Open martinheidegger opened 3 years ago
@RangerMauve and I just had an offline call. - I will need to rethink the specification. Rethought.
Updated the proposal for the use of signvectors and signing in feeds.
The Hyperledger people eventually call client
an agent
.
Is client
something used in hypercores?
agent
seems like a good name. 👍
I think other terms are good and the meaning of group
and member
here is probably exactly what we imagine it should be.
Writing notes about this https://hackmd.io/6ApfbzeSRC6Hw1nnez6vLQ?edit
perhaps also of interest @martinheidegger (if anything as related work):
Note: to follow the current progress on the permission system: https://github.com/consento-org/permissions-system-sim/pull/1
Problem We need a permission system that allows users to connect multiple devices that they control to one, equal, space. To fix this, following concept:
Permission system based on hypercores
Goal:
Non-Goal:
Vocabulary
client
- a device or identifyable through an unique id, needs to have following secrets, may or may not be known to others.group
- a set ofclients
, clearly identifyable through an unique id.member
- aclient
that is currently part of thegroup
.known-client
- a client that is or has-been part of thegroup
.shard
- a part (or the whole) of the group secret that is known to theclient
.feed
- a append-only log (aka. hypercore)entry
- a single entry of many a feedfeed
request
- an entry to the feed that is not-yet signed.write
- an special kind of entry contains therequest
and all the known signatures for the request, it is also additionally signed by themember
that initiated thewrite
confirm-receipt
- a special kind of entry that verifies that amember
received it's newshard
.group-sign-key
- a secret that allows to write to the group feed. the group-sign-key is turned into shards using Shamirs Secretsgroup-feed
- a feed ofwrites
, contains all the writes that were signed, its the same for all clients - the source of truth.client-feed
- a feed ofrequest
s, contains all the requests, one perknown-client
and it also containswrites
andconfirm-receipt
.ephemeral
- data that is not persisted but may be communicated between the known peers.outbox
- a set ofephemeral
data that contains shards used to restore agroup-sign-key
or newshard
s to be stored by each of themembers
.requestee
- themember
that initially created therequest
.state
- exposed information of the client through the API. The state exposes information about theclient-state
andrequest-state
client-state
- state of a client as seen by another clients permissionsole-owner
-client-state
of a client when the group has only oneclient
. the client can freely change other operations.pending-add
-client-state
of a client that has been requested to be added to the group but hasn't finally been added.confirming-add
-client-state
of a client that has been confirmed to be added to the group but hasn't received the good news yet!pending-remove
-client-state
of a client that was requested to be removed from the group.removed
-client-state
of a client that was successfully removed.member
-client-state
of a client that has been added to the group successfully.request-state
- state of arequest
by amember
pending
- initial state of the requestaborted
- aborted by the writer prior to writing it to thegroup-feed
processed
- request has been added to thegroup-feed
sync
- event when the latest known information of all clients has been exchanged with each other.Usage
Security and Data persistence
A client can only append to the
group-feed
with thegroup-secret
. As long as amember
is the onlymember
of group, this secret will be stored by that client, but with the second client added thegroup-secret
will be split intoshards
, to recreate thegroup-secret
we need a threshold ofn=amount(members) - 1
differentshards
. (exception: with 1 and 2 where we need allshards
)To allow the deletion of a member we need
n - 1
shards, else the last member is going to be tricky. If we would allown - 2
shards it may be the case that the writing member doesn't have the latest version of thegroup-feed
which would cause a data integrity error.During a sync process, when a
member
notices a new pending-request, it signs the the request and send it together withshard
s to each other member. Once amember
received enoughshards
and valid signatures, it restores thegroup-sign-key
and uses it to write the request, with the signatures, to thegroup-feed
.That
member
then has to "forget" about the othershard
s, and - if the members have changed - create a new set ofshard
s for each new siblings and start distributing them asephemeral
data to all othermembers
.The integrity of the
group-feed
can be verified by going through the signatures of every request.If the integrity of a
feed-entry
can not be verified, the changes will not be accepted as in-sync and themember
that wrote the change will be automatically requested to be removed (faulty member). If an entry does not even have a signature, it is assumed that thegroup-feed-secret
has been leaked. Thepeer
sending the new entry will be put on a black-list, thefeed
will not be further processed and a recommendation is given to the user to create a new group Note: the black-listing makes sure that the integrity stays intact and the system keeps on working, but it is still open to a ddos-attackA risk factor is if a
member
orknown-member
s key is lost and may be repurposed for forking thegroup-feed
. To avoid that members need to use stream-ciphers to store data when writing to theclient-feeds
and clients only store the last vector on their device. If it happens to be compromised they can not create a wrong feed.Each client needs to always store their own shard, the
group-feed
and the date of allknown-client
s. This is done to preserve the history of the operations and make the whole log audit-able.The
ephemeral
data needs to also be stored, but only until themember
has shared aconfirmed-receipt
for the arrival.The sharing of
ephemeral
data needs to be in steps:Alice
sends ephemeral data toBob
;Bob
looks if they can do anything with thatephemeral
data and only if they can'tBob
also shares their ephemeral data withAlice
. This is done to prevent parallel writes to thegroup-feed
.