Versions
Versions are immutable nodes with history, which underlie virtual mutable nodes, braids. In addition to the encrypted data and a set of references, they hold a list of up to 16 parent versions.
#![allow(unused)] fn main() { struct Version { data: Ciphertext, referencess: ReferenceSet, parents: CappedVec<16,VersionSignature>, } }
Serialization
Versions are serialized using atlv, as an array of those three fields, using the tag 1. The references must be listed in lexicographic order. As an example, a 128 byte ciphertext with a single reference to another braid and a single parent:
| offset | bytes | description |
|---|---|---|
| 00 | 81 | the tag (1) of a version |
| 01 | 43 | the array header (3 elements) |
| 02 | c1 00 | the binary header for the ciphertext (128 bytes) |
| 03…82 | ... | the ciphertext |
| 83 | 41 | the array header of the references (1 element) |
| 84 | 82 | the tag (2) of a Braid Public Key Reference |
| 85 | 81 | the tag (1) of a Schnorr-Ristretto255-Blake3 public key |
| 86 | 20 | the binary header for the public key (32 bytes) |
| 87…a6 | ... | the content of the Schnorr-Ristretto255-Blake3 public key |
| a7 | 41 | the array header of the parents (1 element) |
| a8 | 81 | the tag (1) of a Schnorr-Ristretto255-Blake3 signature |
| a9 | 30 | the binary header for the signature key (48 bytes) |
| aa…d9 | ... | the content of the Schnorr-Ristretto255-Blake3 signature |
References
There are two types of references to versions:
-
"Version Signature References" are produced by initializing a [deterministic signature] with a private key and the domain "Version Node Subscriptions: Reference: Version: Signature", feeding in the ciphertext, demarcating, feeding the serialized list of references, feeding the serialized list of parents, and finalizing.
-
"Braid Public Key References" are the public key corresponding to the public key used to sign the set of versions.
Summaries
Version Summaries are records of versions that elide the contained data.
#![allow(unused)] fn main() { struct VersionSummary { state: VerifyState, references: ReferenceSet, parents: Vec<VersionSignature>, } }
The verification state for a Version Summary is produced by initializing a [deterministic signature] with a public key and the domain "Version Node Subscriptions: Reference: Version: Signature", feeding in the ciphertext, and then extracting the state,
The reference for a Version may be verified from its Summary, by injecting the preserved verification state, feeding the serialized list of references, feeding the serialized list of parents, and finalizing.
Cryptography
Encryption
The ciphertext held within a Version is produced with using deterministic authenticated encryption with associated data, with a domain of "Versioned Node Subscriptions: Version Encryption". The associated data is the concatenation of:
- the serialized public key of the braid
- the serialized set of references
- the serialized list of parent versions
(In the above example, the second two correspond to the bytes 0x83 to the end.)
Analysis
Deterministic authenticated encryption with associated data is subject to chosen plaintext attacks, however, this is significantly mitigated by the entire history of the version being represented in the associated data. In order to identify a ciphertext, the attacker must have access to a different oracle for each guess at the plaintext.