We assign the Cryptelo project a "Stable+" rating.
The Cryptelo project is a project being developed by a Czech company of the same name which specializes in creating a means for cryptographic protection of information and for providing secure remote access. The company has a completed and successful software product called Cryptelo Drive enabling data storage in a special form, so that only users with an access key can read it. A smart key administration system enables the project to reduce risks of data loss.
The project has a sound basis in the form of the Cryptelo Drive product, and aims to expand its application globally. For these purposes, the authors seek to move the administration of private keys' public aspect to blockchain. However, the project materials do not demonstrate a clear understanding or a worked out concept for the implementation of plans in this direction. The idea itself looks reasonable, and the success of the Cryptelo Drive product confirms a market demand for technologically advanced solutions for secure data storage.
In our opinion, the share of the market that the project might occupy in the medium term (given the gaps in the concept) is extensive for the project’s established areas of Encryption as a Service and Cloud Storage Encryption. However, limitations for application of the product in the governmental and financial sectors should be considered; these are heavily regulated and there is no way of paying for services in cryptocurrency. However the authors claim to provide the possibility for payment in fiat or invoicing for corporate clients. Details are not revealed as yet.
These factors prevent us assigning the project a higher rating, despite undeniable advantages for the project with its strong team and past success in providing B2B services with the product, which is the prototype for the current project but without blockchain technology.
Cryptelo is a project creating software for the secure storage of valuable data. Data is stored in a special form, and an unauthorized person would be unable to read it even if they gained access to the server. The data can only be accessed with a pair of private and public keys. The project sets out to transfer administration of public keys from its own software product on the Cryptelo Drive server side to blockchain. These developments will be available to any interested party for the creation of encrypted storage, access to which will be available through the API. Such access will be paid for using CRL tokens.
The Cryptelo company is based in the Czech Republic. The ICO is being staged mainly in order to raise funds for development and marketing.
Token: CRL, on ERC20 basis
Supply: 500,000,000. All unsold tokens will be destroyed after the ICO.
Token distribution: 25% company; 20% Pre-sale; 30% Public Sale; 22% Platform expansion incentive; 3% Bounty program.
Round 1: Pre-sale (closes on 05.03.2018)
Price: 0.00008 ETH
Cap: 4000 ETH
Bonuses: 50% discount
Round 2: Public sale
Soft Cap: 1m ETH (reached on Pre-sale)
Hard Cap: 500m CRL
Price: 0.00008 ETH
Bonuses: 25% discount at the start, decreasing by 2% every day. 5% discount for referrer and referral.
Accepted currency: ETH
Vesting: Bonus tokens and company tokens are vested.
To participate in the ICO, investors need to register and verify their identity in accordance with the KYC procedure. Currently this procedure is being developed in accordance with legislation within the Czech Republic.
Countries where the ICO will not be available are the United States, Canada, Singapore, China and South Korea.
The Cryptelo project already has a working product, Cryptelo Drive, designed for remote data protection using encryption. This product is the project's basis for global expansion; in order to gain understanding of the goals and objectives it is necessary to understand the finished core product’s functionality separately to blockchain integration.
The Cryptelo Drive service, in a simplified form, involves the following:
- Cryptelo Drive is the app on the server side; it stores the data remotely in the cloud in encrypted form. This includes the public seed keys of all participants; the network administrator confirms the identities of public key owners and verifies them with their electronic signatures for avoidance of forgery.
- Cryptelo ID — an application on a mobile phone or on a USB flash disk. Works with a private key for authentication with Cryptelo Drive. In tandem with a private key, a one-time password is encrypted for each new connection, enabling Cryptelo Drive to determine user identity with the corresponding public key.
If user A wants to save a file in Cryptelo Drive and make it available to user B, they do the following:
- The user creates a new key pair specifically for encrypting the file according to the principle of Hierarchical Deterministic Key Pair, and encrypts the file using the private key.
- User A downloads the public seed key of user B and uses it to encrypt the public key for the file.
- User A downloads the encrypted file and the encrypted public key from the file in Cryptelo Drive.
Now the file can be read only by user A and since they have the public key of user B’s file, only they can decrypt the public key from the file. Creating a new key pair for each new record increases security for the system because an unauthorized person’s access to one key does not enable them to harm the entire system.
Ctyptelo Drive performs the following functions on the server side:
- Administration of public key users.
- Storage of encrypted files in the form of special record chains.
