StrongSalt

Decentralized Encrypted Search and Share Platform

for Building Privacy-Preserving Applications

Ed Yu and Paul Sri

Version 2.1.0 19 May 2019

ABSTRACT

StrongSalt is a blockchain-based encrypted search and share protocol for building low latency, decentralized applications. Application developers building on the StrongSalt platform will achieve data privacy via always-on encryption by default, while their data remains fully searchable.

The StrongSalt protocol provides a five-layer abstraction model that characterizes secure and private communication functions at all layers served by an immutable and trustless distributed ledger. A hierarchical publish- subscribe pattern is leveraged in conjunction with roles-based nodes in order to facilitate node function expansion, service level agreements, and network scalability.

The StrongSalt network utilizes a blockchain to achieve its immutable and trustless nature, however, is blockchain agnostic and open to both permissioned and permissionless blockchain models. A protocol token is provided to enable economic exchange amongst application developers and service providers based on usage and consumption patterns.

Finally, the StrongSalt network operates on the Google-developed, UDP-based protocol, QUIC, instead of TCP allowing all communication to be encrypted and low latency at the network transport layer.

"The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it." -- Mark Weiser

StrongSalt @ Telegram web browsing to the broader set of IoT and AI-type interactions. These interactions can Introduction range from chatty and low-latency to high- bandwidth and persistent. Current Internet Much has changed in the past 10 years. As infrastructure and protocols are ill- daily inhabitants sometimes we forget how equipped to handle the explosive growth of quickly the world can change and how IoT and AI-based devices and software. The quickly technology can outpace everything number of IoT devices is expected to reach around it. The technology landscape is 21.5 billion by 2025 with that number replete with smartphones, smart watches, currently sitting at 7 billion in 2018. The smart thermostats, voice assistants, smart total number of connected devices will be speakers, babycams, mesh networks, self- closer to 34.2 billion in 2025.4 driving vehicles, and fully-electric vehicles -- to name a few. 1 Additionally, the tech industry has begun embracing decentralized applications, The proliferation of artificial intelligence services, and protocols5. The traditional (AI) constructs and Internet of things (IoT) approach of building centralized devices have not only helped to make our applications definitely have their merits lives easier through learning and such as the ability to rollback transactions automation but have also dramatically or having a customer service call center with increased Internet traffic and introduced a which to speak. However, these merits come new set of privacy and security concerns. at a cost; namely security breaches, inability Privacy and security are becoming to scale, and fraudulent behavior. increasingly important as more and more of our lives are digitized and made available These changes are big. Billions big. online -- most by our own doing. has 1 billion monthly active users (MAUs)2; When it comes to security, it should come in 2016 those users posted over 95 million as no surprise to learn that the global times and liked posts 4.2 billion times a average cost of a security breach is $3.86 day3. million USD6, while the global annual cost is

The world has shifted and continues to 4 "State of the IoT 2018: Number of IoT shift from predominantly human-initiated devices now at 7B – Market ...." 8 Aug. interactions such as chat applications or 2018, https://iot-analytics.com/state-of- the-iot-update-q1-q2-2018-number-of-iot- 1 "Smart device - Wikipedia." devices-now-7b/. https://en.wikipedia.org/wiki/Smart_devic 5 "Microsoft To Embrace Decentralized e. Identity Systems Built On ... - Forbes." 12 2 "Instagram hits 1 billion monthly users, Feb. 2018, up from 800M in September ...." 20 Jun. https://www.forbes.com/sites/ktorpey/201 2018, 8/02/12/microsoft-to-embrace- https://techcrunch.com/2018/06/20/insta decentralized-identity-systems-built-on- gram-1-billion-users/. bitcoin-and-other-blockchains/. 3 "24+ Instagram Statistics That Matter to 6 "Cost of Study | IBM Marketers in 2019." 5 Oct. 2018, Security." https://blog.hootsuite.com/instagram- https://www.ibm.com/security/data- statistics/. breach. forecast to be $2.1 trillion USD by 2020. In how centralized authority can have rather just the first half of 2018 alone over 4.5 large, negative ramifications if incentives billion were exposed as a result of security are on the wrong side. breaches. 7 Many companies such as , Ticketmaster, , and The winners of the data theft wars will Yahoo! have each paid their own price for inevitably be those who embrace security not adequately securing their centralized and privacy at their core. It will be those systems. who choose a decentralized application model as opposed to those who largely In addition to privacy and security, there dependent on centralized systems.13 are also bandwidth and latency challenges directly attributable to IoT. New Zealand’s Blockchain, however, is not without its Internet traffic is expected to reach the drawbacks. When it comes to equivalent of 72,000 DVDs every hour by decentralization, there are some issues we 20208, while annual global Internet as an industry have yet to deal with such as protocol (IP) traffic will reach 3.3 zettabytes consensus algorithms that are both cost- (ZB) per year by 2021, or 278 exabytes (EB) effective and secure -- which is why we have per month. 9 proof of work (PoW) algorithms competing with delegated Byzantine fault tolerance We have also seen a number of bad actors (dBFT). in recent years such as Wells Fargo10, Facebook11, and Aflac12 each demonstrating And as with most technology scaling problems, we have the blockchain trilemma

7 "List of data breaches - Wikipedia." forcing us to choose two from the three https://en.wikipedia.org/wiki/List_of_data blockchain characteristics of cost / _breaches. efficiency, correctness, and decentralization. 8 "IoT will help New Zealand double web 14 traffic by 2020 - ReadWrite." 26 Jun. 2016, https://readwrite.com/2016/06/26/iot- One common pattern in the will-help-new-zealand-double-web-traffic- aforementioned issues of privacy, security, 2020-pl4/. 9 "The Zettabyte Era: Trends and Analysis and fraud stands out; that of centralized - Cisco." 7 Jun. 2017, https://www.cisco.com/c/en/us/solutions/ 12 "Former Aflac Employees Allege Fraud collateral/service-provider/visual- and Other Abuses - The Intercept." 11 Jan. networking-index-vni/vni- 2018, hyperconnectivity-wp.html. https://theintercept.com/2018/01/11/aflac- 10 "Wells Fargo timeline: Bank's 20- fraud-lawsuit-sales-associates/. month nightmare - Business." 24 Apr. 2018, 13 "Why decentralization could prove the https://money.cnn.com/2018/04/24/news most disruptive tech megatrend ...." 17 Oct. /companies/wells-fargo-timeline- 2018, shareholders/index.html. https://latest.13d.com/decentralization- 11 "Facebook and Cambridge Analytica: megatrend-disruptive-tech-tim-berners-lee- What You Need to Know as ...." 19 Mar. 369fafc82068. 2018, 14 "DSHR's Blog: The Blockchain https://www.nytimes.com/2018/03/19/tec Trilemma." 9 Aug. 2018, hnology/-cambridge-analytica- https://blog.dshr.org/2018/08/the- explained.html. blockchain-trilemma_9.html. software systems and centralized authority team sees the future. Finally, this white figures. paper will discuss adoption strategies for We aim to paint the reader a picture of the proposed technology solution. what the future can hold -- a less centrally designed world where applications are more Problem Statement robust to malicious attacks and incompetent management due to the very nature of how they were designed and built -- with Current Internet protocols, platforms for decentralization, privacy, and security in building applications, and applications mind. themselves are designed: 1) assuming only What the StrongSalt team is building now human interaction, 2) lacking a focus on will provide the building blocks necessary security and privacy, and 3) intentionally for today’s software developers, companies, centralized. or anyone who cares deeply about preserving privacy to build the next The next generation of protocols, generation of decentralized applications platforms, and applications must account (dApps) that will be head and shoulders for not only human interaction, but above what we have now in terms of privacy, machine-to-machine interaction. security, and scalability. Applications must treat security and privacy as first-class citizens16, building data StrongSalt has already begun the protections into the foundation. And lastly a development of its protocol in earnest by decision must be made as to whether an building alongside the protocol a real-world application should be centralized or decentralized file vault. Because this file decentralized. vault is built on top of the StrongSalt More often than not we hope that protocol, it inherits core features such as application and platform developers will encrypted data at rest, encrypted data in build in a decentralized manner whatever transit, and fully searchable encryption for can be to avoid the many pitfalls and any and all data stored in the file vault. eventualities described in the Introduction. From a product and engineering perspective the StrongSalt team strongly StrongSalt aims to provide a protocol for believes the best way to go about building a building applications that addresses all of platform is to consume the platform as these concerns by providing network level, you’re building it -- colloquially known as platform level, and application level eat your own dog food. 15 support.

