The current state of the art in secure, cryptographic data authorization is severely lacking. On the one hand, the most flexible existing systems, such as those based on Google's Zanzibar, are entirely software-based, resulting in a weak security model where sensitive data is stored in plaintext. On the other hand, current authorization systems built using cryptography tend to lack the flexibility and scalability that developers need for real-world applications, making them a less user-friendly option.

So, what can you actually do today if you want to securely share private data and accounts with your friends, family, colleagues, and even AI agents, but you also need to enforce complex real-world policies by creating groups, organizational hierarchies, and data access structures? Solving this problem cryptographically, while providing instantaneous access and revocation, is exactly why we built Switchboard.

Switchboard allows you to construct complex authorization polices for any kind of data and grant fine-grained access to any kind of entity. It serves as a complement to MFKDF and Checkpoint, two of our recently announced technologies, and forms the basis of our solution to the third and final “A” in the “AAA” threat model of Authentication, Authorization, and Auditing.

The agentic era is rapidly approaching, and security teams will need to ensure that agents and humans alike have safe and fine-grained access to accounts and data. Simultaneously, the rise of agents will make all of the challenges of existing authorization schemes even more pronounced due to their rapidly-advancing vulnerability discovery capabilities. Unlike humans, agents will act far faster, perform bulk social engineering, find flaws in business logic to gain privilege escalation, and probe for cracks in the underlying security software in ways that humans can’t manually replicate at scale. Existing systems are not well positioned to handle this change in capability, but Switchboard has been designed from the ground up with these exact challenges in mind.

Provable, Cryptographic Authorization

Authorization is your ticket to access, modify, or share something, usually a piece of data or another online resource. A data access policy is the authorization ruleset that defines who can do what with a piece of data. It’s a series of permissions, such as read or write access, between users and data objects. While this is somewhat straightforward to implement in software, the only thing standing between your precious data and an attacker is a database and a bunch of flimsy if statements!

Switchboard, on the other hand accomplishes the same flexible authorization policy enforcement as software-based approaches, but does so exclusively using mathematically-provable cryptography.

Data Authorization Today

People share a tremendous amount of data with each other on a daily basis, and many of the cases where fine-grained access needs to be granted are vital for our jobs and daily life. For example, consider sharing a folder of pictures from a trip with your family, or a business needing their accounting team to have access to quarterly reports.

The need for fine-grained authorization extends beyond just static data like pictures or reports. We also want to share our accounts, but doing so securely is a challenge. Our Checkpoint system provides a secure process for sharing accounts, and is built to work in tandem with Switchboard. In fact, Switchboard is designed to work in tandem with MFKDF2 and Checkpoint so that you can authenticate (with MFKDF), authorize the safe use of shared accounts (with Checkpoint), and provide tiered access to encrypted data (with Switchboard).

Businesses are also constantly juggling multiple compliance requirements, intricate organizational policies, and the critical need to protect sensitive data. This is part of why Switchboard is so essential. Sharing data via Dropbox or Google Drive leaves the data in plaintext. One needs to couple both cryptography and robust access policies together.

This is where Multifactor's Switchboard technology comes in, offering a new paradigm for the simple enforcement of complex policies powered by novel cryptography.

Switchboard’s core promise is to transform the typically weak, software-defined enforcement methods into strong, cryptographically-backed guarantees. It’s a system designed from the ground up to ensure that your data access policies are mathematical certainties.

Today’s Problems

Where are the weaknesses today? The most common approach is the "trusted server" model. In this setup, a client application makes a request to a central server. The server then authenticates the user, checks their permissions against a data access policy, and, if everything checks out, grants access to the data stored in a database. Again, this is just a chain of if statements with no cryptographic backing.

The critical vulnerability here is that the entire security of the system hinges on both the hardware and software of the server. It's a single point of failure. If an attacker compromises the server or a bug in the server's code exposes a flaw, all the data it protects becomes vulnerable. Relying on a perfectly secure and bug-free server implementation is optimistic. It’s not just the computer itself either, it’s also the people. Social engineering, phishing, or simple mistakes can lead people to open up unwarranted access to data. This means you are also inherently trusting the thousands of employees at each of these companies to keep your data secure whereas using cryptography to mitigate these vulnerabilities puts your trust in proven mathematics. As long as the laws of mathematics don’t change, your data is safe.

Not Trustless

To add a layer of security, some systems encrypt the data. A common, but deeply flawed, method is to use a single shared key for a group of users who all need access to the same data object.

This approach introduces two major problems:

• No Granularity: Every user with the shared key has the exact same level of access.
• Revocation: What happens when a user's access needs to be revoked? With a shared key, there's no way to truly take it back. The user still has the key and can still decrypt the data. The only solution is to re-encrypt the object with a brand new key and then securely distribute that new key to all the remaining authorized users which is really cumbersome.

An alternative that avoids the shared key problem is to create a separate, uniquely encrypted copy of the data object for every single user who needs access. While this seems more secure, it creates significant technical inefficiencies:

• Storage Inefficiency: If a hundred users need access to a 1GB file, you now have to store 100GB of data. This is incredibly wasteful and can become prohibitively expensive.
• Update Inefficiency: This model is even worse when it comes to updates. If the original data object changes, every single one of those hundred copies must be individually updated and re-encrypted. This process is not only slow and computationally expensive, but it also creates a high risk of data inconsistencies if even one update fails.

