← @ChristopherA Twitter archive

Christopher Allen

@ChristopherA

As we head in 2020 toward standards for encrypted data vaults (see overview https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/final-documents/encrypted-data-vaults.md) I can't help but think of efforts in 1991 to add cryptography to the Xanadu Club system. I found some old Xanadu docs on this & scanned them for posterity: https://www.dropbox.com/s/qeyywxr9vk45dwx/Xanadu%20Club%20System%20%28from%20Xanadu%20Spire%201.0%2004-1991%29.pdf?dl=0

1/7/2020, 2:32:53 PM

Favs: 13

Retweets: 7

Christopher Allen

@ChristopherA

In modern day cryptographic terms, each Xanadu document is like an encrypted git commit (a point in time of a collaborative document). The Read Club has the decryption key to read the data. The Write Club can collaborate to sign future revisions of document.

1/7/2020, 2:36:55 PM

Favs: 3

Retweets: 1

Christopher Allen

@ChristopherA

As I think about how the Club System might be implemented today, the Read Club would be architected something like Minilock, https://45678.github.io/miniLock-file-format/2.html with its list of public key "permits" that can be unlocked using a Diffie-Hellman secret between keys to reveal the decryption key.

1/7/2020, 2:41:09 PM

Favs: 2

Retweets: 1

Christopher Allen

@ChristopherA

The Write Club would be something like a Threshold Schnorr Musig, where in a MPC ceremony the participants of the old document could sign new commit to show that the revision was properly derived from a threshold of its original authors.

1/7/2020, 2:43:19 PM

Favs: 2

Retweets: 1

Christopher Allen

@ChristopherA

The rules for what is an acceptable signature for future revisions of a Club System document would be written in the previous revision using a #SmartSignature style construction, possibly like Bitcoin Script, or something simpler with basic AND/OR and threshold constructions.

1/7/2020, 2:47:28 PM

Favs: 2

Retweets: 1

Christopher Allen

@ChristopherA

Using Schnorr (or PBC) aggregation and adapter signatures and means that we can offer interesting atomic "scriptless script" capabilities — a payment accepted in Lightning could immediately allow for read access, or be used to get the right to be added to the Write Club.

1/7/2020, 2:53:41 PM

Favs: 1

Retweets: 1

Christopher Allen

@ChristopherA

Like the original Xanadu Club System, all Clubs themselves are Clubs. So you can have scriptless scripts that allow you to pay to read a Club, that then give you adapter signatures to write, where you request a threshold signature from members of another Club to give you access.

1/7/2020, 2:59:08 PM

Favs: 1

Retweets: 1

Christopher Allen

@ChristopherA

Careful use of aggregated signatures can be used to ensure privacy. For instance you can know that you were voted into access to a Club, but not by who.

1/7/2020, 3:03:22 PM

Favs: 1

Retweets: 1

Christopher Allen

@ChristopherA

A particular thing I'd like to see in a Club System is to move away from cloud-based personal encrypted data stores, toward a more "fog"-like approach using content-addressible-hash based system like IPFS. The funds received by Clubs for access can be used to pay for persistence.

1/7/2020, 3:05:59 PM

Favs: 1

Retweets: 1

Christopher Allen

@ChristopherA

As proof that these ideas are possible, here is a demo by @gugol using a Lightning native macaroon-based bearer API credential, offering a server assisted atomic swap capability, sybil resistance, application level DoS, and fine grained authentication: https://twitter.com/roasbeef/status/1190098624010522624

1/7/2020, 3:15:45 PM

Favs: 2

Retweets: 1