This white paper will first provide the Vision problem statement detailing the inherent flaws in today’s industry. Then it will provide an overall summary of the proposed solution and a vision for how the StrongSalt 16 "Using AWS with Security as a First Class Citizen | ThoughtWorks." 16 Nov. 15 "Eating your own dog food - Wikipedia." 2016, https://en.wikipedia.org/wiki/Eating_your_ow https://www.thoughtworks.com/insights/bl n_dog_food. og/using-aws-security-first-class-citizen. The StrongSalt team believes that we are only do we have the technologies available all born with certain unalienable rights, one to us to achieve these goals, but the of which is privacy. motivation. The past few decades have given us great Years of hacked personally identifiable achievements in technology driven by information (PII), grossly mismanaged data, technology giants like Apple, , and and an almost reckless approach to security Google. However, at the same time we have have made us more than ready to embrace a also seen our privacy eroded, as it has more secure world. become increasingly lower and lower friction to give it up. 17 The StrongSalt team is designing and These technology giants were so building the best combination of concerned with harvesting our personal technologies allowing for blockchain-based data, selling it, and making it available to trustless systems, low-cost encryption that all, that they didn’t stop to ask if they is searchable, and transport mechanisms should. that will carry us into the next generation of Technology has and will not only make artificial intelligence (AI) and machine our lives easier but can also provide a means learning (ML) based communications. to undo some of the privacy bartered with these giants. Technologies such as Much as a strong and unique salt is blockchain, encryption, and network required to adequately encrypt and protect protocols will be the building blocks of the data such as passwords, StrongSalt aims to StrongSalt network allowing us to construct be the keystone of a secure, trustless, and trustless ecosystems, protect our data, and performant technological future. do it reliably and quickly. Solution Overview We have the technology to build a colony on Mars18 and print self-healing DNA19. We believe that the world is at a point where not The StrongSalt team proposes a multilayer, hierarchical messaging system built on a blockchain economy with a UDP- 17 "As Facebook Raised a Privacy Wall, It based transport mechanism. Carved an Opening for Tech ...." 18 Dec. 2018, https://www.nytimes.com/2018/12/18/tech At the root of StrongSalt, a multilayer nology/facebook-privacy.html. approach provides for separation of 18 "We have the technology to build a concerns (SoC)20 and a modular approach to colony on the moon. Let's do it ...." 10 Dec. any potential functionality expansion or 2018, performance scaling. We will provide a brief https://www.washingtonpost.com/opinions overview here of each layer and go into /we-have-the-technology-to-build-a-colony- on-the-moon-lets-do- more detail in the design and architecture it/2018/12/10/28cf79d0-f8a8-11e8-8d64- sections. 4e79db33382f_story.html. 19 "1B start-up backed by Bill Gates prints new DNA - CNBC.com." 21 Dec. 2018, https://www.cnbc.com/2018/12/21/bill- 20 "Separation of concerns - Wikipedia." gates-backed-start-up-ginkgo-bioworks- https://en.wikipedia.org/wiki/Separation_ prints-synthetic-dna.html. of_concerns. A few major components of the StrongSalt based nodes that serve the ecosystem in a network include a hierarchical messaging functionally scalable fashion as new roles system that builds on traditional single layer and relationships between those roles can messaging systems, a blockchain database be developed to suit the future needs of the and corresponding economy to provide protocol. decentralized interactions and the appropriate incentives, and a network The StrongSalt network provides for transport layer built on Quick UDP Internet security in a multilayer approach with each Connections (QUIC).21 layer being responsible for its own security A hierarchical messaging system provides as is most appropriate to the separation of additional system flexibility and scalability concerns paradigm. to the messaging backbone as certain levels of communication can be designated for With the solutions described we will build particular functions only. a decentralized private information network A blockchain layer provides not only an (DPIN) with foundational concepts such as economic system of incentives or rewards private information retrieval (PIR)22 and for network participants, but the requisite oblivious transfer (OT)23 providing the infrastructure to achieve trustless cryptographically secure underpinnings of interaction and immutable, public searchable encryption.24 transactions. Finally, a UDP-based transport layer The StrongSalt network is a private provides the low-latency, connectionless information storage and retrieval platform communication necessary for chatty AI and because it focuses on security and privacy at ML actors. its core, while being an information network because of its blockchain-based mesh The messaging and API layers which sit network of hierarchical, role-based nodes. above the blockchain layer provide critical abstraction necessary for developers to Solution Overview: Decentralized avoid worrying about secure message Encrypted Search passing and blockchain economics. An API layer sits on top of the messaging The StrongSalt platform leverages layer providing a publish-subscribe research in the area of encrypted search by messaging pattern whereby message producers publish, and message consumers 22 "Private information retrieval - subscribe to interest-based channels. Wikipedia." The messaging layer works in conjunction https://en.wikipedia.org/wiki/Private_infor mation_retrieval. with the blockchain layer to handle message 23 "Oblivious transfer - Wikipedia." passing and the corresponding tracking of https://en.wikipedia.org/wiki/Oblivious_tr those messages. ansfer. 24 "OverNest launches GitZero with In addition, the StrongSalt network encrypted code searching at ...." 9 May. provides a system of hierarchical and role- 2016, https://techcrunch.com/2016/05/09/overn est-launches-gitzero-with-encrypted-code- 21 "QUIC - Wikipedia." searching-at-techcrunch-disrupt- https://en.wikipedia.org/wiki/QUIC. battlefield/. 푝 ensuring that all data is encrypted by default 푟푒푙푖 and all encrypted data is searchable. 퐷퐶퐺푝 = ∑ 푙표푔2(푖 + 1) As we continue to produce more and 푖=1 more data, more and more of our data 퐷퐶퐺푝 contains private information. As our 푛퐷퐶퐺푝 = datasets get larger, search becomes critical 퐼퐷퐶퐺푝 to making our data accessible and useful. Finally, we often trade off between security One area of encrypted search is called of our data and efficiency in searching our encrypted term query whereby the keys data. Lean too much one way, and you’ve containing a word or series of words are sacrificed privacy. Lean too much the other returned as a result of building an way, and you’ve created an impractical encrypted, inverted index of all the terms. application. In the figures below one can see the data pre-storage as well as the queries on the StrongSalt is building decentralized encrypted index. encrypted search, which we define as a discovery mechanism for distributed, chunked index files. As the client-initiated search scatters the queries to the distributed indices, the results must be gathered and annotated with source attribution. Built into the query pipeline will be timeouts that short circuit slow sources and report on which sources were successfully queried. The StrongSalt query mechanism shall employ some amount of natural language processing (NLP)25 to provide convenience and disambiguation functions, such as when one searches for the term “lease”, a rental agreement absent of the term “lease” should be returned. Figure 1: In building the search ranking Sample keys and objects for encrypting in StrongSalt functionality for StrongSalt, we shall leverage evaluation measures such as discounted cumulative gain (DCG)26 and its normalized equivalent nDCG, both below.

