The Proton Drive security model


This article documents Proton Drive’s security model by showing how it uses end-to-end encryption to protect your sensitive data. While somewhat technical, this document is meant to be accessible to a general audience and attempts to explain how Proton Drive works in plain language.

Proton Drive is in the final stages of development before our beta launch later this year.


Proton Drive is the newest addition to the Proton encrypted ecosystem. It offers secure online storage space for our users’ photos, documents, and other files with the same focus on privacy and security as the other Proton products.

Proton Drive’s design is based on end-to-end encryption. This model prevents any attacker who gains access to one of our servers from:

  • viewing the file structure in the users’ personal storage space 
  • viewing or changing the contents of their files
  • viewing or changing the file names
  • adding new files and attributing them to the user

With this in mind, our goal is to ensure that the presence of encryption does not hinder the user in any way from seamlessly:

  • uploading, downloading, and previewing files
  • organizing their Proton Drive content into folder hierarchies
  • moving, renaming, and deleting files and folders 

Data model

All content in Proton Drive lives inside a volume, an allotted amount of storage space, with each user having their own private volume. In the future, Proton Drive will allow administrators to create a volume for their organization and to offer access to members of the organization. 

Each file and folder in Proton Drive is described by two entities: 

  1. a node — this keeps track of the entry’s metadata (for example, type, size, creation, and modification time) and its attributes  
  2. a link — this identifies the entry’s position in the folder tree. The link indicates the entry’s location by referencing the parent entry and by storing the name of the entry. 

This model, similar to the Portable Operating System Interface (POSIX) file system model, facilitates communication and synchronization between Proton Drive and the file systems on your device and will support the app on desktop and notebook in the future. In the case of files, the associated node also references the file content, which is split into multiple blocks, each with a maximum size of 4 MB.

ProtonDrive Links and Nodes
Links identify an entry’s position in the folder tree, and nodes contain the entry’s metadata.


Accessing a volume is always done using a piece of information known as a share. A share can be seen as a kind of access card that provides a user with certain permissions and access to a specific part of the folder tree. A share, thus, has three functions:

  • It references a link in the tree
  • It limits the operations that can be performed on the content (ex: read-only, write-only, etc.) 
  • It carries the cryptographic material required to start the decryption process of the content 

Each volume has a default share, corresponding to the root of its folder tree without any permission restriction.

Share 1 is a default share, which corresponds to the root of the volume´s folder tree and has no permissions restrictions. Share 2 is a regular share, pointing to a specific folder or file and defining the permissions.

Multiple users can be members of a share, and each membership can have its own permissions (admin, read, or write). This enables sharing content between Proton users or between members of an organization. A different method for sharing content with people without a Proton account is described in a later section.

ProtonDrive multiple members share
A single share can have multiple members, each with their own permissions.

Main encryption model

In this section, we describe the way content is encrypted in Proton Drive. While there are many similarities with the ProtonCalendar encryption model, the difference lies in Proton Drive’s hierarchical content structure, in which folder trees can have different depths. This means the decryption steps are repeated at each level of the tree.

All keys and passphrases are generated on the client’s side and only transmitted to the server in encrypted form. Similarly, file and folder names, as well as file contents, are only sent to the server in encrypted form, making it impossible even for Proton to decrypt any of these entities. 

Accessing shares

Proton users with multiple ProtonMail email addresses can have multiple email addresses associated with their Proton Drive account. Each address has an associated key that allows the account owner to access a share when they become a member. 

When the share is created, the encryption system generates a 32-byte random share passphrase, along with an asymmetric key (the share key). The share key is locked using the share passphrase, which is encrypted and signed with the user’s address key

In the case of multiple share members, the share passphrase is encrypted with each member’s address key.

Each member has the ability to access the share passphrase using their own address keys.

Payload encryption

The PGP encryption method allows using multiple asymmetric keys or passwords to encrypt a payload. PGP begins the encryption process by generating a new symmetric session key, which is a random passphrase of sufficient length. The session key is used to encrypt the payload, producing the data packet

The next step is to encrypt the session key, in turn, with each asymmetric key and each password provided by the user, resulting in multiple key packets. Each asymmetric key or password can decrypt its corresponding key packet and use the session key within to then decrypt the data packet. (See figure 5)

Allowing a new key (i.e., a new user) to decrypt the payload is a simple operation that doesn’t alter the data packet — only the session key needs to be encrypted again with the new key, producing a new key packet.

ProtonDrive PGP encryption
File and folder contents (the payload) are secured using a single session key with symmetric encryption. Users gain access to the payload by encrypting and decrypting the session key using asymmetric encryption.

