A presentation at IPFS Security WG by Brooklyn Zelenka
Fission Web Native File System (WNFS) IPFS Security Working Group — Lightning Talk
Constraints 📱Mass Market Use Case • User controlled — data & ID, local first, &c • Vanilla browser, incl. mobile (browser is a hostile environment) • No plugins, no hardware wallets • As-good-or-better security than web 2 • User friendly, don’t assume expertise, common UX expectations • Subgraph access control (re-share subsets of data you have access to)
File System boris.fission.name 🛠 High Level Layout Public Photos Avatars Private Apps Shared By Me Photos Apps Family Photos My Gallery Keys and Keys Keysand and Pointers Pointers Pointers Shared w/ Me Keys and Pointers
Common Concepts 🛠🌐 Virtual Nodes Raw Node File Node Raw Data Metadata Directory Node Index Metadata
File System Generation 0 🛠 The z-dimension: versioning & events Photos@r0 ChildEvent Vacation Avatars@r0 beach.png caricature.jpg Generation 1 Photos@r1 InsertNew Revision 0 headshot.png Revision 1 🕙 Avatars@r1
Private Nodes 🤫
Private Nodes 🛠 Components CBOR Binary Encrypted Node 🔒 256-bit AES-GCM + 🔑 Virtual Node = Index 🔑 🔑 Metadata 🔑
Private Nodes Namefilters • Constraints: • bareFilter • Deterministic • • parentFilte • AND bloom(SHA(aesKey) Versioned • AND bloom(SHA(aesKey ++ revision) • Addressable • Saturation • Prove subpath for UCAN • nameFilter AND bloom(SHA(nameFilter) • Minimal knowledge • Repeat until threshold bits flipped ) ) ) r • AES keys ~ path segments but secret
Private Nodes 🌐 Private Data Store Pre x Tree 16^3 = 4,096 items (weight 16) 16^4 = 65,536 items fi Append-only Quick Read/Write Merkleized Concurrency Friendly 🔑
Private Nodes 🔐 Serverless Auth in the Browser (UCAN) • OCAP, provable chains, revocable • Non-exportable RSA2048/Ed25519
for free. You
can too.