25 "Natural language processing - Wikipedia." https://en.wikipedia.org/wiki/Natural_languag e_processing. Accessed 4 Mar. 2019. Figure 2: 26 "Evaluation measures (information Plain text term HMAC hashing and retrieval) - Wikipedia." corresponding object AES-256 encryption https://en.wikipedia.org/wiki/Evaluation_meas ures_(information_retrieval). Accessed 4 Mar. 2019. Approaches to encrypted search under direction, StrongSalt favors achieving a consideration include fully-homomorphic balance between both. We are able to encryption (FHE), oblivious RAMs (ORAM), achieve this balance with structured property-preserving encryption, functional encryption, a type of encryption that is encryption, and structured encryption. 27 specific to the data structure29 being Most of these approaches are insufficiently encrypted. Common examples include set secure on their own, while others are encryption schemes and graph encryption performance constrained by the number of schemes, each supporting its respective documents, which is why we favor query types -- for example, set membership structured encryption as our design and neighbor queries, respectively. approach. Bost, Minaud, and Ohrimenko in their paper titled “Forward and Backward Private Searchable Encryption from Constrained Cryptographic Primitives” state that “The security of an SSE scheme expresses the fact that the server should learn as little as possible about the content of the database Figure 1: and queries.” Further, “An SSE scheme 훴 is StrongSalt’s encrypted search solution balances between data security and query efficiency 퐿 − 푎푑푎푝푡푖푣푒푙푦 − 푠푒푐푢푟푒, with respect to a leakage function 퐿, if for any polynomial- Another concept important to dealing time adversary 퐴 issuing a polynomial with large datasets is controlled disclosure number of queries 푞(휆), there exists a 푃푃푇 whereby a data owner wishes to only grant simulator 푆 such that: 28 access to a particular subset of data. Being able to do so without requiring the client to leak unnecessary information requires classifying computation or algorithmic

effort to be performed locally (on a subset of Solution Architecture data) instead of globally (across the entire

dataset). 30 The StrongSalt architecture ensures that Bost, Minaud, and Ohrimenko define a any data stored on its network is encrypted. common leakage function in their paper It also ensures that same encrypted data is titled “Forward and Backward Private easily and efficiently searchable, eliminating Searchable Encryption from Constrained any practical reasons for developers and Cryptographic Primitives”: the search businesses not to encrypt their users’ and pattern as follows: customers’ data at rest. In its internal state, the leakage function In the world of encrypted search, when records the list 푄 of every search query, in having to choose between security and the form (푢, 푤), where 푢 is the timestamp efficiency or how much to lean in any one

27 "Encrypted Search - Brown CS." 29 "Data structure - Wikipedia." https://cs.brown.edu/~seny/pubs/esearch.pdf. https://en.wikipedia.org/wiki/Data_structure. 28 "Forward and Backward Private Searchable 30 "Structured Encryption and Controlled Encryption from ...." Disclosure - Cryptology ePrint ...." https://eprint.iacr.org/2017/805.pdf. https://eprint.iacr.org/2011/010.pdf. (an index starting at 0 and increasing with These layers work together to create a every query) and 푤 is the searched keyword. cohesive environment in which to build The search pattern is defined as a function secure, private, and decentralized 푁 → 푃(푁) with applications with ease.

푠푝(푤) = {푢: (푢, 푤) ∈ 푄}.

Thus, 푠푝 leaks which search queries relate to the same keyword. 31

StrongSalt takes a multilayered approach in its overall design whereby each layer provides an abstraction from the layer below it allowing for more degrees of freedom and flexibility of implementation.

If one is familiar with the Open Systems

32 Interconnection (OSI) model , StrongSalt Figure 2: takes a very similar approach dividing its The five (5) layers of the StrongSalt protocol functionality into layers much like the OSI model partitions a communication system While each layer is independent and into abstraction layers. follows the separation of concerns (SoC) pattern, each layer also lives to serve the It should be noted that while the layer above it, while being served by the StrongSalt protocol goes lower in its layer below. We will describe each layer’s protocol definition than most blockchain purpose and intended goal in relation to its projects, it does so in order to solve real surrounding layers in the next five sections. world latency problems. In particular the StrongSalt protocol is concerned with the Solution Architecture: Transport transport layer, which is equivalent to both Layer the ISO network and transport layers. The Transport Layer much like the layer The StrongSalt protocol consists of the of the same name in both the ISO model following layers (bottom up): and TCP/IP protocol stack provides host-to- host communication services for 1. Transport Layer applications. In doing so it is responsible for 2. Blockchain Layer services related to flow control, connections, 3. Messaging Layer and reliability. 33 4. API Layer The StrongSalt team made a conscious 5. Application Layer decision not to go any lower in the network stack in order to maintain compatibility with the widest range of networking 31 "Forward and Backward Private Searchable Encryption from ...." https://eprint.iacr.org/2017/805.pdf. 33 "Transport layer - Wikipedia." 32 "OSI model - Wikipedia." https://en.wikipedia.org/wiki/Transport_la https://en.wikipedia.org/wiki/OSI_model. yer. equipment as well as the research and multiplexed connections, thus allowing for development underway for Internet2 34. non-blocking behavior. Connection and transport latency: QUIC The StrongSalt protocol will be built on is able to reduce connection and transport QUIC (Quick UDP Internet Connections), a latency by reducing the number of roundtrip transport layer alternative to the Internet handshakes to just one, while utilizing User protocol suite set of conceptual protocols, Datagram Protocol (UDP) instead of more commonly known as TCP/IP. “QUIC is Transmission Control Protocol (TCP). an experimental network transport layer Congestion: Congestion is avoided by the protocol initially designed, implemented, use of bidirectional bandwidth estimation as and deployed by Google in 2012.” 35 part of the protocol itself. In fact, both the IETF HTTP and QUIC working groups were moving to make QUIC a worldwide standard by requesting to rename the protocol to HTTP/3; this has now been finalized. 37

All of this background is to say that QUIC is the ideal choice of technology when it Figure 3: comes to a transport layer for StrongSalt Google’s description of where QUIC fits in the network protocol stack36 protocol behavior as well as decentralized networks. This is because the traffic QUIC aims to solve a number of patterns exhibited by our network’s nodes, shortcomings with TCP namely: such as short messages, replication requirements, and the Scatter/Gather 1. perceived performance, pattern38 tend to require a large number of 2. connection and transport latency, connections and subsequent round-trip and handshakes. 3. congestion.

Perceived performance: While HTTP/2 utilizes multiplexed connections, it cannot gracefully recover from an error on a single data stream, while QUIC allows for independent streams on each of the

34 "Internet2." 37 https://www.internet2.edu/. "HTTP-over-QUIC to be renamed 35 "QUIC - Wikipedia." HTTP/3 | ZDNet." 12 Nov. 2018, https://en.wikipedia.org/wiki/QUIC. https://www.zdnet.com/article/http-over- 36 "Redefining Internet Transport Presenter: quic-to-be-renamed-http3/. 38 Jana Iyengar." "How Does Scatter/Gather Work? – https://httpworkshop.github.io/workshop2015/ EEJournal." 9 Feb. 2017, presentations/iyengar-quic.pdf. Accessed 4 Mar. https://www.eejournal.com/article/201702 2019. 09-scatter-gather/. Instead we choose to focus on delivering a usable and scalable blockchain-based protocol ensuring data privacy with as low a cost to developers and users as possible.

That being said, in the short term, we are interested in projects such as Stellar40, Ontology41, and Ethereum42 for their performance characteristics and / or token creation ability.

