Exuberance over the rollback on the NSA mass surveillance programs earlier this year was quickly dealt a crushing blow as the news broke about the mass-hacking affecting some 4 million U.S. Federal employees. Soon enough, matters further deteriorated with the release of a statement by code specialists on the debate whether or not to allow special governmental access to encrypted personal data. Growing concerns are only expected to add fuel to the already agitated discourse we have been having on privacy and cyber-security especially as the presidential race keeps heating up heading off to the primaries.

Ever since the 2013 revelations about mass surveillance, developments like these make it ever more appealing for us to finally take (our private) matters in our own hands. It is in our search for a solution to this that we might start feeling hard-pressed to have our own pair of public and private keys.

Public-key cryptography builds on an extremely uneven situation where encrypting a piece of data is a cinch with the use of the public key, whereas decryption is mind-bogglingly hard unless you happen to possess the associated private key, too. And although such methods have numerous advantages over simple password encryption (there’s no need here to send a password over the Internet when using it for the very first time), it isn’t entirely without its own quirks.

One of the most annoying features of this approach is that the sheer size and make-up of a private key (pure gibberish, really) rule out the possibility of memorizing it for the most of us. To save the day, we need to store a copy of it somewhere very safe and secure, either literally so, or else by setting it up as a bounty for prospective burglars into our apartment.

The mere idea of staying this vigilant about as basic a thing as my own privacy really started bugging me up until to point where it eventually turned into a distinct sense of abhorrence. Ensuing events found me sitting in my chair pondering about what could possibly make up for the price of the comfort of not having to physically stash away the data at some obscure place. Or to put it another way with a touch of autobiographical flavor: I was looking for a solution which has that the computational complexity (that is how hard it is for a computer to sweat it out) to steal my private key matches the complexity of having my apartment burglarized once again.

As my thoughts got wandering off, soon enough a simple idea popped up: slice the key into many pieces, I fancied to call Scraps, and jumble them up in some deliberate order. Then by uploading them onto a website, we might abandon the need of physical backup with having the actual arrangement of them acting as some special sort of a password standing guard over our key.

Even though I felt it was a good enough starting point, a distinct sense of dissatisfaction stuck with me. But anyway, I left it at that for then.

Then a couple days later riding on the subway, standing among the many strangers I spotted someone I share a slightly dilapidated friendship with. Due to my heartfelt share of the blame for the decline, I felt highly unready—much less so eager—for a chit-chat. Coming to my rescue, a social buffer-zone of three-four folks between the two of us allowed me to pretend not to have noticed him. To further escape my trepidation I began staring at the floor right in front of me, and soon enough my attention hopped on some wacky random train of thought: I imagined that some random fella were to guess all the friends I (used to) have in the city. And not only that but the very order I first met them.

After getting off the subway (encounter averted, mission accomplished!), it clicked that how much this goofy little thought has to do with the one I was entertaining the other day. In fact, it suggested that we should mix a lot of Decoys (all the strangers in the city) among the valid Scraps (the actual friends). Lots of them. I figured this way we could force the aspiring Interceptor to play a little game of “Lottery” on our Scraps with the winning sequence of the valid Scraps (in the right order) acting as a password.

But still, something would just not quit pestering me: what about not the Interceptor but the site itself we intend to store all our Scraps at?

As hosting typically happens through some big cloud provider, the fear is that they might just have the wherewithals for sorting out and assembling the key from all the Scraps they harbor. Soon it occurred that in order to fend that off, we should divide up the Scraps and store them across a few competing providers. In such a scenario, gathering and putting all the Scraps together would require intense communication and sweeping disclosures between them. But given the general mistrust among competitors, this might as well just be costly enough for them to let it end up being some sort of a “political guarantee” for privacy. This is “Divide and Rule” at its purest.

Now, what if something goes wrong? Meaning, really horribly wrong.

At this point even if absolute catastrophe strikes (save an Interceptor suddenly acquiring mind-reading capabilities) that is somehow all our Scraps fall into the hands of an Interceptor, the daunting task of winning the Lottery still remains for her.

But how daunting a task is it actually? That is, how bad can the worst case get?

Much as the prospect of having all our Scraps garnered by someone sounds unsettling, the hardness of winning the Lottery is nothing short of a mindbender. Not only does the Interceptor have to try out every possible arrangement of the Scraps, she also needs to guess the correct password (every private key comes with one) for each and every trial as she keeps plodding her way through all the possible combinations. Now that’s a lot of work to muscle through. Astronomically lot.

To get a little taste of it, let’s suppose you take your key and slice it into, say, 20 Scraps. Then you take the first and second 10 of them, jumble them up separately and mix 90 Decoys to both. This gives you two bunches of a 100 total Scraps (among them 10 the valid ones). Then you upload them onto two providers. Now, for the sake of argument, let’s suppose that we were moronic enough to have settled for the highly fashionable “123456” as a password. Turns out, even for such a lightweight, the situation we are dealing with is so insanely unreal that it allows us to indulge in some real insanity.

So let’s give the Interceptor not merely the computing firepower of today’s most powerful supercomputer, Tianhe-2, but a whole one million of them!

It seems that even with 1,000,000 Tianhe-2’s working in perfect coordination, this would still at the very least take around 7,390 billion years. Correct, that’s more than 500 times the age of the Universe!

Finally, once you have such a system in place, you might just as well want to go ahead and let everyone know about it. In fact, you might want to keep a doormat at your front doorstep tipping off prospective burglars about not hiding a private key in your apartment anymore so as to politely spare them the effort. Make sure to put it right next to the other one: