Select Page
Introducing the Access Control Trie (ACT) in Swarm

Introducing the Access Control Trie (ACT) in Swarm

by András Arányi

The Access Control Trie (ACT) is an essential feature designed to manage access control in Swarm’s decentralized storage infrastructure. It enables publishers to grant or revoke access to specific content at the chunk level using encrypted session keys. This guide will walk you through the key concepts and practical aspects of using ACT to protect your data in Swarm.

If you’re a content publisher and looking for a way to share data but maintain full control and privacy, you might find that the below concept of a fully fledged access control mechanism covers all your needs.

Content Publishers

⚠️ TLDR: Publishers can control access to their data by encrypting access keys for each viewer and adding/removing them from the ACT lookup table. ⚠️

As a publisher, you have full control over who can view your content. Using ACT, you can upload your data and grant access to specific grantees (viewers) by referring to their Swarm node wallets’ public keys. Additionally, you can revoke access at any time, ensuring that only authorized viewers have the ability to access your data.

What makes ACT unique is that, as opposed to other solutions which only encrypt data, ACT ensures that only the intended viewers will have access to the data. Everyone else is blocked, even from discovering an encrypted version of it. This significantly increases the privacy and security of your content, preventing unauthorized users from knowing the data even exists.

How to manage access:

  1. Upload your content to Swarm as you normally would, but with ACT request headers included.
  2. Assign access rights by adding the grantee’s public key to the ACT.
  3. If needed, revoke access by removing the grantee from the ACT.

Keep in mind: Publishers can control the latest version of content that grantees are able to access. If you update your content, viewers might still have access to an older version if they were granted access to that earlier version before.

You can learn more about how to manage access using tools like swarm-cli by following the tutorial in the Swarm documentation. These features are also fully supported by the Bee API (starting from version 7.0+), enabling any application to interact with them directly.

Grantees (Content Viewers)

⚠️ TLDR: Grantees can access the specific version of content that the publisher has granted access to, but may lose access to future versions if revoked. ⚠️

As a grantee, your ability to view the content is based on the public key of your Swarm node’s wallet and depends on the permission granted by the publisher. The process for gaining access is simple and secure, thanks to ACT’s encryption mechanisms.

How it works:

  • Your Swarm node wallet’s public key is used as a session key, which is then used to create two additional keys:
    • A lookup key to find your entry in the ACT lookup table.
    • An access key decryption key, allowing you to decrypt the content access key specifically encrypted for you.

This ensures that only you can decrypt the content, and you can retrieve the version of the content you have (or have had) permission for.

How ACT Manages Grantee Access

ACT employs a sophisticated mechanism to manage grantee access using public-key cryptography and secure key derivation. At the heart of this system is the ACT lookup table, a key-value store that securely links each grantee’s Swarm node wallet’s public key to an encrypted access key. Here’s a breakdown of how it works:

  1. Session Key:
    Each grantee’s Swarm node’s public and private key pair serves as their unique session key. This session key is crucial because it forms the basis for all further encryption steps related to the grantee’s access.
  2. Key Derivation via Diffie-Hellman:
    Using Diffie-Hellman key derivation, the session key is used to derive two important keys:
    • Lookup Key: This key is used to identify the specific entry for a grantee in the ACT lookup table.
    • Access Key Decryption Key: This key is used to decrypt the access key, which in turn allows the grantee to unlock the protected content.
  3. Encrypted Access Keys:
    The content access key is encrypted specifically for each grantee using their derived decryption key. This ensures that only the intended grantee can decrypt the access key and thus view the content. This per-grantee encryption adds a layer of security, preventing unauthorized access even if someone else obtains the encrypted data.
  4. ACT Lookup Table:
    The lookup table itself is implemented as a key-value store within a Swarm manifest. Each grantee’s public key maps to an encrypted access key, ensuring that only authorized users with the correct session and decryption keys can retrieve the access key and, subsequently, the content. This table allows publishers to manage access dynamically, adding or removing grantees as needed without compromising the security of the stored content.
  5. Adding and Removing Grantees:
    Publishers have the flexibility to dynamically add or remove grantees from the lookup table. When a grantee is added, their public key and the corresponding encrypted access key are stored in the lookup table.

Version Control and Historical Access:
The ACT maintains a version history, which includes timestamps for each version of the access control list. If a grantee’s access is revoked for new versions of the content, they can still access older versions to which they had been granted permission, based on the relevant timestamps.

Encryption and Security in ACT

⚠️ TLDR: Every element in the ACT process is encrypted, ensuring complete security of content and access control. ⚠️

As demonstrated earlier, encryption is central to how ACT is implemented. Every component, from the grantee list to the content access keys, is encrypted using strong cryptographic methods. This ensures that only authorized users can access your data, and any tampering or unauthorized access is effectively prevented.

Here’s how encryption is applied:

  • Grantee List Encryption:
    The list of grantees is encrypted using the publisher’s lookup key, ensuring that unauthorized users cannot even detect the existence of the grantee list. This adds another layer of privacy, as only the publisher and authorized grantees are aware of who has access.
  • Access Key Encryption:
    Each grantee’s access key is individually encrypted using their specific decryption key derived through the Diffie-Hellman process. This ensures that only the intended grantee can decrypt the access key and gain access to the protected content.
  • Historical Version Encryption:
    All versions of the ACT, including older ones, are protected by encryption. This means that even if a grantee’s access is revoked, the historical data they had access to remains encrypted and secure.

Content Encryption:
Finally, the actual content itself is encrypted at the chunk level. Only those who possess the correct access key (which is encrypted for each grantee) can decrypt and retrieve the content.

Key Takeaways

  • Publishers: Maintain control over your data and manage grantee access with fine-grained control using ACT. You can easily add or remove access rights and ensure your data is always protected by encryption.
  • Grantees: Access specific versions of content securely, knowing that only you have the ability to decrypt the content you’ve been granted access to.

For anyone operating in the Swarm ecosystem, the Access Control Trie (ACT) represents a critical advancement in decentralized content management, offering robust security while maintaining flexibility in access control.

If you’re interested in learning more about how ACT works or how to implement it in your Swarm nodes, have a look at the Swarm documentation.

Mastering Digital Sovereignty: Unlocking the Power of Decentralised Data

Mastering Digital Sovereignty: Unlocking the Power of Decentralised Data


A Paradigm Shift in the Digital World

In the rapidly evolving landscape of blockchain technology, a new narrative is unfolding – one where decentralised data stands as a cornerstone, akin to the groundbreaking emergence of Bitcoin and Ethereum. Today, our digital existence, encapsulated in browser history and sensitive information, is often exploited. This exploitation, largely unseen, leads to significant and sometimes alarming consequences.

Reclaiming Control: The Essence of Digital Sovereignty

The rise of digital interactions has paradoxically led to a loss of control over our digital identities. This trend highlights the urgent need for heightened awareness and protection of our online data. High-profile data breaches, like MGM’s and recent cybersecurity incidents involving major crypto platforms, have laid bare the vulnerabilities inherent in centralised systems.

Decentralisation vs. Digital Sovereignty: Understanding the Difference

While these terms are often used interchangeably, they encapsulate different aspects of online autonomy. Digital sovereignty is about controlling and owning your online identity, leveraging tools that ensure self-governance of personal data. Decentralisation, on the other hand, is the architectural distribution of control, aimed at reducing dependency on single entities and creating a more resilient digital ecosystem.

The Role of Decentralised Data in Empowering Users

Decentralised data is not just about the technical redistribution of control; it’s about crafting a digital landscape where users can assert their sovereignty. By adopting decentralised structures, like those found in blockchain technology, users gain more autonomy over their digital interactions, ensuring that their data remains secure, private, and within their control.

Embrace the Digital Sovereignty Movement

As we step into this new era, the call to embrace digital sovereignty grows louder. It’s no longer sufficient to be passive participants in the digital realm. Instead, we must actively engage with technologies that empower us, ensuring that our digital trails are not exploited but protected. Decentralised data offers a path to this future, one where each individual’s digital identity is safeguarded and respected.


The Journey Toward a Sovereign Digital Identity: Embracing Ethereum Swarm with Solar Punk’s Expertise

As we journey toward a future underpinned by digital sovereignty, the role of decentralised data becomes increasingly crucial. Ethereum Swarm emerges as a pivotal technology in this landscape, offering a robust platform for creating fully decentralised applications. This technology not only ensures data security and privacy but also aligns with the ethos of a decentralised, user-empowered digital world.

