Maxwell Krohn, SM ’05, PhD ’08, helped revolutionize internet dating in the early 2000s with a site he cofounded with some college buddies: OkCupid. Unlike other dating sites that took themselves ultra-seriously and charged substantial fees, the service was witty, irreverent, and free—and full of fun quizzes to determine your dating personality or your Harry Potter alter ego.
Krohn sold the site in 2011, however, and he began to have second thoughts about all the sensitive personal information that people were forever launching into the cloud. “Maybe it isn’t such a rosy future to be storing people’s deepest, darkest secrets on all of these databases and hoping all of these system administrators get it right,” he says. His latest venture, Keybase, tackles that problem head-on, harnessing studies in cryptography he began at MIT to create a simple but powerful platform for securing user data. “There is a lot of great theoretical work around cryptography, and then there is the way people act day to day, and there is a pretty big gap between them.” Keybase, he says, aims to close that gap.
Krohn took his first computer class on a whim as a first-year student at Harvard, and soon afterward he took a course on cryptography at MIT as a guest student with computer scientist Silvio Micali, a Ford Professor of Engineering who won a Turing Award in 2012. “For the first time, I realized that all of the things you learn in complexity theory have a natural expression in cryptography,” he says.
Maybe it isn’t such a rosy future to be storing people’s deepest, darkest secrets on all of these databases and hoping all of these system administrators get it right.
In the late ’90s, he and classmates from Harvard founded theSpark.com, a cult web community featuring satire, quizzes, and even a rudimentary dating app. Part of the website survived as Spark Notes, a study guide site purchased by Barnes & Noble; other aspects were resuscitated to launch OkCupid in 2003.
As Krohn was programming the back end of OkCupid’s massive databases, he was also pursuing his PhD at MIT in system architecture. “To get OkCupid off the ground, we had to reinvent a lot of web infrastructure,” he says. For his master’s thesis, he designed a web server that broke tasks into separate processes, limiting the spread of any security breaches and speeding performance—a design that became the model for OkCupid’s server.
Keybase, which Krohn cofounded with OkCupid veteran Chris Coyne, employs what’s known as end-to-end encryption to keep user data totally secret—even from the apps through which users might share their data—so no third party can hijack it along the way. Sending information on Keybase requires both sender and recipient to have their own pair of public and private keys. Senders use recipients’ public keys to encrypt the data. To ensure recipients are who they say they are, Keybase links the ownership of public keys with multiple email, Twitter, Reddit, and other social-media accounts—the more accounts linked, the more confidence a sender has. The corresponding private keys used to decrypt transmitted data, meanwhile, are kept securely on recipients’ own devices.
Beyond its approach to authentication, Keybase stands out for the way its advanced cryptography techniques can be applied to, and are transportable across, a range of user-friendly applications. So far, Krohn and colleagues have rolled out the technology in a chat app that works like an encrypted version of Slack and in a file-sharing app much like an encrypted Dropbox. They plan to extend the technology’s use to other developers, as well: for example, they are partnering with cryptocurrency company Stellar to use Keybase for instant financial transactions across international borders.
“It’s a core infrastructure that can be used in millions of cases,” Krohn says, “so that in the future, people can own their own data and own their own cryptographic keys to access that data.” In that future, people could keep their secrets to themselves—and those special someones with whom they want to share them.
This article originally appeared in the November/December 2019 issue of MIT News magazine, published by MIT Technology Review.