3.6 KiB
Peergos
Peergos is an e2e encrypted storage, social and application protocol and platform. It is built on top of IPFS. More information is available in their book or their source.
Identity
There is a global append-only log for the public key to username mappings. This is mirrored on every node in the peergos system. Names are taken on a first come first served basis. Consensus is currently a single server, but long term this would make sense to put into a stripped down blockchain for more decentralization.
Login and key management: A peergos user's private keys are derived every time they log in using their username, password and a published salt. Specifically, a signing keypair, boxing keypair, and symmetric key is derived. Users store their friends keys in their encrypted storage space in a TOFU keystore. Users can verify key of friends in person or over the phone using QR codes or fingerprints.
This enables multiple device support, and no awkward key management UX. The user never needs to see a key or a hash.
Data storage
Each user must have at least one peergos server. The servers run an instance of IPFS. Data is content-addressed: stored in mappings from hash to data. During upload the client splits files into 5 MiB chunks which are each independently encrypted (along with encrypted metadata) and stored in a merkle-CHAMP (compressed hash array mapped prefix trie) in ipfs. Directories can't be distinguished from small files, nor are the sizes of files, or the number of files, or directory structure, or who has access to them visible to the server.
The user lists the IPFS node id of the server (hash of its public key). It synchronizes their writes and displays the latest root hashes. Data is always encrypted on the servers. The servers are in fact trustless - in that they don't have access to any sensitive information, and clients don't rely on them for authenticity or privacy. Furthermore, the servers don't trust IPFS, or the data store (which can be further removed, e.g. S3).
Social
Users can follow each other. Follow requests are sent through a user’s storage server, which is contacted via its public key. Follows are one-way, and allow sharing files and sending messages. Critically, the server never sees who is following who (even follow requests are blinded). You store your own social graph encrypted in your peergos space.
Privacy and Access Control
All encryption happens on the client, which might be a native peergos client, or just a browser. The Peergos nodes (the servers) don't have access to any metadata.
Access to files gained through social follows can be revoked by rotating cryptographic keys. Access is hierarchical, and stored in an encrypted structure call cryptree.
Access is controlled through cryptographic capabilities. A read-only capability consists of the hash of the public key of the owner of the file, the writer of the file, a random label, and a symmetric encryption key: (owner hash, writer hash, 32 byte random label, 32 byte symmetric key)
A writable capability additionally includes the privat eky corresponding to the writer key, which is used to sign updates.
A user can publish a capability of a file or folder they control which makes it publicly visible.
A user can also share secret links to files, like a google doc "share" link, which lets anyone who views it view the file. These secret links still don't expose the file to the server. The file is not transmitted unencrypted over the network, as the key to decrypt it is in the URL itself, and is interpreted locally in the browser.