What makes Ellipticc Drive different from other cloud storage services?

Ellipticc Drive is the first cloud storage platform with post-quantum encryption using NIST-approved Kyber and Dilithium algorithms, true end-to-end encryption where keys never leave your device, and it's completely open-source.

Is Ellipticc Drive really free?

Yes, Ellipticc Drive offers 10 GB of free storage forever with no ads, no tracking, and no data selling. This is dedicated private storage, not shared limits.

How secure is Ellipticc Drive?

Ellipticc Drive uses post-quantum cryptography (Kyber + Dilithium), true end-to-end encryption, zero-knowledge file previews, and secure authentication where passwords are never sent to the server.

When will mobile apps be available?

Mobile apps for iOS and Android are coming in Q1 2026, along with desktop sync clients for macOS, Windows, and Linux.

Encrypted Comments for Encrypted Shares

We’re excited to announce encrypted comments on encrypted shares. When enabled, anyone with the share link can post and read comments, all encrypted end-to-end so only those with the share key can access them.

Summary (TL;DR)

Comments are encrypted client-side using XChaCha20-Poly1305; server stores only ciphertext and metadata. Only share link holders can decrypt and read.

How it works

Comments are encrypted client-side using a key derived from the share’s CEK via HKDF.
Server stores only ciphertext and metadata (timestamp, display name, signature, fingerprint); plaintext is never accessible.
Anyone with the share link can decrypt and read comments in their browser.
Owners can moderate: toggle comments on/off, lock to prevent new submissions, ban users across all shares, or revoke shares entirely.

How to use it

Create or edit a share and enable comments in Share Settings.
Open the share link; comment box appears if enabled.
Write and submit a comment; browser encrypts it locally before upload.
Viewers with the link can decrypt and read comments in their browser.

Important

Tip: treat any share link with comments enabled as you would any sensitive shared key; anyone with the link can view content and comments. Use the share settings to disable comments or revoke the link if needed.

Technical details

Share URLs follow the format https://drive.ellipticc.com/<shareId>#CEK, where the fragment after # is the base64-encoded 32-byte CEK. Example: https://drive.ellipticc.com/s/720fd0b44715d0c82eceeabb902212972867aa84b446ddac977e78cf89912b9c#iMEkmUFztJGxMY2XHZ7/ndSNXeSlSOrOTYI6KW+9f+s=.

Comments are encrypted with XChaCha20-Poly1305 using a key derived from the CEK via HKDF-SHA256 (info: share-comments-v1). Tampering with the CEK breaks decryption for both content and comments.

1
import { xchacha20poly1305 } from '@noble/ciphers/chacha.js';
2
import * as ed from '@noble/ed25519';
3
import { sha512 } from '@noble/hashes/sha2.js';
4

5
ed.hashes.sha512 = sha512;
6

7
/** Derive comment key from share CEK using HKDF-SHA256 */
8
export async function deriveCommentKey(shareCek: Uint8Array): Promise<Uint8Array> {
9
    const info = new TextEncoder().encode('share-comments-v1');
10
    const ikm = await crypto.subtle.importKey('raw', shareCek as any, { name: 'HKDF' }, false, ['deriveBits']);
11
    const derivedBits = await crypto.subtle.deriveBits({
12
        name: 'HKDF', hash: 'SHA-256', salt: new Uint8Array(32).fill(0), info
13
    }, ikm, 256);
14
    return new Uint8Array(derivedBits);
15
}
16

17
/** Encrypt comment using XChaCha20-Poly1305 */
18
export async function encryptComment(content: string, key: Uint8Array): Promise<string> {
19
    const nonce = crypto.getRandomValues(new Uint8Array(24));
20
    const encodedContent = new TextEncoder().encode(content);
21
    const cipher = xchacha20poly1305(key, nonce);
22
    const encrypted = cipher.encrypt(encodedContent);
23
    const combined = new Uint8Array(nonce.length + encrypted.length);
24
    combined.set(nonce);
25
    combined.set(encrypted, nonce.length);
26
    return btoa(String.fromCharCode(...Array.from(combined)));
27
}
28

29
/** Decrypt comment */
30
export async function decryptComment(encryptedBase64: string, key: Uint8Array): Promise<string> {
31
    try {
32
        const combined = new Uint8Array(atob(encryptedBase64).split('').map(c => c.charCodeAt(0)));
33
        const nonce = combined.slice(0, 24);
34
        const encrypted = combined.slice(24);
35
        const cipher = xchacha20poly1305(key, nonce);
36
        const decryptedBytes = cipher.decrypt(encrypted);
37
        return new TextDecoder().decode(decryptedBytes);
38
    } catch (err) {
39
        return '[Decryption Failed]';
40
    }
41
}
42

43
/** Create HMAC-SHA512 fingerprint using userId as key */
44
export async function createMessageFingerprint(message: string, userId: string): Promise<Uint8Array> {
45
    const encoder = new TextEncoder();
46
    const keyBytes = encoder.encode(userId);
47
    const messageBytes = encoder.encode(message);
48
    const key = await crypto.subtle.importKey('raw', keyBytes, { name: 'HMAC', hash: 'SHA-512' }, false, ['sign']);
49
    const hmac = await crypto.subtle.sign('HMAC', key, messageBytes);
50
    return new Uint8Array(hmac);
51
}
52

53
/** Sign fingerprint with Ed25519 private key */
54
export async function signMessageFingerprint(fingerprint: Uint8Array, privateKey: Uint8Array): Promise<Uint8Array> {
55
    return await ed.sign(fingerprint, privateKey);
56
}
57

58
/** Verify Ed25519 signature */
59
export async function verifyMessageSignature(fingerprint: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): Promise<boolean> {
60
    return await ed.verify(signature, fingerprint, publicKey);
61
}

Each comment includes an HMAC-SHA512 fingerprint (using commenter’s userId as key) signed with their Ed25519 private key. Clients verify by checking the fingerprint matches and the signature is valid with the public key, ensuring authenticity and tamper detection.

FAQ

Q: Can Ellipticc read my comments?
A: No. Comments are encrypted client-side using XChaCha20-Poly1305 and stored as ciphertext. Only clients with the exact share key can decrypt them.

Q: What happens if someone tampers with the CEK in the URL?
A: Decryption fails completely. The CEK must be exact; any modification prevents deriving the correct comment key, making both share content and comments inaccessible.

Q: How does moderation work?
A: Owners can toggle comments on/off, lock comments to prevent new submissions, ban users across all their shares, or revoke shares. Bans and locks are enforced server-side. We can’t moderate anything due to encryption.

Q: What if I lose the share link?
A: No problem. You can always find and regenerate share links from your dashboard. The CEK is securely stored and accessible to you as the owner.

Note

Ready to try it? Create a share with comments enabled and start the conversation. For questions, reach out to [email protected] or join our Discord community.

We built this feature to let people collaborate and discuss shared content while keeping the privacy guarantees you expect from end-to-end encryption. Happy sharing!