Figure 4: In the long term we will likely develop our A demonstration of the scatter / gather pattern own blockchain; one that is built from the

ground up to support the chatty or short Solution Architecture: Blockchain and Scatter/Gather pattern of Layer communication, rather than financial

transactions. Although the StrongSalt protocol utilizes What this might look like is a middle a blockchain data structure and associated ground between signature-based network constructs to provide the blockchains like Bitcoin and smart contract- immutable and trustless nature of its based blockchains like Ethereum. The network, StrongSalt is chain agnostic, and reason for this is because the StrongSalt as such, does not require any particular protocol calls for an if-this-then-that blockchain. What this means and why is due pattern, well-suited for routing and passing to a number of reasons having more to do messages to and from connected smart with the primary goal of the StrongSalt devices. project rather than the specific underlying technology. 푖푓 (푥) { 푦(); } The StrongSalt team first and foremost aims to provide a platform on which to build The if-this-then-that pattern is more the best secure, private, and decentralized complex than signature-based blockchains applications. Whether that platform utilizes can handle, but utilizing a Turing complete a private or public blockchain does not matter. Whether that platform utilizes on- blockchain solution would be overkill. We believe this level of complexity will provide chain, off-chain, or a mix of both layer 1 and the generalization necessary to build a layer 2 blockchain optimization 39 scalable and performant, decentralized techniques does not matter. private information network.

39 "Making Sense of Ethereum's Layer 2 Scaling Solutions: State ...." 12 Feb. 2018, 40 "Stellar - Develop the world's new https://medium.com/l4-media/making- financial system." https://www.stellar.org/. sense-of-ethereums-layer-2-scaling- 41 "Ontology." https://ont.io/. solutions-state-channels-plasma-and- 42 "Ethereum Project." truebit-22cb40dcc2f4. https://www.ethereum.org/. Blockchain Layer: Nodes ultimately be received by all subscribed clients. The blockchain layer provides the concept Messaging nodes are also responsible for of nodes and node roles. Given that the providing notification services such as when blockchain layer functions as an abstraction a client receives a message on a channel to layer, it is free to introduce any number of which they are subscribed. In this way node roles so long as it maintains its messaging nodes implement the interface with the layer above it as well as hierarchical publish-subscribe model of properly utilize the layer below it. StrongSalt protocol’s messaging backbone. There are currently three types of nodes Finally, messaging nodes also provide in the StrongSalt network: message storage and message retrieval services as part of the message duplication 1. Routing nodes, and scattering process mentioned in the 2. Messaging nodes, and Transport Layer section. 3. Client nodes Finally, if one day a better Routing nodes play the role of broker for decentralization technology than blockchain messaging nodes. While routing traffic comes to fruition, we will not hesitate to between other routing nodes based on explore and adopt as we see fit. channel subscription, they also route lower level traffic such as message traffic between Blockchain Layer: Consensus messaging nodes. In addition to routing, routing nodes also When it comes to consensus algorithms of play the role of accountant. They keep track the blockchain itself, the StrongSalt team of the work performed by messaging nodes prefers a combination of Federated such as message storage and message Byzantine Agreement (FBA)43 and Proof of retrieval. The accounting is then written to Stake (PoS)44, owing to the centralized the blockchain as transactions, whereby tendency of mining when Proof of Work they become available as immutable (PoW) is concerned. 45 transactions viewable publicly and verifiable However, the StrongSalt network itself by all on the public ledger that is the relies on a variant of Proof-of-Space (Proof- blockchain. of-Capacity) for the low-level block level When it comes to compensation, the routing nodes’ accounting results in payment to all nodes who have performed 43 work. In this case both the routing nodes "The Stellar Consensus Protocol: A Federated Model for Internet-level ...." and messaging nodes will each earn a https://www.stellar.org/papers/stellar- proportion of the StrongSalt tokens consensus-protocol.pdf. allocated for messaging activity. 44 "What is Proof of Stake? – Hacker Noon." 6 Oct. 2017, Messaging nodes play the role of broker https://hackernoon.com/what-is-proof-of- for client nodes. When a message is stake-8e0433018256. 45 "Mining Centralization Scenarios – published, the messaging nodes forward Jimmy Song – Medium." 10 Apr. 2018, this client traffic to routing nodes, ensuring https://medium.com/@jimmysong/mining that messages from one client will -centralization-scenarios-b74102adbd36. storage providers, which will be described in a utility token to be used within the network the next section. for a myriad of purposes. It was not designed as either a security token or a currency. As such a utility token requires an ecosystem of motivated actors and corresponding incentives in order to provide value. Such values of a utility token is extremely important in maintaining a healthy ecosystem and robust network. However, one of the biggest problems of any utility token is the problem of token velocity if the token is only used as a proprietary payment currency within the system. 47 The main problem of high velocity utility token is the ever-present downward price pressure. A well-designed token economic model should have the desired effect of “the price of utility token should increase approximately linearly with the usage of the

network.”48 Such effect will have a virtuous

Figure 5: cycle of fueling the network. Client, messaging, and routing node interaction; The StrongSalt Token is a Fixed-Supply routing node writing to blockchain Work Token Model in that in order to perform work, a resource provider stakes Blockchain Layer: Token Economics the token to earn the right to participate in the network. Token economics is a concept at the core In the Work Token Model, the number of of permissionless blockchain networks tokens staked by the resource provider as a where anyone is free to join, participate, and percentage of the total number of tokens either act good or bad. A properly designed staked by all the resource providers is token economic system favors good approximately equal to the probability of 46 behavior. being rewarded the next job. Because The Blockchain Layer requires a protocol staking or bonding is a requirement to or native token in order to operate -- the participate in the growth of the network, the StrongSalt Token. Depending on one’s role resource providers acting rationally would within the StrongSalt network, one may be spending or earning tokens. And in one 47 “Understanding Token Velocity.” 8 Dec. particular case, both spending and earning 2017, Kyle Samani, tokens. The StrongSalt Token is designed as https://multicoin.capital/2017/12/08/understa nding-token-velocity/.

46 "Nuances Between Permissionless and 48 “New Models for Utility Tokens.” 13 Feb. Permissioned Blockchains." 17 Feb. 2018, 2018, Kyle Samani, https://medium.com/@akadiyala/nuances- between-permissionless-and-permissioned- https://multicoin.capital/2018/02/13/new-models- blockchains-f5b566f5d483. utility-tokens/. increase their holding of tokens over time in Instead, StrongSalt Token as a work token order to increase the likelihood of being as described is valued at a multiple of the awarded the next job. operating cash flows. One of the fundamental questions in any Such economic model separates the blockchain network that involves tokens Service Provider from the Resource regardless of the type of token is whether Provider. The Resource Providers can be there are miners involved. further divided into Object Storage Service Because the StrongSalt network aims to or the Block Storage Service. provide robust services even in the case of The StrongSalt MarketPlace Service government or corporate interference, our Providers such as the API services provided answer to such question is a resounding yes. by the StrongSalt Encrypted Search API. We will describe our mining and consensus However, the service provided by the when we discuss the Storage Providers Resource Providers such as the object store below. service needed by the StrongSalt Encrypted In the StrongSalt network, there are Storage API is a commodity. The Resource multiple economic incentives or drivers for Providers will need to keep or purchase the growth of the network. additional tokens in order to participate in As more users find value in the Apps in the network and earn the right for work by the StrongSalt AppStore and as the number staking these tokens. of Apps increases, there is more demand As the network grows and matures, it will from these Apps for the API services decrease the discount rate by de-risking and provided by StrongSalt MarketPlace service increase the terminal value of the tokens providers. As more service providers join even further. the network or as service providers grow the The StrongSalt network has the following capability to fulfill the services needed by actors: these Apps, the demand for the resource providers also grows. 1. App developers; In other words, as more app users or API 2. Service/API Providers; users join the network, the demand for 3. Resource Providers; tokens increases. As a result, the price of the 4. Storage Providers; token will increase given a fixed supply of 5. Hybrid Providers; tokens. As the demand of the service grows, 6. Users. the demand for resources will grow as well, which further increases the demand for Each of the actors will have a different use tokens by the resource providers. Resource for tokens. providers will pay more per token for the right to earn a right to participate in earning part of the cash flow stream. StrongSalt Token is therefore not merely a proprietary payment token which according to the MV = PQ will only capture a fraction of revenues paid to service providers by the users. That’s because for V > 1, M = PQ/V < PQ. customers, such as Nike, for consumption of any and all of their services from the basic API services and to more advanced services such as ML, Image Recognition, and NLP services. These services typically do not work in an encrypted environment but with the StrongSalt Platform, they can. The StrongBuild API services provided by StrongSalt for decentralized encrypted search, share, and storage API would be considered a Service Provider in the same manner as other participants. These API can Figure 6: be used by App Developers directly or by Application developers accessing service other Service Providers to provide a privacy- providers via the StrongSalt platform preserving versions of the typical services App Developers: App developers they were providing on other non-privacy- develop apps to be available on the focused platforms. StrongSalt Companies such as LinkedIn who provide a professional social network Resource Provider: Companies platform may be interested in not only especially cloud providers such as encrypting their users’ data at rest, but also RackSpace, Amazon, Google, and Microsoft searchable encryption functionality. This can function as resource providers with would make LinkedIn, Facebook, Slack, their existing cloud service platforms. and similar platform companies Amazon has AWS49, Google has GCP50, and ideal candidates for leveraging the Microsoft has Azure51. StrongSalt protocol. The most basic use cases for the resource In this case LinkedIn is an application providers involve making cloud storage and developer on the StrongSalt platform, cloud compute resources available on the utilizing the StrongSalt protocol and APIs to StrongSalt platform in the form of pluggable provide a layer of privacy and security by services. default. To continue the example above, these As a consumer of both storage and Resource Providers will be able to charge compute resources on the StrongSalt their customers, such as the Service platform, LinkedIn would be charged API Providers, for consumption of any and all of access fees. For ease of use and simplicity their services from the basic storage and both storage and compute usage can be compute to more advanced services such as abstracted at the API request / response dynamic RDBMs and columnar storage level. engines.

