Self Encryption on the SAFE Network


#1

Deletable Data, and Secure uses for Structured Data
Can maidsafe be greater than any coin allt out there?
#2

Where is the Data Map itself stored? Is it in the first X KB/MB of one’s SAFE “disk”?


#3

Thats the authentication tokens. Basically you get back the key to your root directory and can iterate through directories which are transaction data on the network (the locking thing I mentioned a few days back, that we do not expose yet).

So log in get back root key, then iterate dirs and each dir is a collection of data maps and metadata per file. The login packet has access to some keys, but most are kept in another directory which you only access when needed, to keep keys out of memory and off any machine you are on, unless necessary, then we use then quick and overwrite the memory they were in via secureblocks from cryptopp and a brute force memcpy in c.

Still long way to go in securing client machines, but thats another story :smiley:


#4

Thanks for making a video for us visual learners. It’s much appreciated as we all try and get more familiar with such a novel tech. Also, thanks David Irvine for clearing up the more fine grained questions.

Whoever the voice for the video is, IMO, you should have them do any promo you put out. I could listen to that accent all day.


#5

That’s Shona in Troon, she also did the Ant T Shirt design and will be doing a wee plane design as well :slight_smile:


#6

Great explanation vid, but as a (sound engineer) I have to complain about the sound. @Shona you need a popshield to “improve you your vocal recordings whilst also protecting your valuable microphone”.

I totally agree


#7

Yeah I’m into audio also, but I don’t think the pops were too bad for an in-house production. Sounds like a headset mic was used, which should probably have a foam filter available.


#8

@Shona is married to a sound Engineer who made her go home and go under a duvet or something she was telling me. Ash seems to be pretty good at helping out with that kind of thing, I am sure it will just get better and better. I need to ask her to have a bit more broad accent though just to keep @happybeing smiling :smiley:


#9

Thanks for the kind comments everyone! The duvet wasn’t needed after all David! My husband kindly gave up his day to help out and borrowed some equipment so that we could do this at no extra cost. Trust me - the sound is a whole lot better than it was before he heard it and insisted he help me re-record it!! :wink: Apparently we used a focusrite 2i2 usb interface for recording and the mic was a Shure microflex microphone (I’m sure that means more to some of you than it does to me!) Anyway, thanks for the suggestions, we will keep them in mind for the next one and as David says, they’ll keep getting better!


#10

@dirvine and @shona, I’m sorry to be the one person suggesting your accent made the video a little difficult to follow, but I think it was an issue and could be much harder for non-English speakers as it was for me, and I’m very familiar with our UK accents of course. The sound quality was excellent, as was the animation itself, and still very useful for sharing which I did on several networks.

Feel free to think of me as perfectionist or picky, or just annoyingly English, because I am guilty of all those :slight_smile:


#11

Guys if anyone has a problem with understanding these educational videos:
a) Feel free to ask about parts you don’t understand
b) Feel free to rehash them with your own narration and music
c) Feel free to help with keying in the captions right into the video

The non-existing matter of accent is off topic and the same accent is used in most MaidSafe videos. Please open a topic on all narrated MaidSafe videos in the “off-topic section”. I won’t visit it because I like the accent.

Regarding these videos, I am hoping that they’ll be moved to MaidSafe in the testnet3 or beta stage.
Astonishingly the bozos at YouTube won’t even play this video if your preferences are set to Safe Mode (mine are, but just because I’m using my employer’s notebook and can’t exercise my freedoms).


#12

@janitor my comment about accent was not off-topic or about aesthetics, it was about ease of understanding. I like the many Scottish accents, and many others.


#13

My point is that there’s always some accent that someone will find difficult to understand. For example in East Asia people generally understand North American English accents much better than others. If it’s about the ease of understanding world-wide, American English should be given priority.


#14

#15

I think translating to Mandarin Chinese would be a good idea as it’s the most used world language and probably our biggest market - I’d love to hear that in a Scottish accent…


#16

Where can I find a more detailed description of “self encryption”?

A few aspects of the crypto seem shaky, but I’d like to confirm after seeing a formal description of the algorithm.


#17

WE have a task to redo the paper to current algorithm, which parts in particular?, if the AES implementation then the code is https://github.com/maidsafe/MaidSafe-Encrypt/blob/next/src/maidsafe/encrypt/self_encryptor.cc which uses cryptopp by Wei.

Can you describe what shaky means in this case, we are always looking for peer review?


#18

I’m just looking for a more formal high-level algorithm (not low level libraries or block ciphers used). From what I understand it’s:

  1. Document d is broken up into chunks ci
  2. Map keys are H(ci)
  3. Map values for ci are EH(ci+1)(ci) XOR <some combination of hashes of c_j’s>
    (where H is a hash and E is a block cipher)

And to retrieve a document, is all you need hashes of all of its chunks?

Regarding “shaky”, here are a few of my concerns:

  1. Can anyone query to see if a chunk with bytes B exsits (all they need to is query for hash(B))?
    • if so, then it is trivial to confirm if a piece of data exists in the network. (This may be unavoidable given the goal of de-deuplication and is not necessarily bad, but it’s good to know if it’s the case)
    • also, what if two chunks are identical, but are parts of different files – won’t they have the same key, but different “post encryption” values?
  2. The keys used are based off of hashes of arbitrary data, right? This data can have very low entropy, so brute-forcing keys is feasible (it’s not clear what this could get you without knowing the answer to 3 below).
  3. What’s the rationale for the XORing? And what exactly gets XORed with what?

#19

Hope this helps

1: Yes you can, if the data is not unique (as it can be made to be in all cases, private data will likely be) then it can be recognisable with some difficulty (big point is so what, the network should not allow removal or corruption and certainly not tracing who reads/writes it), in the other issue the chunk being the same is not an issue, there is a sliding window approach so the other chunks pollute this one.

2: No its not arbitrary data its the pre encryption hash, so a part of the actual data (so to know what these are you need the original data). They are not keys as you see them here, the hash forms a key (which may be low entropy) and IV, other hashes are used as the XOR component.

3: This is in the video I think, c1 would be xored with a concatenation of c2 and c3 (its actually backward in a cyclic manner)

Many folks say 3 is fluff, I see it a lot, as if you can add a mechanism to AES encrypted data that reduces its effectiveness (which would be in itself an AES attack in that case). Convergent encryption uses a hash mechanism for full file encryption (which I dislike as file size is maintained).

I wrote a bit about this here http://metaquestions.me/2014/08/17/proof-of-storage-maidsafe-part-ii/
and http://metaquestions.me/2014/08/27/proof-of-storage-maidsafe-part-ii-follow-up-video/ with links to docs and code.

I hope this helps a wee bit shout if not.


#20

http://maidsafe.net/SystemDocs/system_components/self_encryption.html