Skip to Content

Wiki source code of Definitions

Last modified by Zenna Elfen on 2025/11/27 12:13
Show last authors
1 == Definitions for Authentication and Access ==
2
3 (% border="1" dir="ltr" id="auth_def" style="margin-right:auto" summary="Definitions for Authentication and Access" %)
4 |=Function|=What it means in P2P context
5 |Permissions|//Define what actions a peer is allowed to perform (read, write, broadcast, modify state, etc.)//
6 |Delegation|//Allow a peer to grant some portion of its authority to another peer (e.g., "you can write to this dataset for 1 day")//
7 |Capabilities|//Tokens/objects that embody permissions and can be passed around securely//
8 |Revocation|//Ability to withdraw access (essential yet tricky, since there's no central admin)//
9 |Identity-agnostic control|//Often operations are authorized not by who you are but what capabilities you possess//
10
11 == Definitions for Security and Encryption ==
12
13 (% border="1" dir="ltr" id="sec_def" style="margin-right:auto" summary="Definitions for Security and Encryption" %)
14 |=Security Function|=Purpose|=Examples
15 |Transport Encryption|//P2P channel confidentiality//|//TLS, Noise//
16 |[[Private Interest Overlap>>https://willowprotocol.org/specs/pio/index.html#private_interest_overlap]]|//allows peers to securely determine if they have capabilities in common without revealing what those capabilities are//|//Willow//
17 |[[Prefix Pruning>>https://willowprotocol.org/specs/data-model/index.html#prefix_pruning]]|Enables removal of data by replacing data with a new timestamped file that is empty, encouraging replication of the deletion.  "you have a path hierarchy which lets you prune off a whole bunch of leaves by cutting at the root. Like if you replaced your Documents directory with a text file of the same name."|//Willow//
18 |Message" Encryption|//End-to-end secrecy, async//|//MLS, Olm/Megolm, DR//
19 |Identity & Trust|//Who’s who, key bootstrapping//|//DIDs, TOFU, Web-of-trust//
20 |Integrity|//Detect tampering//|//AEAD, Merkle DAGs//
21 |Key Lifecycle|//Rotation, revocation, recovery//|//X3DH, key transparency//
22 |Anonymity & Metadata Protection|//Hide who communicates with whom//|//Tor, mixnets//
23 |Anti-Abuse / Sybil Resistance|//Resist spam and capture//|//PoW, stake, identity proofs//
24 |Censorship Resistance|//Survive blocking, surveillance//|//pluggable transports, relays//
25 |Secure Storage|//Protect data at rest//|//hardware keystores, secret sharing//
26 |Integrated Overlays|//All of the above in one stack//|//Veilid, I2P, Nym//
27 |Confidentiality|//Only intended peers can read communication//|//TLS, DTLS, Noise Protocol Framework, AEAD (e.g., ChaCha20-Poly1305), MLS, Olm/Megolm, WireGuard, Veilid E2E channels//
28 |Integrity|//Messages can't be modified undetected//|//Digital signatures (Ed25519, BLS), MACs, Merkle DAGs (IPLD/IPFS), Hash chains, Signed Gossip, BPSec//
29 |Authentication|//Verify identity or cryptographic key ownership//|//Noise handshake patterns, TLS mutual auth, DIDs, Web-of-Trust (PGP), TOFU (SSH-style), libp2p PeerIDs, X3DH (Signal)//
30 |Forward Secrecy|//Compromising long-term keys does not reveal past messages//|//Double Ratchet, X3DH, MLS TreeKEM, Noise ephemeral handshakes, Olm (Matrix)//
31 |Metadata protection|//Hide sender, receiver, and communication patterns//|//Tor (Onion routing), Mixnets (Katzenpost / Nym), Dandelion++ (P2P routing privacy), Cover traffic schemes, Veilid routing obfuscation//
32 |Resilience|//Continue operating despite adversarial environments//|//Multipath routing (Tor bridges, libp2p relay), Censorship-resistant transports (Snowflake, Pluggable transports), DTN/BPSec, CRDT/replicated DHT storage (IPFS/Kademlia), Opportunistic mesh routing (Briar/Scuttlebutt), Veilid global overlay network//
33
34
35
36
37
38
39
40
41
42
43