Service or API Providers 49 Companies such as Twilio and Google "Amazon Web Services (AWS) - Cloud ...." https://aws.amazon.com/. may function as service providers. These 50 "Google Cloud." https://cloud.google.com/. service providers will be able to charge their 51 "Microsoft Azure." https://azure.microsoft.com/en-us/. Because most of the services provided by APIs to enhance their product offering with resource providers are commodity services, encryption at rest and searchable Resource Providers do need to stake tokens encryption. In the second part of the hybrid as described above to participate in scenario, MongoDB is a service provider, providing services and earning tokens. now offering its enhanced document store The StrongSalt network has the as a service to potential customers. StrongStore service that provides an object Because MongoDB both consumes store service needed by the StrongBuild API resources and provides resources, it plays service. on both sides of the token economy.

Storage Providers: Users: The applications built on the Storage Providers are different from StrongSalt platform can have users that are resource providers in two important businesses or users that are end-users differences. depending on if they are of the LinkedIn The first difference is that storage type or of the MongoDB type, as in our providers provide a low-level service such as examples above. the block storage service needed by the An end-user will typically not have to buy StrongStore object store service. or spend tokens to utilize an application The second and more important (such as StrongVault) built on the difference is that the decentralized nature of StrongSalt protocol unless the application participants in this layer provides the ideal requires it. However, a user that is a candidate for the mining service needed to business, specifically consuming resources maintain the independence and robustness on the StrongSalt platform in a of the network. programmatic fashion will typically incur The consensus model of the mining resource consumption costs. services provided by the Storage Solution Architecture: Messaging Hybrid: App / Service / Resource: Layer There exists a 3rd non-user actor in the StrongSalt network; companies such as The Messaging Layer has been MongoDB who provide a document store implemented as a publish-subscribe database52 as a service act like both messaging pattern whereby the senders application developers and service (publishers) and receivers (subscribers) of providers. We call these hybrid applications messages are unaware of each other and / services. There are also cases of either merely categorize messages and express Service / Resource hybrids and App / interest in topics, respectively. The roles of Service / Resource hybrids. StrongVault by publishers and subscribers in a publish- StrongSalt is a great example of the latter. subscribe messaging pattern are clearly In the first part of the hybrid scenario, defined and delineated in order to provide MongoDB is an application developer on the the network scalability desired. StrongSalt platform, utilizing the StrongSalt

52 "Document-oriented database - Wikipedia." https://en.wikipedia.org/wiki/Document- oriented_database. Figure 8: Hierarchical pub / sub pattern present at each node layer

The messaging layer also provides notification services as implemented by the messaging nodes in the Blockchain Layer. When a client connects to the network with its list of subscribed channels, the client will receive a set of notifications corresponding to any new messages in its queue. The client’s initial connection and subsequent receipt of notifications is tantamount to a Figure 7: pull and push model, respectively. Publisher / Subscriber pattern

Messaging Layer: Reactive System The StrongSalt protocol, however, calls Manifesto for a hierarchical publish-subscribe pattern53, providing multiple layers of The Messaging Layer plays a critical role publishers and subscribers each creating in the security and scalability of the overall their own messaging system. StrongSalt network. As such we have Higher level brokers such as routing adopted the Reactive System Manifesto54 as nodes route traffic at that level, while lower a core tenet of StrongSalt. Because of how level brokers such as messaging nodes route applicable this set of beliefs is to our cause, traffic on their own level. we have reproduced it in part below: The hierarchical design affords a higher level of flexibility when it comes to scaling Responsive: The system responds in a the layers below, the Blockchain and timely manner if at all possible. Transport Layers. Responsiveness is the cornerstone of

usability and utility, but more than that, responsiveness means that problems may be detected quickly and dealt with effectively. Responsive systems focus on providing rapid and consistent response times, establishing reliable upper bounds so they deliver a consistent quality of service. This consistent behavior in turn simplifies error handling, builds end user confidence, and encourages further interaction.

