Encrypted Content Addressed Storage

[BrendanBenshoof]

This idea attempts to allow for Content-addressed-style storage, but allows content to be encrypted such that only the possessor of the content's hash/identifier can read it. I expect this idea is not novel, and the core motivation of this post is to show it to people until can get pointed at existing discussion.

The consequences of this, are that 3rd parties storing the content without knowing the identifier cannot examine the contents.

The basic model of Content Addressing on a DHT:

Store(value):
    id = Hash(value)
    dht.store(id, value)
    return id

Get(id):
   value = dht.get(id)
   assert hash(value) == id
   return value

Essentially one key is used to refer to the content (id)

The proposed modification is to have 2 keys that refer to content. (secret_id, public_id) that that the secret_id is all that is required to retrieve the data and that anybody re-storing the data does not redundantly store a different encrypted version on the content.

Estore(value):
    private_id = Hash(value)
    public_id  = Hash(private_id)
    C = Encrypt(private_id, value)
    DHT.store(public_id, C)
    return private_id

Eget(private_id):
    public_id = Hash(private_id)
    C = DHT.get(public_id)
    value = Decrypt(private_id, C)
   assert hash(value) == private_id
   return value

Potential concerns:

• trying to generate the private_id from the public_id might be easier than the default hash reversal case because of the limited range of values private_hash can take.
• The "private_id" must be securely transported to maintain privacy
• Is the "plausible deniability" provided here worth the cost?
• Once a block is "outed" it can be easily identified because the key cannot be changed. This could be a feature allowing blacklisting of "known illegal" content?

As encryption schemes go, this one is rather weak, from a system design perspective, this might be a boon (solution to wanting encryption + deniability vs wanting to be able to allow users to blacklist content)

[BrendanBenshoof]

Existing implementation: Tahoe-lafs https://tahoe-lafs.org/trac/tahoe-lafs/browser/docs/architecture.rst#security

[keks]

I wrote my bachelor thesis about this. I implemented a Go program but its very hacky and only a proof-of-concept. Maybe the thesis is some help, but if you want I can also give you the code. Tell me if you're interested.

Also, Mihir Bellare et al. published a paper examining convergent encryption schemes called Message Locked Encryption.