p2panda: group encryption and capabilities

p2pandais a protocol and SDK for building decentralised applications with authenticated data, which is stored and synced between computers. Most p2p protocols, including p2panda, face problematic security and privacy challenges, where sensitive data is distributed in a trust-less network. This application aims at the integration of a secure data encryption and fine-grained capability layer to give users more control and protection of their data.

Scaleable data encryption for large groups in a decentralised network is hard and has always involved a trade-off between UX and security. We believe that MLS is the first Internet Engineering Task Force (IETF) standard to tackle some of these challenges. p2p applications of all kinds, will benefit from a protocol that gives them a distributed, strongly encrypted database stack. MLS assures Post-Compromise Security (PCS) and Forward Secrecy (FS) and still stays performant for large groups. While MLS is capable of working in a decentralised environment it hasn’t been explicitly specified for it. With p2panda we have all the building blocks to realize MLS in a fully decentralised setting.

Highly collaborative p2p and offline-first applications require a robust capability system which facilitates giving and revoking permissions to/from identities on the network. With such a system it becomes possible to give permissions for certain actions to other authors or link devices which should be grouped under a single identity.