Resilient: The system stays responsive in the face of failure. This applies not only to 53 "Distributed publish/subscribe networks - highly-available, mission-critical systems — IBM." https://www.ibm.com/support/knowledgecente r/en/SSFKSJ_8.0.0/com.ibm.mq.pro.doc/q005 54 "The Reactive Manifesto." 16 Sep. 2014, 120_.htm. https://www.reactivemanifesto.org/. any system that is not resilient will be work with the same constructs and unresponsive after a failure. Resilience is semantics across a cluster or within a single achieved by replication, containment, host. Non-blocking communication allows isolation and delegation. Failures are recipients to only consume resources while contained within each component, isolating active, leading to less system overhead. components from each other and thereby ensuring that parts of the system can fail Messaging Layer: Generality of Nodes and recover without compromising the system as a whole. Recovery of each The StrongSalt protocol is intentional in component is delegated to another its design of a hierarchical node model. (external) component and high-availability Keeping the core routing functionality is ensured by replication where necessary. separate and distinct from the messaging The client of a component is not burdened functionality allows us to easily provide with handling its failures. additional node types at the secondary level of nodes. Elastic: The system stays responsive For example, in addition to messaging under varying workload. Reactive Systems nodes, one can imagine developing a storage can react to changes in the input rate by node type that provides semi-permanent increasing or decreasing the resources storage services. One can also imagine allocated to service these inputs. This backup nodes for long term backup services implies designs that have no contention and compute nodes for computing, big data, points or central bottlenecks, resulting in or machine learning services. the ability to shard or replicate components and distribute inputs among them. Reactive Messaging Layer: SLAs Systems support predictive, as well as Reactive, scaling algorithms by providing With an architecture that supports any relevant live performance measures. They type of service-oriented node, StrongSalt is achieve elasticity in a cost-effective way on able to isolate users from existing service commodity hardware and software providers. As such, StrongSalt’s network platforms. provides a service level agreement (SLA) 55 between its users and its service providers. Message Driven: Reactive Systems rely Imagine enterprise cloud services on asynchronous message-passing to providers such as Amazon or Google establish a boundary between components offering their cloud services on the that ensures loose coupling, isolation and StrongSalt network, competing with each location transparency. This boundary also other and other providers fairly in a provides the means to delegate failures as decentralized market driven by incentive- messages. Employing explicit message- based token mechanics and financial passing enables load management, models. elasticity, and flow control by shaping and monitoring the message queues in the system and applying back-pressure when necessary. Location transparent messaging 55 as a means of communication makes it "Service-level agreement - Wikipedia." https://en.wikipedia.org/wiki/Service- possible for the management of failure to level_agreement. In doing so, we believe that StrongSalt Exactly-once delivery is difficult if not can help the net neutrality56 cause by impossible58 by some opinions, though equalizing the service providers and at the more importantly is the most expensive and same time avoiding vendor lock in. correspondingly has the worst performance. 59 Messaging Layer: Actions QoS is an important feature of most The Messaging Layer works like any other networking applications, as not all traffic is queue-based system. When a client is created equal. For example, if you are connected to the network, it has these browsing the web, and a packet fails to actions available to it: arrive at its intended destination, that packet can be retransmitted, and the web 1. Connect page will still load, render, and be viewable. 2. Disconnect However, if you are on a Skype video call, 3. Publish and a few packets get lost, the impact is 4. Subscribe much higher; the audio from the video call could be garbled, and retransmitting the lost Messaging Layer: Quality of Service packets would not help because that moment in the conversation will have Each message, when published, has a passed. 60 Quality of Service (QoS) 57 measurement ascribed to it that determines its overall delivery performance. These levels are Messaging Layer: Key Functions currently available: There are several key functions that are 1. At-most-once needed to be performed on messages in the 2. At-least-once StrongSalt Messaging Layer: 3. Exactly-once 1. Message Scattering At-most-once delivery means that an 2. Message Gathering attempt will be made to deliver the message, 3. Message Duplication but there is no guarantee that the message 4. Message Expiration will be delivered. At-least-once means that multiple attempts will be made to deliver the message such that at least one is delivered, 58 "You Cannot Have Exactly-Once Delivery – sometimes resulting in multiple duplicate Brave New Geek." 25 Mar. 2015, messages being delivered. https://bravenewgeek.com/you-cannot-have- exactly-once-delivery/. 59 "Message Delivery Reliability • Akka 56 "What Is Net Neutrality? The Complete Documentation." WIRED Guide | WIRED." https://doc.akka.io/docs/akka/2.5/general/mes https://www.wired.com/story/guide-net- sage-delivery-reliability.html. neutrality/. 60 "The Basics Of QoS | Network Computing." 57 "Quality of service - Wikipedia." 15 Aug. 2016, https://en.wikipedia.org/wiki/Quality_of_servi https://www.networkcomputing.com/networkin ce. g/basics-qos/402199215. Each of these is required in a distributed garbage collected messages were indeed and decentralized system. removed can be a costly activity. 62

Message scattering is necessary for long Messaging Layer: Merkle Trees messages if we are to ensure network performance and storage requirements. In computer science Merkle trees or hash Long messages must be chopped into trees play an important role in the smaller message fragments and scattered recordkeeping of chunked data. Their among the network nodes. structure provides efficient and secure verification of the contents of data Message gathering is required as a result structures, especially large ones, such as a of the network supporting message blockchain database. 63 scattering. Once a message has been chopped into smaller fragments and The StrongSalt network utilizes Merkle scattered, a process to gather and merge is trees for the scatter / gather activities responsible for reconstructing the original mentioned in the Transport Layer section. message before it can be delivered to its Much like a BitTorrent tracker tracks which final destination. peers have which file copies, a Merkle tree tracks all pieces of a message, ensuring none Message duplication is useful for a are subject to tampering or destruction. 64 network that desires resilience through redundancy, and particularly important for a decentralized environment where no guarantees exist for node operator minimums, whether it be architectural or political decentralization. 61

Message expiration along with the combination of encrypting and scattering is a key feature of the StrongSalt protocol. This is to deter behavior such as the collecting and deciphering of expired messages. It should be noted that although all messages have an expiration, due to the fact that StrongSalt is not a permanent storage network, it is possible to build a highly scalable storage network on stop of it. Janitorial services for expired messages 62 "Costs of a Real World Ethereum Contract include garbage collecting and discarding, – Hacker Noon." 10 Aug. 2017, https://hackernoon.com/costs-of-a-real-world- however, determining whether or not the ethereum-contract-2033511b3214. 63 "Merkle Trees – Hacker Noon." 15 Dec. 2017, https://hackernoon.com/merkle-trees- 61 "The Meaning of Decentralization – Vitalik 181cb4bc30b4. Buterin – Medium." 6 Feb. 2017, 64 "BitTorrent tracker - Wikipedia." https://medium.com/@VitalikButerin/the- https://en.wikipedia.org/wiki/BitTorrent_track meaning-of-decentralization-a0c92b76a274. er. Figure 9: is proportional to the number of leaf nodes Merkle tree diagram65 in the binary tree. 67

Merkle trees are used in other areas of the Solution Architecture: API Layer StrongSalt network as well:

StrongSalt’s API Layer is the entryway 1. Blockchain Layer Accounting into the StrongSalt platform. Whether you 2. Missing Message Fragment are a service provider providing cloud Identification storage functionality by way of the

StrongSalt API or are an application The Blockchain Layer is responsible for developer consuming the StrongSalt APIs, tracking which nodes are doing what work. these APIs are how all the non-user It does so by storing a map of the message ecosystem actors will interface. hashes to messaging nodes, and in doing so, performs the accounting of the temporary storage function the messaging nodes play. Multiple messages can be hashed together in one transaction, providing significant storage savings on the blockchain. In addition to reducing transaction size and helping the network to scale, message batching provides a certain level of privacy at the transaction level, while preserving Figure 10: auditability. This is conceptually similar to Sample API call to store data encrypted by default cryptocurrency tumbling66 whereby StrongSalt’s API Layer is a thin layer on identifiable cryptocurrency funds are mixed top of the Messaging Layer. However, due to with others to obscure the provenance of the StrongSalt’s layered architecture, this thin funds. layer provides access to a feature-rich

platform -- encrypting data by default and Because we are using a Merkle tree to ensuring that data doesn’t get lost forever by store the scattered message fragments, it making it fully searchable. becomes trivial to identify which message The API Layer is also modeled after the fragments are missing during the gathering publish-subscribe pattern. For much of the phase of scatter / gather. This is due to the same reasons above, we believe the pub-sub highly performant method of querying for pattern to be the best way to provide the the presence of a hash in a Merkle tree, decoupling desired for the message senders namely 푂(푙표푔 푛) time complexity, as and receivers. compared to typical time complexity, which While sitting just below the Application Layer, the API Layer provides an

65 "Merkle tree diagram - Wikipedia." abstraction such that the Application Layer https://upload.wikimedia.org/wikipedia/comm need not be aware of how the publish- ons/thumb/9/95/Hash_Tree.svg/1200px- subscribe functionality is implemented by Hash_Tree.svg.png. 66 "Cryptocurrency tumbler - Wikipedia." https://en.wikipedia.org/wiki/Cryptocurrency_t 67 "Merkle tree - Wikipedia." umbler. https://en.wikipedia.org/wiki/Merkle_tree. the Messaging Layer, or that there even own token mechanics and economic model exists a Messaging Layer. on top of the StrongSalt protocol token. Meanwhile the API Layer is not concerned with how the publish-subscribe Solution Architecture: Security API is being used -- a user is no more than an opaque string its client is manipulating, When it comes to security, StrongSalt as in the opaque data type concept. 68 takes a unique approach to ensuring that data stored on its network is always secure. Security is implemented via a layered approach, where each layer implements its own security features, while at the same time avoiding duplication of security efforts among the other layers. Though each layer addresses its own particular security concerns, the security of Figure 11: the overall system should be more than the Fundamental API endpoints to read, write, sum of that of each layer. 69 search, and share data

Solution Architecture: Application Layer

The StrongSalt Application Layer is where developers will build their applications, decentralized or not, that will take advantage of StrongSalt’s full protocol stack. This means that applications built on the StrongSalt platform will have security and privacy built in, protecting their users’ data by default. These same applications will also Figure 12: have data encryption and searchable Each layer is responsible for its own security encryption by default, all while leveraging a low latency transport layer. The Transport Layer leverages the As we will discuss in the future use cases encryption-by-default provided by the QUIC section, the Application Layer will be home protocol, namely a more efficiently brokered to both platform providers and service TLS handshake.70 This ensures that providers looking to build encryption and communication between nodes of the searchable encryption natively into their Blockchain Layer is secure, and only what is offerings. required to be exposed is exposed. Any application developer is free to implement their own utility token with its 69 "Defense in Depth | US-CERT." 13 Sep. 2005, https://www.us- cert.gov/bsi/articles/knowledge/principles/defe 68 "Opaque Data Types - IBM." nse-in-depth. https://www.ibm.com/support/knowledgecente 70 "draft-ietf-quic-tls-18 - Using TLS to Secure r/en/SSGU8G_12.1.0/com.ibm.sqlr.doc/ids_sqr QUIC - IETF Tools." 22 Jan. 2019, _165.htm. https://tools.ietf.org/html/draft-ietf-quic-tls-18. The Blockchain Layer implements its smart contract, blockchain-based virtual security via a trustless model utilizing a machines (VMs).73 blockchain to decentralize authority. A StrongSalt code will live on computing token economic model with mechanics and nodes, segregated from the blockchain. incentives for service providers and There are a number of benefits to designing consumers ensures the appropriate the network in this way, but the primary behaviors are ones that are financially reasons have to do with scalability and beneficial. 71 security. By not incorporating the code into The Messaging Layer is responsible for the blockchain itself, the blockchain is free ensuring messages are securely sent and to do what it is best at doing -- providing received as implemented by the hierarchical token economics and sharing a distributed publish-subscribe pattern. This is accounting ledger. This also has the side accomplished by ensuring all connections to effect of reducing the chances of the and from the Blockchain Layer nodes are blockchain becoming an attack vector for encrypted and appropriate use of security the code. certificates is employed. The API Layer is capable of providing additional services such as an encryption API that application developers can call to encrypt and decrypt their data. This obviates the need for application developers to make decisions in areas for which they may not be well-versed such as cryptography and encryption scheme selection -- AES 128 vs. 256 or ECB vs. CBC vs. CTR vs. GCM.72 The Application Layer is responsible for security of users and users’ content, such as data retention or message expiration.

Security: Blockchain

The StrongSalt team has made a critical decision when it comes to blockchain Figure 13: Code will live on compute nodes not the security -- StrongSalt code will not be stored blockchain on the blockchain as is the case with typical Security: Certificates

The StrongSalt network requires the use 71 "Basecoin (aka the Basis Protocol): the worst idea in ... - Preston Byrne." 13 Oct. 2017, of public key certificates for all actors. A https://prestonbyrne.com/2017/10/13/basecoin -bitshares-2-electric-boogaloo/. 73 "Getting Deep Into Ethereum: How Data Is 72 "Block cipher mode of operation - Stored In Ethereum?." 3 Aug. 2018, Wikipedia." https://hackernoon.com/getting-deep-into- https://en.wikipedia.org/wiki/Block_cipher_m ethereum-how-data-is-stored-in-ethereum- ode_of_operation. e3f669d96033. public key certificate provides information about the public key being represented, information about the identity of its owner, and the digital signature of the entity that has verified the certificate’s contents. 74 Public key certificates along with public key infrastructure (PKI)75 are often employed in situations where a higher level of security is required during identity confirmation and data validation. 76

A device attempting to connect to the StrongSalt network must present a public Figure 14: Public key certificate procurement and key certificate signed by a certificate verification among nodes authority (CA)77 trusted by the StrongSalt network. The device’s certificate which can Security: Security Primitives be acquired by node assignment or burned in at the factory during manufacturing is Because complexity is the enemy of then verified by a node on the StrongSalt execution, we have purposefully selected for network. use protocols and cryptographic ciphers that Nodes on the StrongSalt network in turn are well-researched and well-understood. must also procure a public key certificate in This ensures the core of StrongSalt’s order to be node operators which also verify protocol can be easily audited by academic device certificates. In order to bootstrap the researchers and industry technologists. StrongSalt network, select nodes will We have selected the latest, widespread function as certificate managers. protocols and cryptographic ciphers, but will be evaluating and updating as necessary in an ongoing fashion as mathematics, quantum computers, and hardware advances.

All numbers are to be encoded using network big-endian order.78

74 "Public key certificate - Wikipedia." Authentication https://en.wikipedia.org/wiki/Public_key_certif icate. 75 "Certificates and Public Keys - Windows AES-256 in CTR mode + HMAC79 applications | Microsoft Docs." 30 May. 2018, https://docs.microsoft.com/en- us/windows/desktop/seccrypto/certificates- and-public-keys. 78 "Network byte order and host byte order - 76 "Public key infrastructure - Wikipedia." IBM." https://en.wikipedia.org/wiki/Public_key_infra https://www.ibm.com/support/knowledgecente structure. r/en/SSB27U_6.4.0/com.ibm.zvm.v640.kiml0/ 77 "Certificate authority - Wikipedia." asonetw.htm. https://en.wikipedia.org/wiki/Certificate_autho 79 "HMAC - Wikipedia." rity. https://en.wikipedia.org/wiki/HMAC. Hashing Algorithm This new model, Quick Authenticated and Confidential Channel Establishment SHA25680 (QACCE)85, considers attackers who can initiate and observe communications in Diffie-Hellman Key Exchange81 addition to intercept, drop, reorder, or modify any exchanged messages. The study Curve2551982 found that “QUIC can successfully protect against such strong attackers and provide Signatures QACCE Security.” 86

83 Ed25519 / EdDSA Adoption

Public Key Length Adoption: IoT Messaging Protocol 256-Bits (32 bytes) The typical evaluation criteria for Signature Length assessing protocols includes, but are not limited to the following87: 512-Bits (64 bytes) ● Confidentiality Security: Security Attacks ● Low protocol overhead ● Unstable network tolerance In 2015 there was an article titled “How ● Low power usage Secure and Quick is QUIC? Provable ● Millions of connected clients Security and Performance Analysis” ● Push communication presented at the IEEE Symposium on Security and Privacy. This article presented Because the StrongSalt protocol can a provable, more suitable security model for demonstrate all of these traits, we believe it QUIC in that QUIC must consider is highly suitable for secure IoT reordering and packet injection issues communication use cases. normally handled by TCP, lest it sacrifice security for latency. 84 Adoption: Existing Solutions

