Select Page
Introducing the Access Control Trie (ACT) in Swarm

Introducing the Access Control Trie (ACT) in Swarm

by András Arányi

The Access Control Trie (ACT) is an essential feature designed to manage access control in Swarm’s decentralized storage infrastructure. It enables publishers to grant or revoke access to specific content at the chunk level using encrypted session keys. This guide will walk you through the key concepts and practical aspects of using ACT to protect your data in Swarm.

If you’re a content publisher and looking for a way to share data but maintain full control and privacy, you might find that the below concept of a fully fledged access control mechanism covers all your needs.

Content Publishers

⚠️ TLDR: Publishers can control access to their data by encrypting access keys for each viewer and adding/removing them from the ACT lookup table. ⚠️

As a publisher, you have full control over who can view your content. Using ACT, you can upload your data and grant access to specific grantees (viewers) by referring to their Swarm node wallets’ public keys. Additionally, you can revoke access at any time, ensuring that only authorized viewers have the ability to access your data.

What makes ACT unique is that, as opposed to other solutions which only encrypt data, ACT ensures that only the intended viewers will have access to the data. Everyone else is blocked, even from discovering an encrypted version of it. This significantly increases the privacy and security of your content, preventing unauthorized users from knowing the data even exists.

How to manage access:

  1. Upload your content to Swarm as you normally would, but with ACT request headers included.
  2. Assign access rights by adding the grantee’s public key to the ACT.
  3. If needed, revoke access by removing the grantee from the ACT.

Keep in mind: Publishers can control the latest version of content that grantees are able to access. If you update your content, viewers might still have access to an older version if they were granted access to that earlier version before.

You can learn more about how to manage access using tools like swarm-cli by following the tutorial in the Swarm documentation. These features are also fully supported by the Bee API (starting from version 7.0+), enabling any application to interact with them directly.

Grantees (Content Viewers)

⚠️ TLDR: Grantees can access the specific version of content that the publisher has granted access to, but may lose access to future versions if revoked. ⚠️

As a grantee, your ability to view the content is based on the public key of your Swarm node’s wallet and depends on the permission granted by the publisher. The process for gaining access is simple and secure, thanks to ACT’s encryption mechanisms.

How it works:

  • Your Swarm node wallet’s public key is used as a session key, which is then used to create two additional keys:
    • A lookup key to find your entry in the ACT lookup table.
    • An access key decryption key, allowing you to decrypt the content access key specifically encrypted for you.

This ensures that only you can decrypt the content, and you can retrieve the version of the content you have (or have had) permission for.

How ACT Manages Grantee Access

ACT employs a sophisticated mechanism to manage grantee access using public-key cryptography and secure key derivation. At the heart of this system is the ACT lookup table, a key-value store that securely links each grantee’s Swarm node wallet’s public key to an encrypted access key. Here’s a breakdown of how it works:

  1. Session Key:
    Each grantee’s Swarm node’s public and private key pair serves as their unique session key. This session key is crucial because it forms the basis for all further encryption steps related to the grantee’s access.
  2. Key Derivation via Diffie-Hellman:
    Using Diffie-Hellman key derivation, the session key is used to derive two important keys:
    • Lookup Key: This key is used to identify the specific entry for a grantee in the ACT lookup table.
    • Access Key Decryption Key: This key is used to decrypt the access key, which in turn allows the grantee to unlock the protected content.
  3. Encrypted Access Keys:
    The content access key is encrypted specifically for each grantee using their derived decryption key. This ensures that only the intended grantee can decrypt the access key and thus view the content. This per-grantee encryption adds a layer of security, preventing unauthorized access even if someone else obtains the encrypted data.
  4. ACT Lookup Table:
    The lookup table itself is implemented as a key-value store within a Swarm manifest. Each grantee’s public key maps to an encrypted access key, ensuring that only authorized users with the correct session and decryption keys can retrieve the access key and, subsequently, the content. This table allows publishers to manage access dynamically, adding or removing grantees as needed without compromising the security of the stored content.
  5. Adding and Removing Grantees:
    Publishers have the flexibility to dynamically add or remove grantees from the lookup table. When a grantee is added, their public key and the corresponding encrypted access key are stored in the lookup table.

Version Control and Historical Access:
The ACT maintains a version history, which includes timestamps for each version of the access control list. If a grantee’s access is revoked for new versions of the content, they can still access older versions to which they had been granted permission, based on the relevant timestamps.

Encryption and Security in ACT

⚠️ TLDR: Every element in the ACT process is encrypted, ensuring complete security of content and access control. ⚠️

As demonstrated earlier, encryption is central to how ACT is implemented. Every component, from the grantee list to the content access keys, is encrypted using strong cryptographic methods. This ensures that only authorized users can access your data, and any tampering or unauthorized access is effectively prevented.

Here’s how encryption is applied:

  • Grantee List Encryption:
    The list of grantees is encrypted using the publisher’s lookup key, ensuring that unauthorized users cannot even detect the existence of the grantee list. This adds another layer of privacy, as only the publisher and authorized grantees are aware of who has access.
  • Access Key Encryption:
    Each grantee’s access key is individually encrypted using their specific decryption key derived through the Diffie-Hellman process. This ensures that only the intended grantee can decrypt the access key and gain access to the protected content.
  • Historical Version Encryption:
    All versions of the ACT, including older ones, are protected by encryption. This means that even if a grantee’s access is revoked, the historical data they had access to remains encrypted and secure.

Content Encryption:
Finally, the actual content itself is encrypted at the chunk level. Only those who possess the correct access key (which is encrypted for each grantee) can decrypt and retrieve the content.

Key Takeaways

  • Publishers: Maintain control over your data and manage grantee access with fine-grained control using ACT. You can easily add or remove access rights and ensure your data is always protected by encryption.
  • Grantees: Access specific versions of content securely, knowing that only you have the ability to decrypt the content you’ve been granted access to.

For anyone operating in the Swarm ecosystem, the Access Control Trie (ACT) represents a critical advancement in decentralized content management, offering robust security while maintaining flexibility in access control.

If you’re interested in learning more about how ACT works or how to implement it in your Swarm nodes, have a look at the Swarm documentation.

Optimized chunk production for compact usage of postage buckets: A Swarm Hack Week success

Optimized chunk production for compact usage of postage buckets: A Swarm Hack Week success

During the recent Swarm Hack Week, the Solar Punk team hosted a hackathon where Mirko from Etherna developed a project aimed at addressing the inefficiencies in postage batch consumption in Swarm’s data storage. Currently, storing data in Swarm requires purchasing postage batches with a depth much larger than necessary, leading to significant inefficiencies and increased costs. The project focused on optimizing this process to make the nominal space in postage batches truly usable.

Steps of development

Using Bee.Net, an open-source C# library, he introduced a “compaction level” ranging from 0 to 100. This compaction level controls the effort put into compacting chunks within buckets. At level 0, there is no effect on chunk compaction, while at level 100, the compaction is maximized. The compaction level sets a trigger limit on bucket collisions, prompting the system to mine a better chunk hash when collisions occur. To enhance precision at higher compaction levels, he implemented this using a parabolic function.

Mirko added a custom byte in front of each data chunk’s payload to enable the mining of different chunk hashes, resulting in data chunks containing 4095 bytes of actual information instead of the original 4096 bytes. To interpret these optimized chunks, the reader simply drops the first byte of each data chunk. This approach ensures that the optimization can be executed solely on the client side, though it would be more efficient if handled server-side.

The key advantages of this approach include making nominal space in postage batches usable, reducing postage batch costs, and not requiring additional resources for storing decryption keys. The algorithm works even if not all chunks within the postage batch are optimized, and different files can utilize different compaction settings, enhancing flexibility.

If you would like to take a closer look on the project’s code, you can reach it on the following link: https://github.com/Etherna/bee-net/tree/feature/BNET-99-swarm-hackathon-2024 

Future work

Future work will focus on developing a deterministic method for hash production to enhance consistency, refining the trigger level formula for better performance at lower levels, and investigating solutions for the potential impact of unoptimized chunks on lower depths due to the birthday paradox.

This Swarm Hack Week project has significantly advanced the optimization of Swarm’s storage. By implementing a compaction level and optimizing data chunks, he has made Swarm’s storage more efficient and cost-effective. This collaborative innovation exemplifies the potential for future improvements in decentralized data storage. Stay tuned for more updates as we continue to enhance Swarm’s capabilities!

Fake IDs & Fraudulent KYC: Can Crypto Find Salvation in Swarm-Powered Decentralisation?

Fake IDs & Fraudulent KYC: Can Crypto Find Salvation in Swarm-Powered Decentralisation?

The “OnlyFake” scandal, exposing the ease of bypassing KYC checks with forged IDs, throws a spotlight on the vulnerabilities of centralised verification systems in crypto. But fear not, for decentralisation and Swarm, a leading decentralised data storage and distribution technology, might hold the key to a more secure and empowering future.

Centralised KYC: A Honeycomb for Hackers and Fraudsters

Storing user data on centralised servers creates a honeypot for malicious actors. Deepfakes become potent weapons, exploiting weak verification processes to jeopardise financial security and erode trust. Opaque verifications further exacerbate the issue, leaving users with little control over their data and fostering privacy concerns.

Swarm & Decentralization: Empowering Users, Fortifying Security

Decentralisation offers a paradigm shift. By storing user data on blockchains like Swarm, a distributed and tamper-proof ledger, we eliminate central points of attack. Users regain control through self-sovereign identities, fostering trust and transparency. But how do we verify attributes without exposing sensitive information?

Zero-Knowledge Proofs: Verifying Without Revealing

Zero-knowledge proofs (ZKPs) act as cryptographic shields. They allow individuals to prove they possess certain characteristics (e.g., being above 18) without revealing any underlying data. This guarantees privacy while maintaining the integrity of verification.

A Glimpse into the Future: Secure & Empowering Crypto Identity Management with Swarm

Imagine a world where:

  • Swarm-powered decentralised storage eliminates honeypots, making data breaches a distant memory.
  • ZKPs render deep fakes useless by focusing on attribute verification, not identities.
  • Users hold the reins of their data, fostering trust and transparency within the ecosystem.

Here’s how Swarm and ZKPs could work together:

  1. Store ID data on Swarm: Users upload their encrypted ID documents to the decentralised Swarm network, ensuring data privacy and distribution across multiple nodes.
  2. Zero-knowledge verification: When required, users leverage ZKPs to prove they possess necessary attributes (e.g., age) without revealing the entire document.
  3. Empowered control: Users maintain complete control over their data, deciding who can access specific attributes and revoking access as needed.

The “OnlyFake” incident serves as a stark reminder of the need for change. By embracing Swarm-powered decentralisation and ZKPs, we can create a crypto space where security, privacy, and user empowerment reign supreme.

The question now lies with you: Are you ready to join the movement towards a more secure and empowering crypto future?