Definitions
Version 5.1 by Zenna Elfen on 2025/11/27 12:02
Definitions for Authentication and Access
| Function | What it means in P2P context |
|---|---|
| Permissions | Define what actions a peer is allowed to perform (read, write, broadcast, modify state, etc.) |
| Delegation | Allow a peer to grant some portion of its authority to another peer (e.g., "you can write to this dataset for 1 day") |
| Capabilities | Tokens/objects that embody permissions and can be passed around securely |
| Revocation | Ability to withdraw access (essential yet tricky, since there's no central admin) |
| Identity-agnostic control | Often operations are authorized not by who you are but what capabilities you possess |
Definitions for Security and Encryption
| Security Function | Purpose | Examples |
|---|---|---|
| Transport Encryption | P2P channel confidentiality | TLS, Noise |
| Private Interest Overlap | allows peers to securely determine if they have capabilities in common without revealing what those capabilities are | Willow |
| Message Encryption | End-to-end secrecy, async | MLS, Olm/Megolm, DR |
| Identity & Trust | Who’s who, key bootstrapping | DIDs, TOFU, Web-of-trust |
| Integrity | Detect tampering | AEAD, Merkle DAGs |
| Key Lifecycle | Rotation, revocation, recovery | X3DH, key transparency |
| Anonymity & Metadata Protection | Hide who communicates with whom | Tor, mixnets |
| Anti-Abuse / Sybil Resistance | Resist spam and capture | PoW, stake, identity proofs |
| Censorship Resistance | Survive blocking, surveillance | pluggable transports, relays |
| Secure Storage | Protect data at rest | hardware keystores, secret sharing |
| Integrated Overlays | All of the above in one stack | Veilid, I2P, Nym |
| Confidentiality | Only intended peers can read communication | TLS, DTLS, Noise Protocol Framework, AEAD (e.g., ChaCha20-Poly1305), MLS, Olm/Megolm, WireGuard, Veilid E2E channels |
| Integrity | Messages can't be modified undetected | Digital signatures (Ed25519, BLS), MACs, Merkle DAGs (IPLD/IPFS), Hash chains, Signed Gossip, BPSec |
| Authentication | Verify identity or cryptographic key ownership | Noise handshake patterns, TLS mutual auth, DIDs, Web-of-Trust (PGP), TOFU (SSH-style), libp2p PeerIDs, X3DH (Signal) |
| Forward Secrecy | Compromising long-term keys does not reveal past messages | Double Ratchet, X3DH, MLS TreeKEM, Noise ephemeral handshakes, Olm (Matrix) |
| Metadata protection | Hide sender, receiver, and communication patterns | Tor (Onion routing), Mixnets (Katzenpost / Nym), Dandelion++ (P2P routing privacy), Cover traffic schemes, Veilid routing obfuscation |
| Resilience | Continue operating despite adversarial environments | Multipath routing (Tor bridges, libp2p relay), Censorship-resistant transports (Snowflake, Pluggable transports), DTN/BPSec, CRDT/replicated DHT storage (IPFS/Kademlia), Opportunistic mesh routing (Briar/Scuttlebutt), Veilid global overlay network |