For those looking to harness the full potential of decentralised data in their dApp development, Solar Punk is here to guide and assist. Our expertise in building on Ethereum Swarm enables us to help you create dApps that are not just technologically advanced but also deeply committed to the principles of digital sovereignty and user autonomy.

We encourage you to explore the possibilities that Ethereum Swarm offers. If you’re ready to embark on this path and want your project to stand at the forefront of digital innovation, reach out to us here. Together, we can build a future where digital ownership and creativity are fully harnessed through the power of decentralised data.

A Beginner’s Guide to NFT dApp Creation and Launching: Best Practices

A Beginner’s Guide to NFT dApp Creation and Launching: Best Practices

In the ever-evolving landscape of blockchain technology, two phenomena stand out for their transformative potential: Non-fungible Tokens (NFTs) and Decentralised Applications (dApps). While they serve distinct purposes, their intersection creates a synergy that is revolutionising the way we think about digital ownership, creative monetisation, and decentralised finance.

The Role of NFTs in dApps

NFTs in dApps are redefining digital interactions. They’re not just about tokenizing digital art or collectibles; they’re also creating new paradigms in gaming, virtual real estate, and even in DeFi (Decentralised Finance). By representing unique digital and real-world assets, NFTs within dApps facilitate true ownership, transferability, and programmable features.

The Evolving Landscape of NFT dApps

NFT dApps are blockchain-based platforms enabling the creation, trading, and ownership of unique digital assets. This evolution is particularly visible in sectors like digital art, where platforms like OpenSea and Rarible have become hubs for artists to tokenize and sell their works as NFTs. In gaming, dApps like Decentraland utilise NFTs for in-game assets, fostering a thriving digital economy.

Creating and Launching an NFT dApp: A Step-by-Step Guide

  • Conceptualisation: Begin by defining the NFT dApp’s purpose, target audience, and unique features.
  • Blockchain Selection: Ethereum remains a popular choice for its robust support of NFT standards like ERC-721 and ERC-1155, although alternatives like BNB Smart Chain are also viable based on specific project needs.
  • Development Environment: Set up your environment with necessary tools for smart contract development and testing.
  • Smart Contract Development: Craft contracts to manage the NFTs’ lifecycle – minting, trading, and ownership transfer.
  • Wallet Integration: Ensure users can securely manage their NFTs by integrating wallets like MetaMask or Trust Wallet.
  • Minting Functionality: Develop user-friendly interfaces for creators to tokenize their assets.
  • Unique and Decentralised Data Storage: Store your NFT data on a decentralised platform like Ethereum Swarm. This not only ensures true decentralisation of your NFTs but also enhances their security and accessibility.
  • Marketplace Features: If your dApp includes trading functionalities, implement user-friendly buying, selling, and trading features.
  • Testing and Deployment: Rigorously test your dApp for any vulnerabilities and deploy it to your chosen blockchain.
  • Launch and Marketing: Craft a compelling narrative for your dApp, engage with influential community members, and utilise diverse platforms for promotion.
  • Continual Development and Community Engagement: After launch, keep evolving the dApp based on user feedback and market trends to stay relevant and useful.

Solar Punk: Crafting the Future with Ethereum Swarm

At Solar Punk, our journey into the realm of NFT dApps is fuelled by our commitment to innovation and decentralisation. Building on Ethereum Swarm, we offer a unique proposition – a platform that not only supports decentralised applications but also enhances their efficiency, scalability, and security through decentralised data storage.

Our NFT dApps stand out for their resilience against network congestion and their ability to offer a seamless user experience, even amidst the growing complexity of blockchain transactions. By embracing Ethereum Swarm, Solar Punk is not just participating in the blockchain revolution; we are actively shaping its course, ensuring our NFT dApps are not just technologically superior but also aligned with the ethos of decentralised, user-centric innovation.

Closing Thoughts

As we continue to innovate and explore the vast potential of NFT dApps, we invite you to join us on this exciting journey. The future of digital ownership and creativity is here, and at Solar Punk, we are at the forefront, crafting solutions that redefine the digital landscape. If you’re interested in learning how we can help your project stand out with unique and innovative dApps, reach out to us here. Let’s build the future together.