PRIVATE.ME PLATFORM

xBackup: Ransomware-Proof Backup

XorIDA-split files into K-of-N shares distributed across independent cloud providers. No single provider holds enough data to reconstruct. Any K providers restore the original. Ransomware cannot encrypt what it cannot find.

Platform / Backup COMING SOON XorIDA Powered Multi-Cloud

Section 01

The Problem

Ransomware encrypts backups alongside primary data. Single-provider backups are a single point of failure. Cloud provider compromises, insider threats, and supply chain attacks expose all backup data at once.

Modern ransomware specifically targets backup infrastructure before encrypting production data. Attackers identify backup agents, compromise backup credentials, and encrypt or delete backups before the ransom demand. The 3-2-1 backup rule fails when all three copies are accessible from the same compromised network.

Cloud backups solve the offsite problem but create a new single point of failure: the cloud provider itself. A provider-side breach, rogue employee, or government subpoena exposes all backup data. Encryption-at-rest protects against disk theft but not against application-layer attacks.

The Old Way

Section 02

The PRIVATE.ME Solution

xBackup splits backup files via XorIDA into K-of-N shares with streaming chunked processing, then distributes each share to an independent storage provider. No single provider holds reconstructable data. Any K providers can restore the complete original.

Ransomware cannot encrypt what does not exist in any one place. Each provider stores only one share -- a blob that is information-theoretically meaningless without K-1 additional shares from other providers. Compromising one provider yields exactly zero information.

DID-based identity replaces API keys for authentication between the backup client and storage nodes. Each storage node has a cryptographic identity verified via Ed25519 signatures. No shared secrets to steal, no config files to compromise.

The New Way

Section 03

How It Works

Streaming chunked pipeline: files are read in chunks, each chunk XorIDA-split, and shares streamed to providers in parallel. Restore reverses the process, fetching K shares per chunk and reconstructing in order.

Key Security Properties

Ransomware immunity: No single provider has enough data to reconstruct any chunk. Ransomware at one provider cannot affect data at others.
Provider independence: Any K of N providers can restore. Lose a provider entirely? Use the remaining K.
Streaming performance: Chunked processing handles files of any size. Memory usage bounded by chunk size, not file size.

Section 04

Use Cases

🛡

Enterprise

Ransomware Protection

Critical business data split across 3+ cloud providers. Ransomware cannot encrypt shares it cannot reach. Recovery from any 2 providers without paying ransom.

NIST CSF

☁

Cloud

Multi-Cloud Resilience

Eliminate cloud vendor lock-in as a data risk. Backups survive complete provider outage, bankruptcy, or geopolitical access restrictions.

Multi-Cloud

📋

Compliance

Compliance Backup

Meet regulatory backup requirements (SOX, HIPAA, GDPR) with provably immutable, distributed backups. No single admin can delete or modify all shares.

SOX / HIPAA

🌍

Disaster Recovery

Geographic Distribution

Shares distributed across geographic regions. Natural disaster affecting one region does not impact recovery capability from remaining regions.

DR / BCP

Section 05

Integration

Quick Start

import { splitBackup, restoreBackup } from '@private.me/xbackup';

// Split file across 3 providers, 2 required to restore
const shares = await splitBackup(fileBuffer, [
  's3://my-bucket',
  'azure://my-container',
  'gcs://my-bucket',
], { n: 3, k: 2 });

// Restore from any 2 providers
const restored = await restoreBackup(
  [shares[0], shares[2]]  // any K shares
);

splitBackup(data: Buffer, providers: string[], config: { n: number, k: number }): Promise<BackupShare[]>

Splits the file via XorIDA into N shares using streaming chunked processing, uploads each share to a separate provider, and returns metadata handles for each share. HMAC integrity tag per chunk.

restoreBackup(shares: BackupShare[]): Promise<Buffer>

Fetches K or more shares from their providers, verifies HMAC integrity per chunk, reconstructs via XorIDA, and returns the original file. Streaming chunked to handle large files.

Section 06

Security Properties

Property	Mechanism	Guarantee
Data Secrecy	XorIDA K-of-N split	No single provider can reconstruct
Ransomware Immunity	Multi-provider distribution	No single compromise affects all shares
Provider Auth	Ed25519 DID identity	No API keys, no shared secrets
Integrity	HMAC-SHA256 per chunk	Tamper detection before reconstruction
Fault Tolerance	K-of-N threshold	N-K provider failures tolerated

Single points of failure

Independent providers

2.0x

Storage overhead

<1ms

Typical payload

VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL

Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

GET STARTED

Ready to deploy xBackup?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xBackup generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xbackup
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xBackup is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →