►
Description
Originally recorded during the Berlin Developers Meetings from July 9-13, 2018.
Lightning @Peergos introduction - p2p e2e encrypted social network
A
So
this
is
gonna,
be
about
five
X
speeds,
so
bear
with
me
is
your
data
secure.
The
answer
is
no,
for
most
people
with
our
solution
is
big
loss,
which
is
built
on
top
of
IP
FS
I.
Don't
need
to
convince
you
guys
why
decentralization
and
security
are
important.
These
are
the
three
things
I
want:
security,
control
and
convenience.
A
A
This
structure
is
you:
have
it's
a
globally
global
encrypted
filesystem
your
space
is
under
your
username
in
the
global
namespace
we
have
a
each
person
has
a
tree
of
symmetric
keys,
which
controls
access
to
files.
That's
called
tree
there's
a
paper
you
can
read.
So
you
end
up
with
the
location.
Plastic
key.
Is
your
cryptographic
key
capability?
A
This
is
what
tree
looks
like.
So
there's
a
bunch
of
each
of
the
boxes
of
the
key,
so
the
first
column
is
directory,
then
the
subdirectory
and
then
there's
a
file.
So
if
I
grant
the
files
parent
key
to
someone-
and
they
can
read
both
the
properties
and
the
contents
of
that
file
and
the
parent
keys
go
backwards.
That
just
means
everything
has
a
well-defined
global
path,
but
if
I
had
done
what
I
just
said-
and
there
was
another
file
in
the
same
directory-
that
person
wouldn't
be
able
to
tell
anything
about
that.
A
A
Everything
we
do
is
already
in
IP
LD.
There's
too
much
on
that
slide.
To
talk
about
the
file
system
itself
is
in
a
data
structure
called
a
champ
which
is
a
compressed
hash
array
map
to
try.
This
has
lots
of
wonderful
properties
and
if
we
decide
to
move
to
a
CID
T
the
future
that
will
make
that
easier.
A
The
main
thing
we
get
in
this
situation
is
the
directory
structure,
and
indeed
the
links
between
different
parts
of
the
same
file
are
not
visible
to
the
network.
All
they
see
is
a
big
map
of
five
Meg
chunks
or
not
five
Meg,
if
it's
a
directory,
so
it
kind
of
looks
like
that.
You
have
nodes
which
eventually
point
to
agree.
These
are
all
local
links,
all
in
IPL,
deep
and
eventually
to
the
encrypted
file.
Fragments
right
access
is
controlled
with
the,
as
you
would
expect,
with
a
key
pair
sharing.
A
Basically,
we
send
a
capability
between
users
to
part
in
their
file
system
and
they
then
use
that
to
basically
bootstrap
together
other
capabilities
through
so
that
currently
happens
through
it
has
to
happen
through
asymmetric
crypto.
That's
the
only
thing
in
our
system:
that's
currently
vulnerable
to
a
quantum
computer.
If
one
is
ever
built,
that's
big
enough,
but
we
are
looking
into
migrating
away
from
that
and
the
most
important
thing
finally
is
convenience
like
it
should
be
easy
to
use
for
a
typical
Facebook
user.
So
there
are
no
hashes,
there
are
no
visible
keys.
A
There
are
no
anything
like
that,
and
the
first
thing
that
people
want
is
to
be
able
to
log
in
from
any
machine.
So
the
way
we
do
that
is
we
take
your
password.
We
salt
it
with
your
username
through
and
run
it
through
script,
which
is
a
memory
hard
hashing
function.
We
tuner
to
take
about
a
second
on
a
on
a
mobile
phone
or
a
PC,
and
you
know
that
those
end
up
with
your
two
key
pairs
and
a
route
symmetric
key.
These
are
only
ever
stored
in
RAM,
never
written
or
to
disk
or
transmitted.
A
We
can
do
public
links,
basically
just
encoding
the
capability
in
the
URL
which
I
demoed
earlier
I,
also
demoed
the
media
plays,
you
saw
I,
didn't
mention.