Files and folders are arranged in a tree structure. Therefore, there is a recurring pattern where a file or folder’s asymmetric key is locked with a passphrase, which in turn is encrypted with the asymmetric key of their parent folder. All passphrases are signed with the address key of the user, without which a malicious server could forge the contents of the tree.

Node encryption

For each node in the tree, whether a file or a folder, an asymmetric key and passphrase are also generated — the node key and passphrase. The node passphrase is encrypted with the parent folder’s node key (if the current node is not a volume root) or with a share key, if the current node represents a share root.

The file or folder name is also encrypted with the parent folder’s node key. As mentioned earlier, files are stored in blocks, where each block is at most 4 MB in size and is encrypted with the file’s node key. The blocks’ content hashes that mask the original content through encryption are linked in succession and the resulting string is signed with the address key of the uploader. This mechanism protects against a malicious or compromised server forging the contents of files.

A diagram of ProtonDrive nodes.
Each node in a tree has a node passphrase and a node key, which decrypts the corresponding data packets.

The explanation so far covers the main points of the security model: encrypting and verifying stored content and sharing content between Proton users.

Sharing by URL

Our users may wish to share a file located in a Proton Drive volume with someone who doesn’t have a Proton account. This can be done in a read-only manner through a mechanism that prevents Proton from accessing the shared content.  

The method we developed is based on the web client generating secure URLs, which allow access to the contents of specific files. The URLs are password-protected, and having both the URL and the password gives access to the shared content. While the Proton server will know the URL, it will never receive the password.

When creating a new shareable URL for a file, the web client will first confirm that a share directing to the file exists. The passphrase of this share must then be encrypted with the new password associated with the URL. This new password is either randomly generated by the Proton Drive client, or is specified by the user. 

In the case of randomly generated passwords, the user can choose whether they want to include it at the end of the URL, equivalent to sharing the content publicly. This section of the URL isn’t shared with Proton servers, making the password and the content inaccessible to Proton. Alternatively, the user can choose to share the password separately.

In the case of user-defined passwords, this option isn’t available and the password must always be communicated separately.

As a final step, the client makes a request to the server to create a new shareable URL, providing the new encrypted key packet of the share passphrase. The server stores the encrypted key packet and returns to the client a unique random URL for accessing the shared content.

ProtonDrive Share URL
To access a file or folder via a share URL, the user must have its password, which is unknown to Proton.

When the URL is accessed, the server will return the encrypted payload needed to access the shared content. Only by knowing the URL password can the payload be decrypted and the shared file be accessed.

This is a simplified description which captures the central principle of the design. The actual implementation includes mechanisms to prevent the repeated abusive access of the URLs. It also offers the ability to set an expiration time for the URLs or to limit the number of times the URLs can be accessed.


In this article we described the security model of Proton Drive, which is designed to protect users’ data from malicious actors while offering the same ease of use as a non-end-to-end encrypted cloud storage service. As always, comments and suggestions are welcome, and security researchers can reach us at with comments or questions.

Best Regards,
The Proton Team

This post was authored by Proton Drive technical lead Radu Popescu. 

Interested in building products like this? Join us.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

Feel free to share your feedback and questions with us via our official social media channels on Twitter and Reddit.

About the Author

Proton Team

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.

Comments are closed.

73 comments on “The Proton Drive security model

  • This looks amazing. Thanks a lot for your work.

    The dominance of non-encrypted services such as Zoom or Google apps in companies is alarming. We, as employees, have no choice but to accept that our ID, salary, address, photo, contracts, phone number, bank account, insurance data, etc. is stored on GDrive. Google is even now starting to store health data. Given how Google puts facial recognition & text analysis & data mining on every bit it sees, this is not reassuring.

    I sincerely hope more people, politics and more companies will understand the urgency to switch to privacy respectful solutions, be it for their privacy, their employees’ privacy or for national independence & security.

    Can’t wait to try ProtonDrive

  • In reviewing the Proton Drive Security Model, it appears to be identical to another product which is already commercially available, What makes Proton Drive different? How will you differentiate yourself in the marketplace from products like which are already commercially available?

    • Hi Dean,

      Thanks for the comment. Our high security standards are an integral part of what makes Proton stand apart, but they are not the single factor. Defending everyone’s right to privacy and freedom of speech is at the core of our mission and the idea behind all our products. That’s why we are active in several areas related to human rights and it is also one of the reasons why we are based in Switzerland. To understand why Proton chose Switzerland and how this protects you, please read this article.

