defradb icon indicating copy to clipboard operation
defradb copied to clipboard

Published 20 hours ago verified publisher icon sourcenetwork

Doc Encryption: Ensure 2-heads scenarios are secure and consistent

Open islamaliev opened this issue 8 months ago • 0 comments

Enhance our code to handle scenarios where encryption states or keys may diverge across different document versions. This task addresses potential vulnerabilities and edge cases in our current implementation, particularly focusing on situations where encryption states or keys differ between document heads. Implement the following test scenarios:

  • Encryption Disable Conflict: Set up two peers synced on an encrypted document. Have one peer update the document normally, while the other peer updates and disables encryption simultaneously. Verify that the system correctly handles the resulting two heads with different encryption states. Should the resulting state be encrypted? Or should we just lexicographically decide which block takes precedence? Or should we decrypt one, merge lexicographically both and make it encrypted?
  • Encryption Enable Conflict: Similar to previous one: set up two peers synced on an not encrypted document. Have one peer update the document normally, while the other peer updates and enable encryption simultaneously. The same questions arise. At the moment MerkleClock when adding a delta (new head) checks if the delta should be encrypted by reading the current heads. If any of current heads is encrypted, then the new one is also set be encrypted.
  • Encryption Key Update Conflict: Simulate two clients simultaneously updating a field with new encryption keys, effectively revoking the old one. This results in two heads with different encryption keys. Extend the test to include continued updates on both branches and verify that the system eventually converges to a single state.

For handling these conflicts, implement a deterministic resolution mechanism. In the absence of a document anchoring system (which would provide total ordering), we can use a lexicographical ordering of encrypted deltas or block CIDs (key IDs?) to determine which encryption state "wins" when conflicts occur.

Note: While these scenarios are currently considered edge cases, implementing and testing them will significantly enhance the robustness of our encryption system. This task lays the groundwork for future integration with more advanced features like document anchoring, which could provide stronger guarantees for ordering and conflict resolution.

Requires #2894

Might include #2910

islamaliev avatar Jun 25 '24 10:06 islamaliev