Versions

Versions provide read-only deterministically encrypted storage, such that multiple versions can be interpreted a read-write Braid. While deterministic encryption is usually subject to chosen-plaintext attacks, The structure of versions provides significant mitigation in practice.

Key Derivation

The Braid that the Version is to be part of determines which signing and encryption keys it uses. See Braids for details on their key derivation.

References

References to a particular Version are generated by signing the entire serialization of the Version. The signing and verifying functions, no matter which scheme, use the domain "Converge Version Reference".

Encryption and Decryption

The ciphertext held within a Version is produced with using deterministic authenticated encryption with associated data, with a domain of "Converge Version Encryption" for the encryption and the associated data of:

1. the public key of the braid
2. the serialized set of references
3. the serialized list of parent versions

All use the atlv encoding, so the second two are similar to the end of this example starting at byte 0x85.

Chosen Plaintext Attacks

Chosen Plaintext Attacks on deterministic authenticated encryption with associated data schemes depend on the attacker having control of the associated data. Including the parent versions in the associated data introduces significant mitigation. Even if an attacker controls the content (plaintext and references) of a version that a node encrypts, that node will list different parent versions each time.