The product’s uses include secure communication by e-mail, to protect home IoT networks and for cloud storage encryption.
In order to scale to a global level, the project intends to make the Cryptelo Drive library public and provide it in the form of an API for the application on the server-side. The product’s functionality is also reduced; now the Cryptelo platform only deals with storage of encrypted files, and functionality for public key administration is transferred to the blockchain level. Each new record on the platform appears by calling appropriate functions from the API, and is paid for by CRL tokens.
The use of smart contracts in the system is reduced to managing access rights to records on the platform. A new smart contract is generated when a record is created on the platform. It controls who, when and what types of operations can be performed with the record associated with it. There are other interesting features, for example a document owner can share it with another party for a limited period of time.
The authors identify two main problems solved by blockchain technology: Information about data updates (versions) and ensurance that public keys cannot be replaced/tricked. Unfortunately, they do not describe their views regarding the administration of public keys on blockchain and the technologies related to this stack in general. This leaves many unanswered questions. It is unclear who will act as the CA and confirm the identity of members. In what form will the records about keys be stored on blockchain? In response to our question about key administration by clients of the company issuing SSL certificates, the authors stated that this could be one of the methods. In the general case, rules should be set by a user at the level of smart contracts, which apparently customers will have to design on their own.
This also raises questions about the appropriateness of the use of the company’s services as an alternative to existing PKI architecture. The fact is that this architecture solves only problems in establishing secure connections between network nodes, but does not address issues of safe data storage. As far as we understand from the project materials, it is secure storage of data in the form of special chains of records that constitute the project’s key technology. Interaction with safe storage is carried out through the API, but not all services require such a level of data protection. Common services lacking elevated security requirements must simply establish secure connections with their customers and confirm their identity to operate. Such services will solve one problem at a time and either use standard PKI architecture or choose new blockchain-based projects which solve the same task.
Besides the obvious decentralization benefits, blockchain technology is able to improve the existing product, Cryptelo Drive, in one specific manner. Moving the functionality for administrating public keys enables data to be stored on different physical servers and the making of copies of Cryptelo platforms. There is no more need to synchronize public key infrastructure, and clients can copy just the data. It appears that the team has a good product (Cryptelo Drive), and intends to combine this with blockchain technology to improve it. But existing descriptions give the impression that the project either does not have a clear vision when it comes to implementing blockchain technology, or it is not presented, and for the potential investor both these cases are equally unhelpful.
The project identifies several market niches in which it could compete for market share. They include Encryption as a Service and Cloud Storage Encryption, which are the markets where Cryptelo Drive is currently being implemented. The new niche where the project sees itself involves competition with the existing PKI infrastructure.
Let us begin by analyzing chances for the project in the field of PKI, new for the project. First of all, we would like to provide a brief description of this infrastructure. For different nodes on a network to securely communicate over an insecure communication channel where messages can be intercepted and tampered with (Man in the Middle attack), it is necessary to use some methods of protection. Asymmetric encryption is used as a technical measure, where each party has a pair of private and public keys. If the message is encrypted with one key, it can only be decrypted with the other one and vice versa. Only the user has access to the private key, and they can easily send the public key to their partner. The partner encrypts the message with the user’s public key and transmits it over the network; only the user can read it. When such a network is large, a system which would unambiguously link public keys and those who own them is required. A universally accepted PKI (Public Key Infrastructure) architecture is currently used for this; in PKI user identity is established by a certificate authority (CA) in a centralized manner. CAs issue special certificates that link public keys belonging to network participants with their identities, and they sign this link with their e-signature (CA uses their own private key; it is assumed that the public key is known in advance to participants on the network). Such architecture has its drawbacks, for example storing information about the validity of certificates on separate nodes, access to which can be blocked. Blockchain technology can remove these disadvantages because the storage of certificates and the control of their validity on blockchain automatically eliminates problems resulting from centralization.
Attempts are being made to create alternative protocols based on blockchain in order to solve the aforementioned centralization problems in the architecture of the PKI. Some of them, for example the Emercoin project, are designed so that everyday users would independently issue certificates for themselves and then use them for authentication for the resources that are part of the ecosystem. In this case, establishing identity on each individual resource is a task for the resource itself, and either existing PKI architecture or the services are used to confirm identities on the resources themselves. Others, for example the REMME project, offer to act as CAs for establishing user identities on blockchain and provide them (CAs) with an opportunity to pay with tokens for issuing certificates to their users, so users can register using these certificates only on these resources. But these projects solve one problem at a time — they establish the identity of a node, and the Cryptelo project automatically requires accessing the platform through the API for safe storage of data in encrypted form, which in our opinion, is not for everyone, but only for organizations with high-level data security requirements.
