Accessing Purchased Content

[eukreign]

Problem Statement

A core feature of LBRY is buying and selling content. Once content is purchased and downloaded via DHT/P2P the buyer needs to be granted access to that content: this is done via a decryption key which can decrypt the blobs representing the purchased content. This proposal addresses the problem of getting the decryption key to the user after purchase.

Requirements

• Decentralized: There should not be a requirement for the publisher to be online 24/7 and become a centralized bottleneck in negotiating and distribute decryption keys. Distributing keys should be on par in scalability and performance with distributing the content blobs themselves: without blobs the key is useless and without the key the blobs are useless.

• Pragmatic: Keeps honest people honest without introducing complex security systems easily circumventable by determined malicious users.

Solution

This proposal assumes the acceptance of #6 or similar proposal where a public key chosen by the buyer is referenced by a valid purchase transaction, signifying that anyone with the associated private key should have access to the content.

This proposal also requires adding a hash of the content decryption key to the claim metadata.

Using the same or similar DHT/P2P mechanism as used for content blobs the publisher would announce a hash of the decryption key. Unlike for blobs, a peer requesting the value of the decryption key hash would be required to provide the txid of the purchase transaction associated with that content decryption key and get back a decryption key encrypted using the public key referenced in the tx. Roughly the process is the following:

1. Publisher/peer announces hashes of the blobs and the decryption key to the DHT.
2. A buyer extracts the sd_blob hash and decryption key hash from the claim metadata and begins to search for those hashes on the DHT.
3. Publisher/peer with content sd_blob is found and things progress as they do in current implementation.
4. Publisher/peer with the decryption key is found and the buyer begins the following interaction: a. Send a request for the key and include the txid which should be used as proof of purchase. b. Peer will lookup the tx and extract the public key referenced by the tx. c. Peer will encrypt the decryption key using the referenced public key. d. Peer will send the encrypted decryption key to the buyer. Optionally, peer may charge for this service using the same mechanism as blob streaming fees. e. If buyer provided the correct txid for which they have the private key, then they can decrypt the content decryption key received from the peer and begin decrypting the content blobs.
5. Buyer now begins to host the blobs via DHT/P2P and also becomes another distributor of the decryption key following the same steps as in 4 above.

[lyoshenka]

Could you explain how this is better than our current system of putting the key in the manifest blob? It seems like its just an extra step that doesn't provide any more security and potentially reduces the convenience (what if no peer for the key are found?). What am I missing?

[eukreign]

The main point of this is to decouple hosting and spreading the content from having access to decrypt and view the content.

Enables things like:

1. I can make sure the content exists and I'm able to download it before spending any LBC.
2. Blob hosting services can host content without having to buy it themselves for the benefit of improved performance for their users.
3. Major content creators can distribute their content to blob hosting services and even regular users prior to making it available for purchase. For example, if they are releasing a very large piece of content and they want users to have it downloaded before the schedule release they can make the content available early for users with slow connections and then make the key to unlock the content available later during the scheduled release.
4. It's intended to work really nicely with #6 so that all you need is your account seed to regain access to all of your previously purchased content.

[lyoshenka]

1 is possible today. Just pay after you get the full stream. 2 is possible today, especially with reflector. Reflector accepts blobs from anyone for free, and rehosts them. It does not pay for the content that is sent to it. 3 is possible today by putting the content on the DHT before putting the claim on the blockchain. Regarding distributing it to regular users, I don't understand when someone would need something so badly that they'd want to download it before it can be decrypted. Can you give some examples?

In general,

This proposal addresses the problem of getting the decryption key to the user after purchase.

Is this a problem we have?

[eukreign]

I thought that enforcing payments in the client was only a temporary solution but if that is the permanent solution then this proposal can be closed.

[eukreign]

re-opening this to keep it on the main list of proposals, for posterity