    • Hi,

      We will continue releasing more details about ProtonDrive in the weeks and months to come. Please continue checking our website. Thanks!

  • Will ProtonDrive be made available as an included feature for those who are already supporting your development efforts with a paid account? Or will you be charging paying subscribers for this as a separate feature?

  • wuuush thats the sound of all that technical details flying over my head but I am looking forward to try it!

  • It’s all very clever and detailed, but one needs a computer analysts qualification to understand it! That’s the problem with Proton Mail nothing is ever made easy to help the regular guy use the many different parts of the system. Yes you understand what your doing but you forget about the user…………..your customer!

  • Thanks for the explanation. I can’t wait to use ProtonDrive.

    All of this was a bit complex and thus I might be wrong, but I fear I have spotted a mistake: in the node encryption diagram (second from the end) there are two “Parent node key” labels. I believe the second one should be “Node passphrase” instead.


  • Looks interesting, but I am afraid that not Google or Amazon the competitors. Because the most users don’t know Proton and the users who know Proton know also the secure Cloud services.

    I think the competitors of ProtonDrive will be MEGA and Tresorit. ( not, if the US Congress accept the EARN ACT)

    I am excited to read more informations about ProtonDrive to decide between this three cloud services.
    Currently I use Tresorit.

  • Thanks! Can’t wait to use proton drive!

    I might be wrong (the explanaition of the security model is rather complex), but I believe that the second “Parent Node Key” label in the “Node encryption” diagram should be “Parent Passphrase” instead. I believe so because in the “Accessing shares” paragraphes it is shown that an address signs a passphrase wich unlocks a key, which seems the same thing happening in the top of the “Node encryption” diagram.

    (I already wrote this about 1 week ago, but I see it was not published. I am trying again because I am suspecting that something went wrong on my side, maybe due to cookies disabled. Sorry for double posting if I am wrong.)

    • Hi Ric,
      There won’t be any Proton servers in the USA. From a privacy protection standpoint, the legal framework there is not strong enough to justify this. We will offer all ProtonDrive users the option of using servers in Switzerland, but we will likely also offer servers in another country as well, potentially Germany.

  • If the Proton drive will be something like the cloud service where I can back up my stuff and there is an MAC app available that monitors one or more folders on the mac, syncing them with the Proton drive, I’ll be happy to switch service from New Zealand to Protonmail!

    • Hi Geoffrey! ProtonDrive is entering early access for some paid users and will be available to more groups of paid users in the coming months.

  • Are there plans to create apps for NAS devices or otherwise allow somewhat easy backups of NAS data to ProtonDrive? I recently got a NAS and am looking into cloud backups. I’m not satisfied with the security of the current options available, but I would be totally comfortable committing my personal data to ProtonDrive if that were an option. Thank you for all your do!

  • Looking forward to seeing this go live. Not sure sending key in the url is better than making the file public.trygve

  • Privacy & security are increasingly important in today’s environment. Thank you all for the effort you are putting into providing safe storage & communications for private citizens & corporations.

  • I’m very much looking forward to ProtonDrive; moreover, I am looking forward to ProtonDrive for Organizations. It will definitely be of great use. Thank-you for the work everyone at Proton performs. Stay safe everyone.

    • Hi Don,
      Yes, as a ProtonMail user, you should have received an email notifying you of the ProtonDrive beta.

  • I need this now. I’m going to be moving my email from google to protonmail very soon (I already have a paid account, I just need to make the transition.) I also use Google Drive, I would love for you to let me abandon Google Services altogether. Thank you.

    • Hi MaryAnne,
      We are happy to announce we recently released the ProtonDrive beta. Given the development work that needs to be done, we cannot give a firm date of when ProtonDrive will be publicly released. You can keep up with the latest ProtonDrive developments by following our blog and social media channels.

  • Hello

    Possibly to create a IOS app so we can upload our photos and files direct to ProtonDrive?


    • Hello Xhej,
      We are currently working on an iOS app for ProtonDrive. Stay tuned to this blog and our social media channels for updates.

  • Looking forward to it.

    I had in the last year or two migrated to :

    1. From DropBox to pCloud but still within their free / usage tier.
    2. Gmail to HEY
    3. Express VPN
    4. Calendar still with Google unfortunately

    I still have my main email with HEY but would be reviewing and migrating to Proton when my HEY subscripton ends next year as culmination of everything and that would be great.

    • We’re glad you’re taking steps to take back control of your personal data Shas. We look forward to welcoming you aboard!

  • Fantastic!

