Module encryption

Expand description

Per-chunk encryption for BillPouch storage (“encryption at rest”).

§Overview

Before a chunk is RLNC-encoded and distributed across Pouch peers, it is encrypted with a per-user Content Encryption Key (CEK) using ChaCha20-Poly1305. This ensures that:

Pouch nodes holding fragments never have access to plaintext data.
Even nodes in the same network cannot read files owned by other users.

§CEK derivation

cek = BLAKE3_keyed(identity.secret_material(),
                   "billpouch/cek/v1" || BLAKE3(plaintext_chunk))

The CEK is deterministic for a given (identity, plaintext chunk) pair. The daemon stores (chunk_id → plaintext_hash) in memory so that ChunkCipher::for_user can be re-derived at GetFile time.

§On-disk / on-wire format

[ nonce (12 bytes) | ciphertext + poly1305 tag (len + 16 bytes) ]

The nonce is randomly generated at encryption time. The total overhead is 28 bytes per chunk (12-byte nonce + 16-byte authentication tag).

Structs§

ChunkCipher: ChunkCipher wraps the ChaCha20-Poly1305 key used to encrypt and decrypt chunk data before/after RLNC coding.