Triplyx writes data to a set of three storage devices in such a way that if any one of them is lost or stolen, it cannot be used to recover the data. Any two storage devices can then be brought together to recover the data. It is designed for use with offsite backups.
Business users can store offsite tape backups for long periods of time without having to worry about encryption passwords being lost due to staff turnover. Compliance with data protection standards is easier to prove. In theory, a single lost backup device can never result in exposure of confidential data (as long as the random number generator is good enough).
Home users can store three USB flash drives in separate locations. Business users can do the same with large backup tapes, by having two offsite locations and keeping the third in the office.
For a 5-minute overview, see the first talk in this video made at the Debian Linux Conference in 2015.
The "triplyx" system writes multiple copies of the data input D. Each copy is exclusive-OR encrypted with a random "one time pad", and one of the other one time pads is written alongside it. The result is written to a "volume", which can be a file or a Unix device.
To recover the data, any two of the three volumes are sufficient.
The data stream is divided in to alternating "stripes", D1 and D2. The one time pad data streams are A and B.
These datastreams are XOR'd with each other. For instance, D1^A means that each byte of D1 is XOR'd with the corresponding byte of A.
Volume 1 contains alternating stripes of D1^A then B Volume 2 contains alternating stripes of D2^B then A Volume 3 contains alternating stripes of D1^D2^A then D1^D2^B
So, for example, storing an input data stream of 100kbyte would result in the following being written to the devices:
Volume 1: 50k of D1^A, striped with 50k of B. Volume 2: 50k of D2^B, striped with 50k of A. Volume 3: 50k of D1^D2^A, striped with 50k of D1^D2^B.
Note: Currently the code expects to run on Unix systems (including Mac OS X), because it reads from stdin, writes to stdout, and uses /dev/urandom as the source of random bytes for the one time pads (unless specified otherwise).
Example of backing up a home directory, by piping output of "tar" in to the input of Triplyx:
tar cf - /home | java -jar triplyx-2.0.1.jar write vol1.tpx vol2.tpx vol3.tpx
Example of restoring the above, by reading two of the volumes and piping the result in to "tar":
$ java -jar triplyx-2.0.1.jar read vol1.tpx vol2.tpx | tar tvf -
The open source community is free to improve the code (see the project page) and create implementations in other programming languages. Developers are strongly urged to write unit tests for their code. (Triplyx has unit tests).
Triplyx is released under the free software LGPL 3.0 license.
The Triplyx code, documentation and this website are copyright © 2011 Gareth Randall.
Last updated: 21 June 2018