WNFS Private File Sharing Preview

🌈WebNative🚀 Private File Sharing R&D Preview

A (Super Quick) Primer on the WebNative File System 🍱

WebNative File System Review Stack 1st & 3rd Party Dev’s App Business Logic & View API Platform Abstractions WebNative SDK ⬆ Apps ⬇ Core Technology Broadcast Collaboration, Chat, Instant Sync Soft Realtime Store Durable Structured Store WebNative Database O ine & Async Sharing Exchange Store Durable File Store WebNative File System Durable Data Command/Mutation UCAN ffl Auth & ID Global: Aggregation, Forms, Feeds Gossip Broadcast Read/Query Cryptree Networking DNS, IPFS, PubSub, Matrix Identity did:key

WebNative File System Review Grouped by User, Not by App Bob’s Photo Gallery 🖼 Alice’s Stu Bob’s Stu f f f Alice’s Music Player 🎶 Carol’s Stu Carol’s Videogame 👾

WebNative File System Review Hard & Soft Links • Hard links • New for the web! • Direct reference • 2 pointers ~ duplicate • Soft links • Like a symlink or web link • 2 pointers ~ latest • May break • Always some version available

WebNative File System Review WNFS Layout alice.fission.name Private Public Photos Avatars Apps Photos Family Photos Apps My Gallery Shared By Me Keys and Keys Keysand and Pointers Pointers Pointers Shared w/ Me Keys and Pointers

WebNative File System Review Private Nodes 🙈 CBOR Binary Encrypted Node 🔒 AES256 + 🔑 Virtual Node = Index 🔑 🔑 Metadata 🔑

WebNative File System Review Subtree Read Access

WebNative File System Review Encrypted Tree Scrambles Structure 🔑

Private File Sharing Mechanics Fast Async File Exchange 📥🤝📤

Private File Sharing Mechanics WNFS Layout alice.fission.name Private Public Photos Avatars Apps Photos Family Photos Apps My Gallery Shared By Me Keys and Keys Keysand and Pointers Pointers Pointers Shared w/ Me Keys and Pointers

Private File Sharing Mechanics The Problem • Sharing credentials is trivial when you are both online • What when a user is o ine? • Trust keys to a server? • Password? • That’s less secure & clunky! ffl • Requires out of band communications: email / SMS / in person

Private File Sharing Mechanics The Solution: Key Exchange 🪆 • DH is very battle tested ⚔ • Standardize on RSA-2048 (at least for now) • Contains a 256-bit AES key • Each device needs its own exchange keys (non-exportable) • Used exclusively for exchange (not your main DID key) • Exchange key (transfer data) • Signing key (sign data) RSA-2048 AES-256 Files

Private File Sharing Mechanics File Sharing did:key:zStEksDrxkwYmpzqB did:key:zStEksDrxkwYmpzqB StEksDrxkwYmpzqBdAQjjx1P dAQjjx1PRbHG3fq4ChGeJcYU dAQjjx1PRbHG3fq4ChGeJcYU RbHG3fq4ChGeJcYUYU44a4C YU44a4CBUExTTjeCbop6Uur YU44a4CBUExTTjeCbop6Uur BUExTTjeCbop6Uur Human Readable Name 🔑 Symlink

Private File Sharing Mechanics How to Broadcast Public Keys? • Use the file system itself! • Roughly like a .well-known • Public keys are… public (safe to broadcast) • Deterministic discovery by name • DNS (username) ➡ WNFS(user) ➡ Exchange Keys

Private File Sharing Mechanics Plug the Leaks! 🚿 • Store in private the same tree as the private file system • Index name is di erent / the space is huge • More than the number of atoms in the known universe 🌌 • hash(${senderExchangeKey}${recipientExchangeKey}) • You know all of your keys, and all of their keys • O(|recipientKeys|) creation, O(|senderKeys|) lookup ff • Typically in low single digits, fast on human time scales, infrequent

Private File Sharing Lookup User Entry (stable) Foreign Entrypoint(s) — Set 1 🔑 🔑 Symlink(s) Implied Name 🔑 🔑 Foreign Entrypoint(s) — Set 2 🔑 • Entrypoint names: hash(encryptAES(${impliedName}${setVersion})) Symlink(s)

Private File Sharing Mechanics Don’t You Forget About Me 🎶 User Entry (stable) Sender Private WNFS 🔑 Implied Name 🔑 Foreign Entrypoint(s) 🔑 Symlink(s) Receiver Private WNFS

Private File Sharing Mechanics What Does This Get Us? • Async sharing • Secure • Performant • Automated discovery of new files • Key based • Possible to do anonymous link-based sharing • Builds on existing WNFS implementation

😄 Thank You 🎉