We
also
want
to
have
basically
a
applications
within
pier-glass,
which
you
grant
specific
capabilities,
but
we
you
want
to
obviously
sandbox
them,
so
they
can't
escape
from
that,
especially
in
the
browser
we
have
a
prototype
which
basically
cross
compiles
a
browser
plus
wine
plus
an
x86
emulator
to
JavaScript
through
AM
scripting.
A
So
security,
the
thing
we
fundamentally
care
about
catalog
in
be
cracked.
You
do
the
math
TLDR
random,
14
character,
password!
No,
unless
you
have
300
billion
US
dollars
in
a
thousand
years,
that's
the
graph
of
how
much
it
would
cost
to
crack
a
password
in
a
year.
You
can
see
there's
a
red
line
there
as
well.
A
A
A
What
about
quantum
computer
based
attacks,
as
I
mentioned
earlier?
You
have
that
crypt
free
thing,
which
is
the
links
between
keys,
are
the
target
key
symmetrically
encrypted
with
the
source
key.
So
that's
how
you
traverse
that
tree
and
the
thing
I
just
explained
the
login.
That's
just
hashing,
both
both
of
those
have
no
known
quantum
attacks,
not
significant
ones.
Anyway,
you
get
like
a
factor
of
2.
So
basically,
all
your
files,
anything
that's
not
shared-
is
already
safe
from
a
quantum
computer.
A
The
one
thing,
obviously
you
work
we're
still
signing
rights
and
that
that
also,
basically
all
they
symmetric
crypto
all
standard
asymmetric
crypto
is
broken
by
a
quantum
computer.
So
they
could
delete
your
data,
but
I
couldn't
read
it
and
then
the
final
attack
is
normally
bedrails
could
do
is
insecure
and
yeah.
It
depends
on
your
threat
model,
if
you're,
a
casual
user
willing
to
trust
someone's
public
server,
trust,
the
SSL
certificate
hierarchy
and,
of
course,
your
machine.
A
A
Build
security,
so
we
have
reproducible,
builds
both
on
the
server
and
the
front
end.
We
don't
use
NPM.
We
only
have
eight
javascript
dependencies.
All
of
them
have
ended.
Three
of
them
are
crypto
libraries.
We
have
our
own
deterministic
replacement
for
web
pack
and
minifiers.
We
self
host
all
of
our
assets,
so
there's
no
cross-domain
requests
to
whatever
CD
ends.
Oh
and
most
of
the
client
code
is
also
written
in
a
type
safe
language
and
cross
compiled
to
JavaScript.
A
B
C
Question
the
deterministic
builders-
that's
really
cool,
especially
with
an
eye
towards
making
sure
that
there's
no
random
stuff
going
in
there.
A
lot
of
those
projects
import
just
so
much
stuff
that
is
for
security
applications
would
be
pretty.
Terrifying,
are
all
those
modules
that
people
can
find
and.
A
C
A
So
that's
what
it
looks
like,
there's
a
bunch
of
stuff
after
the
hash
you
browse
to
that
does
its
thing
and
that's
the
directory
we
can
see.
So
if
we
go
back
to
the
actual
logged
in
user,
that's
the
directory
there.
So
you
can
see,
there's
a
bunch
of
sibling
stuff
to
it.
If
we
try
and
go
up
a
directory,
we
don't
see
any
of
that
and
we
can
go
into
these
guys
and
see.
So
you
support
link
to
an
entire
subtree.
A
C
A
C
A
Basically,
in
terms
of
actually
usage,
so
there's
a
variety
of
s,
we
just
use
block,
put
and
get
pin,
add
an
update.
We
would
calculating
size,
we
used
block
stat,
we
have
our
equivalent
IPS,
which
is
just
two
calls.
There's
the
call
to
send
a
follow
requests
which
we're
going
to
base
that
we
easy
to
replace
with
peer-to-peer
stream.