In our opinion, the project authors' evaluation of the PKI market’s prospects and its growth to $1.99b by 2023, with a CAGR of 22.7% cannot fully relate to the interests of potential Cryptelo customers. We believe that the project should rather expect customers that need both effective administration of public keys, i.e., an analog of PKI without the disadvantages of centralization, and a means of secure data storage where the project has successful development. These are customary for the Encryption as a Service and Cloud Storage Encryption markets, but on a global scale due to the provision of best practices available in the form of libraries for developers.
Encryption as a Service is a narrower variant of Software as a Service, when software products take on responsibility for storing data and ensuring limited access to them for different users. According to a study by marketsandmarkets.com, market growth in this segment is projected to be from $3.27b in 2017 to $12.96b by 2022 with a CAGR of 27.4%. In part, the need is due to an increasing number of hacker attacks involving data loss, as evidenced by statistics, and the growth of the cloud computing market which is predicted to be from $67b in 2015 to $162b by 2020, with a CAGR of 19%.
The authors of the project provide a list of market leaders which includes Thales e-Security, Gemalto, Symantec, and others. These companies have comprehensive experience and a wide range of services which enables them to provide fine tuning for customers. Their main advantages in addition to comprehensive experience are a strong customer base and the provision of services in traditional form, because now we are seeing a natural barrier to the use of technologies and services based on blockchain because of unknown prospects regarding state regulation of cryptocurrencies.
Cloud encryption is data storage in the cloud in encrypted form, available from existing players such as Sookasa, Viivo, BoxCryptor and so on. This solution has natural drawbacks: Firstly, computing on the server side is expensive and can lead to inefficiency costs, and secondly, encryption at the server level suggests that in the case of a successful attack on a server all data would be accessible to an attacker. The Cryptelo project, with encryption at the level of a customer's device, and no access to keys from the cloud solves both of these problems. Despite these highlighted shortcomings, the market for cloud encryption according to a study cited by the authors is projected to grow from $645.4m in 2016 to $2,401.9m by 2022, with a CAGR at 30.1%.
Another interesting statistic on a use case cited by the project is that according to a forecast, the global market for e-mail cryptography will nearly triple from $541.4m in 2015 to $1,550m in 2020.
Thus, in the project’s target markets where Cryptelo has a successful, suitable project (Cryptelo Drive), active growth is observed. The project team expects that public access to the Cryptelo library of developments will bring visibility and popularity of the product to a global level. The project has every reason to succeed in this step, especially in such a rapidly growing market which needs the means and methods for solving basic problems.
The Cryptelo project ICO is staged by the Czech company of the same name which already has a successful product for secure cloud data storage using smart key administration. This indicates that the project team has a lot of experience in providing B2B services for protecting valuable customer data using cryptography.
Cryptelo Drive was designed with the participation of Dr. Vlastimil Klima, who is a white hat hacker and has over 35 years of professional experience in cryptography in governmental and private projects. The project's CEO, Martin Baros, has experience in designing interbank payment systems, and is the founder of Section Technologies, which was used as the basis to create multi-platform, secure mobile applications for banking and forex market.
CTO of the project Jiri Zuna is a professional developer with diverse experience which includes software development for 3D printer controllers. He has also worked for Section Technologies along with the CEO, being responsible for the development of REST backend.
Yann Bouvier, Security Manager, has comprehensive experience in cryptographic data protection. He has experience in this field as Cyber Security Team Lead at leading biopharmaceutical company MSD, and as IT Security Manager for a leading banking organisation in the Czech Republic. These are reassuring professional backgrounds for Cryptelo's specialization, i.e. the creation of applications to protect user information.
Dite Gashi is responsible for the development of blockchain architecture; he is also the founder of Decissio and co-founder and CTO of Bitsapphire. Dicissio provides investors with an opportunity to gather information about projects and analyze this as big data to determine its attractiveness. From our point of view, there is no urgent need for use of blockchain technology in this case. Bitsapphire provides consulting services to projects using blockchain technology. Despite the Bitsapphire team’s declared experience as part of the community since the beginning of 2010, we did not see any truly complex (from the technological point of view) projects in the project’s portfolio, and experience in consulting does not in itself imply an ability to create complex applications based on blockchain technology. We have already noted that the project materials do not adequately describe the functionality of the blockchain technology involved. This aspect of the project begs the most questions.
