On 11/05/15 17:00, Trevor Perrin wrote: > I agree this is straightforward. It's just two basic ideas: > - clients passing around a (symmetric key, hash) that decrypts and > authenticates some server-stored file > - recursively storing (symmetric key, hash) "read-caps" inside > server-stored files to construct directory trees, so that giving > someone a single read-cap recursively grants access to a larger number > of files > > Tahoe explains this well and has a nice term for it. If there are > earlier/better examples I'd like to see them.
The earliest system I know of that did something like this was Freenet. A content hash key (CHK) in Freenet is like a read-cap. It consists of the hash of a block of ciphertext and a symmetric key for decrypting it. Nodes storing and forwarding the data only know the hash, not the key. (Originally the key was derived from the plaintext, so independently published copies of the same file would produce the same ciphertext, but I believe that was changed to protect the anonymity of publishers.) Large files can be represented as hash trees, where the leaf blocks contain data and the non-leaf blocks contain CHKs for their children. Mutable directories are implemented using signed subspace keys (SSKs) based on public/private key pairs. I don't know whether immutable directories based on CHKs also exist, but in theory they're possible. Tangler and SFS, from around the same time, had hash-based directory hierarchies, but I can't remember whether they separated the decryption key from the hash like Freenet did. Cheers, Michael
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
