Module manifest

bp_core::storage

Module manifest 

Source
Expand description

File manifest — per-file metadata for the BillPouch distributed FS.

§Overview

Every file uploaded to a BillPouch network is described by a FileManifest. The manifest is stored on the network (gossipped or fetched on demand) and describes:

  • The chunking and coding parameters (k, n, q, ph, pe).
  • Where each fragment lives (which Pouch peer holds it).
  • File metadata (name, size) encrypted with the network metadata key.

§Network metadata key

Each network has a 32-byte random secret key stored locally in ~/.local/share/billpouch/network_keys.json. The key is not derived from the network name — knowing network_id alone gives no information about the key. Keys are distributed to new members exclusively via signed+encrypted invite tokens (see the invite subsystem).

§Chunk encryption

Each chunk is encrypted with a per-user CEK (Content Encryption Key) before RLNC encoding. The CEK is derived from the owner’s Ed25519 secret material and a hash of the plaintext chunk, so Pouch nodes holding fragments never have access to plaintext data and cannot read files belonging to other users even if they share the same network.

cek = BLAKE3_keyed(identity.secret_material(),
                   "billpouch/cek/v1" || BLAKE3(plaintext_chunk))

§File upload pipeline

File (user data)
  │
  ▼ 1. Chunking  (chunk_size bytes each)
  │
  ▼ 2. Encrypt each chunk  (ChunkCipher::for_user — CEK from identity + plaintext hash)
  │      chunk_id = BLAKE3(encrypted_chunk)[0..16]
  │
  ▼ 3. RLNC encode   k → n fragments per encrypted chunk
  │      k = compute_coding_params(stabilities, ph, q_target).k
  │
  ▼ 4. Distribute one fragment per Pouch peer
        (Pouches only hold ciphertext fragments — never plaintext)

§File retrieval pipeline

Request propagates via gossip (tree expansion)
  │
  ▼  per chunk: collect ≥ k fragments from Pouch peers
  ▼  RLNC decode  → encrypted chunk
  ▼  ChunkCipher::for_user (re-derived from identity + stored plaintext hash) → plaintext chunk
  ▼  reassemble chunks → file

Structs§

ChunkManifest
Manifest entry for a single chunk of a file.
FileManifest
Complete metadata descriptor for a file stored in a BillPouch network.
FragmentLocation
Location of a single RLNC fragment in the network.
NetworkMetaKey
32-byte symmetric key shared by all nodes in a given network.