I built Ellipticc Drive, an open-source cloud drive with true end-to-end encryption and post-quantum security, designed to be Dropbox-like in UX but with zero access to your data, even by the host.
What’s unique:
Free 10GB for every user, forever.
Open-source frontend (audit or self-host if you want)
Tech stack:
Frontend: Next.js
Crypto: WebCrypto (hashing) + Noble (core primitives)
Encryption: XChaCha20-Poly1305 (file chunks)
Key wrapping: Kyber (ML-KEM768)
Signing: Ed25519 + Dilithium2 (ML-DSA65)
Key derivation: Argon2id → Master Key → encrypts all keypairs & CEKs
Try it live: https://ellipticc.com
Frontend source: https://github.com/ellipticc/drive-frontend
Would love feedback from devs and security folks — particularly on encryption flow, architecture, or UX.
I’ll be around to answer every technical question in the comments!
some_furry•3mo ago
Also, this SRP implementation seems a bit... sus.
https://github.com/ellipticc/drive-frontend/blob/main/lib/sr...
iliasabs•3mo ago
some_furry•3mo ago
I would recommend OPAQUE instead.
iliasabs•3mo ago
I’ve just pushed an update addressing your points: commit d94969a(https://github.com/ellipticc/drive-frontend/commit/d94969a63...) — N and G are now public, hard-coded RFC 5054 constants (3072-bit for new users, keeping 2048-bit compatibility), and I fixed the session key calculation length.
I’ll definitely look into OPAQUE later on — I did some early testing, but ran into a WASM-related crash on the server side, so I’m holding off until I can debug that properly.
Really appreciate you pointing this out — it helped tighten things up!