Brainkey Concept

As it exists today, end-to-end encryption is mostly device-based, because that has been the surest way to both verify that a user is who they say they are and to safeguard against large-scale breaches. But that also makes practical usage frustrating for users. A real life reality is that we often switch phones or need to log in from a friend's computer, which is tricky with a product using end-to-end encryption and can lead to security shortcuts in favor of convenience.

Brainkey by Virgil Security is a strong cryptographic key based on a user-generated password, and is used to encrypt a user's private key in the Virgil Cloud. Users can then regenerate their original private key on multiple devices, allowing access to their encrypted data from new browser sessions or devices and preventing permanent loss of encrypted data if the original device is lost. This functionality is already baked in Virgil E3Kit, particularly Brainkey is used in the Key Backup functions.

Brainkey works with Pythia, designed by Adam Everspaugh and Rahul Chaterjee, University of Wisconsin–Madison; Samuel Scott, University of London; Ari Juels and Thomas Ristenpart, Cornell Tech. Take a look at the Virgil Security Pythia whitepaper for more information about the technical details.


  • A basic user private key that is generated using a Crypto Library has limited entropy source
  • If the user loses their private key, they won't be able to access previously encrypted data and it will be lost forever
  • If the user gets a new device, the data needs to be re-encrypted with a new key pair or a previously generated private key needs to be transmitted somehow, which has security risks.


Virgil Security's Pythia Service can be used to generate a strong cryptographic key based on a user's password. We call this key a Brainkey. When you need to restore a private key, you only use the user's password and Pythia Service.

  • Virgil helps you create Brainkey based on your user's password, without having to know your user's password or the password's hash.
  • You don't need to recreate a new key or re-encrypt the data if the user lost their private key and/or device.

How it works

E3Kit implements the necessary functionality to generate Brainkey; you can find it in Key Backup section.

All operations that are performed using the user's password take place on the Client side, so Virgil will never see a user's password or its hash.