piloted.

Users on Proton Mail can enable Key Transparency now by joining the beta through their “Encryption and keys” settings and switching it on. Proton will periodically audit a user’s contact’s keys and provide messages and warnings. These could include warning about changes that a user made to keys but not properly applied, detecting keys used in the past that might not be authentic, and warning that a key was disabled in the past but re-enabled. An audit doesn’t verify contacts’ keys are safe; instead, it warns when there are potential issues.

Key auditing also exists in the composer, which is where emails are prepared and sent. If the web app successfully verifies a public key, a blue lock icon will be displayed next to the email address meaning that the email sent will be end-to-end encrypted, if there is an issue detected it will display a red icon and the ability to send messages will be disabled to protect security.

Image: geralt/Pixabay