    I cant wait either. What would the storage options look like in terms of size upon final release?

    • Hi Rudi,
      Storage is currently being shared between your ProtonMail inbox and your ProtonDrive account. We plan on increasing the amount of storage accounts receive in the future.

  • This is excellent timing. I was just looking into the latest options for backing up files.
    I’m a paid user. How much room do we have while in the testing phase for the drive?

    • Your storage that comes with your ProtonMail inbox will be shared with ProtonDrive during the the beta testing phase.

  • I am anxious to try the new ProtonDrive. My faith and trust in your organization continues to grow. Well done!!

    • Hello Welshy,
      Yes, the ability to share folders and files with anyone, including non-Proton users, is one of the features our development team is currently working on.

  • I’m a paid up Proton VPN/Mail user for another year yet and just uploaded some files to the new storage.

    Wading through all the technical stuff about it is not helping this old guy at all. I tried your question thing and got zilch.

    How do I give a link to those files or just one at a time to others so they can download them?

    Can I put a password on all or just one file so a friend can get it?

    I’m sure you have this info somewhere but I’m not finding it.

    There sure is a lot of breaks and re-connections going on with the VPN service that makes me wonder if it’s worth the money. Constantly re-connecting and screwing up posts I’m trying to do to even worse than when I used TOR on a regular basis.

    I’m not a happy camper about this right now I don’t think I will pay for more of this once my account runs out in a year unless it improves. How about some more Canadian server options in Alberta where I live. I like the BC ones as that’s where I was born but have to use Toronto to keep a half decent connection that still goes on and off every few minutes sometimes.

    My desktop is hardwired to our ISP while my wife and step-daughter are using wifi to access the same service and never have problems. They do not use Proton VPN so what’s up?

    And why do I have to re-login to your stuff when I open a new page like this one? I’ve had to login 3X already and sick of it! Another bug that makes me want to not pay more for this stuff.

    Please get it together before my account runs out next Dec. I have not been recommending your service to others because of all the problems I’ve been having.

    I have turfed MS Edge, Bing etc from my Win10 machine and only use FireFox but lately downloaded Opera which has a free VPN. I use Win10Privacy to shut down all access to my machine and have never had a viral attack cause me a shutdown since 1987 when I got my first PC. I’ve hand built every new PC since.

    • Hi Bruce,
      You can use a link to share your files one at a time ( or you can zip your files together, store them on Proton Drive, and then share them all at once. You can also password-protect each link you share.
      I’m also sorry to hear that you are having difficulty with ProtonVPN. I will share your comments with our team.

    • Hi Ignacio,
      Good suggestion. A Proton Browser is something we may consider for the future.

  • I started selling PCs to corporations 1987. I’m 72 now, retired, and IT passed me by 10 years ago. I need an anology to grasp Proton’s tech rigor. For example, our countries 27 trillion debt is equal to each citizen (man, women, child or baby) owing $88,000… or a family of 4 owes $332,000 to pay the debt.

    To help me grasp Proton, would you say Proton protects me against: a) armour piercing small arms b) an anti-tank missle or c) ground leveling ‘shock and awe’ bomb?

    I’m thrilled for you all at Proton to experience unimaginable growth and development.
    Kind Regards,

    • Hi Doug. c) ground leveling ‘shock and awe’ bomb? We certainly try very hard to be as secure as its possible to be.

  • I will start out by saying that I am NOT tech savvy, so I did not understand most of the above information. I am however, a very PRIVATE person so the very fact that I can switch ALL of my sensitive info/data to Proton was good enough for me.
    Thank you Team Proton for providing this great addition to your “portfolio”!!!!!

  • I have been using the Drive now for several months, and have had no trouble with it. I feel confident my documents are secure and private with Proton. What I am not sure of is whether downloading a document to my Windows PG in order to edit it and then return it to ProtonDrive leaves a copy stored on my PC somewhere in the drive or on Windows OneDrive. Fortunately, I am not responsible for any extremely sensitive documents for which privacy and security is crucial. I do use ProtonVPN.

    I am left to wonder what would be required if my documents DID involve crucial information, such as the names of sources or dissident activists. Would it be necessary to use ProtonDrive through Tails and Tor? or via a USB based OS? Is it better to use a secure Swiss based end-to-end encrypted file sharing )as opposed to file storage) service? Are any options actually more secure than using ProtonMail to store text as drafts or emails sent to myself? Obviously, keystroke loggers or nation=state level hacking cannot be prevented completely (and this is not a realistic threat in my cases) but what is the est practice for creating and editing documents, for example in journalism?