Content on Autonomi is stored as encrypted chunks. The original content can be recreated from these chunks, provided we have a map of where the chunks are plus the keys to decrypt them. A 'file' on the Network is really a collection of chunks, with a datamap that allows us to discover all the chunks and decrypt the file.
Files are kept in folders which are created as part of the Self-Encryption process and are encrypted, meaning their contents are only accessible to their owner by default.
The API for upload by default self-encrypts all files.
All content on Autonomi is encrypted by default. When content is stored on the Network it is first broken into chunks, hashed and then encrypted and these chunks are themselves encrypted using the hash of another chunk from the same file. This is ‘self-encryption’—a method patented by MaidSafe but now open-sourced. When content is made public, its containing folder is decrypted, meaning anyone can reassemble the chunks.
At the network level, the Autonomi uses the TCP, UTP and µTP protocols and all the data moved by these protocols is encrypted from 'bit 1'.
So communications between the Network and the user are always encrypted, never in plain text. Note that any node on the Network can be used as a bootstrap server so long as its IP address is added to the configuration file of the joining node. It does not have to be one provided by MaidSafe.
All content (documents, images, videos, etc.) on Autonomi are encrypted.
When a client uploads a piece of content to the Network (for example a video) it is first broken into chunks. Those chunks are then ‘self-encrypted’, a process patented by MaidSafe by which each chunk is encrypted using its own hash and the hashes of the two previous chunks in the same file. These encrypted chunks are then hashed again to arrive at the XOR Network address where the chunk will be stored.
At the same time, a ‘data map’ is created on the client device, which maps the chunk number to the XOR network address of the chunk and the hash to decrypt it and its two successors, allowing the content to be recreated. A number of copies of each chunk are stored by nodes in the Section to ensure redundancy.
Data maps and other metadata are not encrypted, but on the network they are kept inside encrypted folders if the data is private.
The client retains the data map for the content it has uploaded and keys to decrypt it locally. That way no keys or passwords need ever leave a person's device. Users can choose to share content with others by sharing their keys / data map with them. They can also choose to make the content fully public, in which case the folders containing the relevant files are unencrypted.
Autonomi uses several layers of encryption to protect a user's anonymity and privacy. The Network is designed to be as 'zero-knowledge' as possible, to the extent that node operators cannot possibly figure out what chunks from which private file they are storing — even if it's their own.
By utilizing multiple levels of encryption, Autonomi provides a platform for applications that is both highly secure and anonymized by design.
With data self-encrypted, and its many parts stored by their content address throughout the Network, any one single point of file access is removed, as by default the map to this data is not publicly accessible on the Network. Self-Authentication means access to this data, and the means to reassemble it into information, always resides with the user, never leaving their device (i.e. not accessible to a ‘cloud’).
Another key innovation of the Network—at no point does the Network ever store a user’s credentials, there is no chance of passwords being attacked, nor can any user’s data (individual, collective or organisation) be targeted on or via the Network.
The authentication system utilises Boneh-Lynn-Shacham Distributed Key Generation (BLS), so that users can securely and anonymously access data, with no central server required to mediate the login process, nor are trusted third parties to store and manage the users’ credentials. It means users can reliably and securely access data from any machine, without ever sending or sharing their details.
Furthermore, it also allows for multi-signature credentials for permission-less recovery, without a single point of failure.
Loading...