These conventional methods force a trade-off between security, efficiency, and flexibility. But what if you could have all three?

Cryptographically-Assured Access

The major flaw in systems today is coupling data access rights to the data itself. Instead, Switchboard introduces a method that decouples them, creating a more secure and scalable authorization system.

Decoupling Data and Access

At a high level, Switchboard models complex authorization policies as a directed multi-graph. Objects, be them users, agents, files, accounts, etc. are represented as nodes on the graph, and every node has a key (or multiple keys, if it is a data object and not a user). Permissions are represented as edges. You can imagine those permissions as colors: If a node has an unbroken path of the same color between them and an object, it means they have access to that object with the specific permission represented by that color.

Give our demo a try to see this principle in action. You can create users, objects, and permissions, and then see how the graph updates as you add or remove edges:

That’s it! All that’s left is to turn this concept into cryptography.

Deep down, Switchboard uses Proxy Re-Encryption (PRE) and clever key management. Instead of encrypting the data itself multiple times for multiple users, Switchboard instead encrypts the object with a key, creates a collection of other keys for the different permissions, and then re-encrypts these keys to the original owner of the object. All of this means only the encryption keys ever change. Actually, they just transform, which is even simpler than having to do more complicated key generation and management.

If the original owner then wants to share the object with another entity, they can transform the relevant permission key using their personal key under the PRE scheme. So, if Alice creates an object for her bank account, then she can create a read permission to Bob by re-encrypting the read key to Bob’s public key.

User Experience

When an authorized user requests the data, they receive the encrypted object and the associated permission keys. Again, this meant the user had a path between themselves and the object. The permission key is transformed edge by edge until they use their personal private key in the final step to get the access granted to them. An unauthorized user, lacking the correct personal key, fails to get access immediately.

The Upsides!

Switchboard’s methodology directly solves the problems of traditional systems and provides a host of new benefits.

• Efficiency: Because each data object is only stored once, this method is incredibly efficient in terms of storage. Furthermore, updates are seamless. When an object is modified, only that single encrypted copy needs to be changed, and the update is instantly available to all authorized users without any complex re-encryption or distribution of new keys.
• Scalability: By avoiding the storage and update burdens of older models, Switchboard scales effortlessly. Adding new users or new data objects doesn't result in an exponential increase in storage or computational load, making it ideal for complex, large-scale environments.
• Granular Control: Access is managed on a per-user, per-object basis with cryptographic precision. Revoking a user's access is as simple and instantaneous as deleting an edge in a graph database. There is no ambiguity and no possibility of a user retaining access after it has been revoked.

Complex Policies

Consider the common scenario where a group of people, perhaps a team or friends, need access to a single data object. Even more complex is a case where multiple teams need to organize multiple kinds of data into different folders and each team needs slightly different time-varying access to the different data and after a few changes are made certain privileges must be revoked or else… you get the point! Things get challenging sometimes!

For more complex policies, Switchboard introduces the concept of links. Think of links as junctions in the graph where multiple edges go in one way in order to create a more organized structure. For example, groups of users or agents and collections of objects, like accounts or pictures. This is what would allow the accounting team to form a group and organize all their documents into respective folders that can be shared with others and likewise, where others can share back to them. After all, it’s pretty common for an accounting team to need access to those quarterly reports every quarter, so just drop them in a folder, share read access with accounting for a week or two, then revoke access when they’re done!

Advanced Capabilities for Modern Needs

Switchboard's architecture also enables novel access control features. For example, by using separate cryptographic permission keys for reading and writing to an object, Switchboard can enforce granular permissions with mathematical certainty. For example, an entity such as an AI agent or server can be granted write access to append data onto an object without even being able to read it!

The Future of Data Access

Today, security practitioners have been forced to choose between security, efficiency, and flexibility when it comes to securely sharing data. Switchboard provides a new path forward. By designing a system on advanced cryptography from the ground up, we’re able to decouple access from data. While robust on the inside, the outside is a simple and efficient graph-based model for the user that allows them to get the ease of use they want.

If you’re interested in any of the technology discussed here, don't hesitate to reach out to us today! If you enjoyed this article, make sure to check out our related research on Checkpoint and MFKDF2.

Related Posts

Introducing Checkpoint: A Better Way to Share Online Accounts

2025-07-07

ResearchAuthorizationAuditingCheckpoint

Checkpoint uses novel cryptographic techniques to enable easy revocable, non-repudiable, and fine-grained sharing of any online account resource.

VN

Vivek Nair

Co-Founder & CEO

Colin Roberts: Why I’m Excited About the Future of Multifactor

2025-07-03

CompanyTeamResearch

Colin Roberts, Co-Founder and CTO, shares his journey from pure mathematics to crypto-focused startups and now Multifactor, explaining why he's excited about the future of the company.

CR

Colin Roberts

Co-Founder & CTO

MFKDF2, MFCHF2, & MFDPG2: Next-Generation Multifactor Entropy Stack

2025-06-06

ResearchAuthenticationMFKDF

MFKDF2, MFCHF2, and MFDPG2 are new user-friendly cryptographic primitives that aim to trustlessly solve the problems of the current authentication and account security.

CR

Colin Roberts

Co-Founder & CTO