bee icon indicating copy to clipboard operation
bee copied to clipboard
verified publisher icon ethersphere

Bytes upload with pre-defined key

Open nugaon opened this issue 4 months ago • 1 comments

Summary

Add support for pre-defined encryption keys at /bytes endpoint uploads. Currently, encryption keys are randomly generated internally, but users should be able to specify their own keys for deterministic encryption.

Motivation

Enable efficient encrypted streaming where all stream segments are encrypted by a pre-defined key derived from the same seed.

The seed could be shared in an ACT among participants instead of creating ACT for each stream segment (or even for unrelated content since this seed should change only in case of participant list change).

Implementation

  • Add optional header to /bytes endpoint: Swarm-Encryption-Key
    • Swarm-Encrypt: true header should be passed with it to keep the correctness of its definition.
  • Modify encryption pipeline and hashtrie components

Drawbacks

  • User responsibility for secure key generation

nugaon avatar Aug 29 '25 07:08 nugaon

@nugaon Why /bytes specifically? Why not include e.g /bzz too?

Cafe137 avatar Sep 16 '25 14:09 Cafe137