80 "SHA-2 - Wikipedia." 85 "Authenticated Confidential Channel https://en.wikipedia.org/wiki/SHA-2. Establishment and the Security of ...." 1 Oct. 81 "Diffie–Hellman key exchange - Wikipedia." 2017, https://en.wikipedia.org/wiki/Diffie%E2%80%9 https://dl.acm.org/citation.cfm?id=3146433. 3Hellman_key_exchange. 86 "QUIC: Performance and Security at the 82 "Curve25519 - Wikipedia." Transport Layer – IETF Journal." 12 Nov. 2016, https://en.wikipedia.org/wiki/Curve25519. https://www.ietfjournal.org/quic-performance- 83 "EdDSA - Wikipedia." and-security-at-the-transport-layer/. https://en.wikipedia.org/wiki/EdDSA. 87 "MQTT and IBM MessageSight: Secure, 84 "How Secure and Quick is QUIC? Provable reliable communications for ...." 28 Jan. 2015, Security and Performance ...." https://www.ibm.com/developerworks/websph https://ieeexplore.ieee.org/abstract/document/ ere/techjournal/1501_maynard/1501_maynard. 7163028/. html. Though encryption protocols like the one from Signal88 already exist, most provide Adoption: Tor end-to-end encryption primarily suited for real time messaging between two parties.89 The Tor94 project was started in 2002, The StrongSalt protocol aims to provide and while successful at what it was designed one-to-many and many-to- to do, does not satisfy the requirements for many90communication, and thus requires a a generic communication platform where protocol designed from the ground up that communication can be peer-to-peer and not merely accommodates, but natively bidirectionally initiated. supports multiple senders and multiple Tor’s primary use case is anonymous receivers. website access95, which can be seen as one- Telegram91 is another popular messaging to-one communication where a user or application, however, it is just that -- an client accesses information on a server. A application. It also does not encrypt multi- generic communication platform cannot be party communication92, and is at the same limited to one-to-one or even n-to-one time centralized. The founders of Telegram communication, but rather must support m- have plans to provide a decentralized to-n communication. platform, but nothing has been released yet. In addition, a generic communication 93 platform should support offline The rest of the messaging apps and their communication, which does not make sense associated protocols follow a centralized in the Tor anonymous website access model and do not provide the type of pattern. encryption a secure, private information From a security perspective, Tor uses network requires. SHA1 instead of the recommended SHA256 The StrongSalt protocol will provide the version of the cryptographic hash function foundation upon which any messaging app due to its need to maintain backward can build upon without each having to compatibility with hybrid encryption. worry about security, encryption, and Finally, the type of data or traffic Tor was latency on their own. designed to anonymize is high-latency TCP- based activity. Given this, Tor more closely

resembles an application level protocol, 88 "Signal >> Home." https://signal.org/. 89 "Signal >> Specifications >> The Double rather than a low-latency network level Ratchet Algorithm." 20 Nov. 2016, protocol built on the QUIC protocol. https://signal.org/docs/specifications/doublerat chet/. Adoption: Future Use Cases 90 "Many-to-many - Wikipedia." https://en.wikipedia.org/wiki/Many-to-many. 91 "Telegram Messenger." There are several obvious use cases for https://telegram.org/. building on top of the StrongSalt protocol 92 "In contrast, Telegram does no encryption given its decentralized privacy features: at all for ... - Hacker News." https://news.ycombinator.com/item?id=161174 87. ● Genetic Testing 93 "Telegram to Debut 'Test Version' of Blockchain Platform TON 'This ...." 16 Oct. 2018, 94 "Tor." https://www.torproject.org/. https://cointelegraph.com/news/telegram-to- 95 "Who uses Tor?." debut-test-version-of-blockchain-platform-ton- https://www.torproject.org/about/torusers.html this-autumn-say-investors. .en. ● Decentralized video conferencing data is worth more under 23andMe control ● Enterprise group collaboration and subsequently can be shared and rented ● Data escrow to other pharmaceutical companies.

Use Case: Genetic Testing Use Case: Decentralized Video Conferencing

Imagine the genetic testing company For those who care about preserving 23andMe96 that popularized home based privacy when it comes to video conferencing testing for health reports, genetic traits, and whether it be for personal use or business family history. Over the years they have use, the only way to ensure complete privacy amassed a trove of genetic data that they is to ensure that no centralized authority can now sell to pharmaceutical companies has access to the internal operations of the like GlaxoSmithKline (GSK). platform or network. Rather than sell their users’ genetic data In this case we would build a in a one-time transaction, 23andMe can decentralized video conferencing share or rent the data to GSK via the application where the content and data are StrongSalt platform. 23andMe’s data never routed and coordinated by a decentralized leaves the StrongSalt platform, and as such, network of operators. 23andMe retains full control over data access and usage. In fact, 23andMe can Use Case: Enterprise Group Collaboration grant certain permissions to the original genetic data’s owner in a multi-level data Currently, many cloud-based enterprise ownership model. group messaging products and platforms store most if not all of their data in the cloud. As a result, the companies that operate these platforms retain complete control over your conversations, emails, and business data. More often than not, this means these companies can also view your private data whenever they want. Though these same companies may use marketing speak such as “encryption” and “firewalls”, as long as they continue to perform the encryption and hold the encryption keys, data privacy does not exist. Utilizing the StrongSalt protocol we can build a decentralized enterprise group Figure 15: 23andMe sharing data selectively among collaboration product or platform that is pharmaceutical companies truly private.

From an economics perspective, GSK will Use Case: Data Escrow pay less for access to data vs. a one-time data dump, but ultimately the 23andMe Imagine a data escrow service. Payments are guarded by smart contracts. Though 96 "23andMe." https://www.23andme.com/. generic blockchain smart contracts can provide generalized escrow services, provided by the StrongSalt protocol. In fact, StrongSalt will focus on data escrow services both Amazon and Google can participate in only. the StrongSalt economy by offering their StrongSalt would provide a list of pre- services in an a la carte fashion on the coded smart contracts, each with its own StrongSalt network. custom logic specific to the escrow type. The complexity would be hidden behind an Summary intuitive user interface such that the application would have mass appeal. The escrow service would only release the Today we face ever-increasing amounts of product, say a digital piece of art, and data creation. By some estimates we are charge the buyer the corresponding tokens creating 2.5 quintillion bytes of data every after the conditions of the smart contract day. 97 Inevitably that data contains more were satisfied. and more personally identifiable In addition, we could instruct for a information (PII)98 Based on the scale and preview to only be downloadable once the severity of data attacks in 2018 alone, it is tokens are in escrow, and the tokens not clear that businesses are not sufficiently released to the seller until the full artwork protecting its users data. 99 was downloaded. The StrongSalt team is building a set of protocols and a platform to ensure that data Adoption: Node Types is encrypted by default. We are making that encrypted data fully searchable, easy to Throughout the course of this paper we store and retrieve, and in a cost-effective have mostly discussed storage services, ecosystem. There should be no excuses to however, one can imagine any number of properly protect the world’s data -- useful node types providing services for the especially when the ramifications of not decentralized applications to consume. doing so are so dire. 100, 101 Similar to how the Internet evolved, first you need the network, then you can provide the services. 97 "How Much Data Do We Create Every Day? The Mind-Blowing Stats ...." 21 May. 2018, https://www.forbes.com/sites/bernardmarr/20 Examples of additional node types and 18/05/21/how-much-data-do-we-create-every- services include long term data storage and day-the-mind-blowing-stats-everyone-should- computation services. These services will read/. 98 provide work in exchange for tokens as part "Personally identifiable information - Wikipedia." of the token economic model brokered by https://en.wikipedia.org/wiki/Personally_identi the Blockchain Layer discussed above. fiable_information. 99 "The 21 scariest data breaches of 2018 - Adoption: Decentralized Cloud Business Insider." 30 Dec. 2018, https://www.businessinsider.com/data-hacks- breaches-biggest-of-2018-2018-12. In many ways, the StrongSalt network 100 "The Equifax Data Breach: What to Do | functions as a decentralized cloud such as Consumer Information." 8 Sep. 2017, Amazon Web Services (AWS) or Google https://www.consumer.ftc.gov/blog/2017/09/e quifax-data-breach-what-do. Cloud Platform (GCP). This is in large part 101 "Equifax Says Cyberattack May Have due to the service provider abstraction Affected 143 Million in the U.S. ...." 7 Sep. 2017, Contact

Come chat with the StrongSalt team on Telegram! We’d love to meet you and learn what brought you here.

https://www.nytimes.com/2017/09/07/busines s/equifax-cyberattack.html.