Gabriela Teissing is Head of Marketing. She is the founder of Rebel & Glory Creation Group, a company involved in creating products using VR or AR technologies for promoting brands, among other things. She has experience in localization of marketing campaigns having been managing director of Hercules Transforming Production. Gabriela Teissing's skills successfully complement the experience of the Cryptelo team, which has a good knowledge of its target market and has experience in selling the main product Cryptelo Drive. Video content is of course a main means of information consumption these days, and Gabriela's experience with Rebel & Glory Creation Group which excels at visuals, may have a positive impact on the promotion of Cryptelo. We would once again like to point out that it is necessary to provide potential clients with sufficient information about the service from a technical point of view.
CRL is a utility token used by Cryptelo’s clients to pay for its services. The Cryptelo platform based on Cryptelo Drive is installed on a client’s or remote server and provides access to stored information via the API. The authors give only elementary principles used as a basis for the project’s economy:
- Access to the Cryptelo platform via the API is paid for by users in CRL tokens. Thus, the more access required, the more a client will pay for operation.
- Support services are provided 24/7 and paid for in CRL tokens.
Unfortunately, the authors do not provide any more information about pricing of their services, nor about possible scenarios for token use. They have also stated that a facility to pay with fiat currency will be available. They say that when fiat is invoiced it is changed into CRL tokens via public exchanges, but the mechanisms are not defined.
On the basis of available information, we can draw a simple conclusion that growth in CRL token price will primarily depend on total number of users. The more users, the more access requests to the Cryptelo platform through the API and the greater the demand for CRL tokens to pay for such access. The authors claim that existing clients will be migrated to payment by tokens. The project will support demand for CRL.
The business model for the project is focused on providing SaaS in the form of B2B. This limits the potential of the token's price growth rate, because the technology entails use of Cryptelo’s protocols at the enterprise level.
In our opinion, the project has a strong product that could interest targeted clients who need modern data protection systems. However, the potential investor needs to have more information in order to understand the main benefits in the project, from a technical point of view among other things. Apparently, the development of the concept and its application are still in progress. The authors state that integration of blockchain technology should take about a year. Quite possibly during this time many things will be modified, and the authors need funding for this.
Currently we believe that the main risk to the project is a lack of global traction. The main objective of the project is to distribute its technologies on a global scale. Given such statements, then working with clients on an individual basis is impossible. The project requires a strong marketing machine that will enable potential investors and/or clients to turn their attention to the product and receive all answers to their questions. At this point the authors do not provide technical details on how the product’s services work, why they work this way, and what exactly the advantage of the project's technological solutions over its key competitors is. The team can likely sell their products to companies and businesses, but since the project is aiming for a global level, manual control of processes is no longer needed. The team is very experienced in its field and in business development in general. The project is gaining more and more attention, which confirms its potential for success. When information about the use of blockchain technology and the tokenomy are comprehensively revealed, this risk will be heavily reduced.
There are regulatory risks associated with entering the state enterprises security and financial sector security markets. These areas are typically highly regulated and require compliance with many standards, and blockchain technology, with its lack of centralized control may not be appropriate for government agencies for ideological reasons: The state should exercise control. Moreover, it is difficult to imagine a large banking system accepting the conditions required by the project and paying for services using tokens.
The fight with existing PKI structure and with new blockchain-based solutions for key administration is definitely long-term. There are significant risks that the project will not be able to rise to leading positions in this regard. On the one hand, despite existing problems with PKI architecture it is currently considered to be the world standard and is applied globally; one should not expect a speedy change of paradigm. On the other hand, new players with a clear vision for their own solutions are already appearing and building new solutions for the administration of security keys using SSL certificates and blockchain technologies. Cryptelo has not demonstrated such a vision.
There is a possibility that in their attempt to enter the global market, the company will be unable to take a significant share of the market from existing players providing cryptography services.
The information contained in the document is for informational purposes only. The views expressed in this document are solely personal stance of the ICOrating Team, based on data from open access and information that developers provided to the team through Skype, email or other means of communication.
Our goal is to increase the transparency and reliability of the young ICO market and to minimize the risk of fraud.
We appreciate feedback with constructive comments, suggestions and ideas on how to make the analysis more comprehensive and informative.