Nik Graf https://mastodon.social/@nikgraf nikgraf.bsky.social @nikgraf 

Utility to persit & relay end-to-end encrypted CRDTs 

Demo 

Let’s e2e encrypt CRDTs 

Two online participants 

What about the offline use-case? 

No content

How to store unenrypted Yjs / Automerge? • Store the document in a blob • Append changes and sometimes compress the doc -> on the server • We can’t do that with e2e encryption. Must happen on the client. 

Let’s what we can do with Yjs & Automerge A B D C A B D C A B D C = = 

Let’s encrypt each change A B D C xyz asd poi jkl encrypt 

Best part Use Signal, MegOlm, MLS Don’t roll your own crypto! 

Performance (250k changes) 250k changes Document Automerge 2.0.3 Yjs (update v2) Size
 (base64 encoded) 38.7MB 11.1MB Construct Document 1377ms 979ms https://github.com/SerenityNotes/naisho/tree/main/benchmarks/snapshots Numbers on a M1 Macbook 2020 

Performance (10k changes) 10k changes Document Automerge 2.0.3 Yjs (update v2) Size
 (base64 encoded) 1.44MB 0.4MB Construct Document 52ms 59ms https://github.com/SerenityNotes/naisho/tree/main/benchmarks/snapshots Numbers on a M1 Macbook 2020 

Problems • Documents can get large and take a long time to load • (decryption not even accounted for) • Messaging protocols are not a good fit • Use-case: fetch a document again and decrypt it • Solution: one encryption key? 

Snapshots (with updates?) Automerge.save Yjs.encodeStateAsUpdate 

Performance (Automerge 2.0.3) 10k changes Document Changes Snapshot Snapshot w/ 1000 Changes Size
 (base64 encoded) 1.44MB 0.001MB 0.15MB Construct Document 52ms 45ms 74ms https://github.com/SerenityNotes/naisho/tree/main/benchmarks/snapshots Numbers on a M1 Macbook 2020 

Performance (Automerge 2.0.3) 250k changes Document Changes Snapshot Snapshot w/ 1000 Changes Size
 (base64 encoded) 38.7MB 0.17KB 0.3MB Construct Document 1377ms 1423ms 1466ms https://github.com/SerenityNotes/naisho/tree/main/benchmarks/snapshots Numbers on a M1 Macbook 2020 

Performance (Yjs 13.5.28) 10k changes Document Changes Snapshot Snapshot w/ 1000 Changes Size
 (base64 encoded) 0.4MB 0.02MB 0.5MB Construct Document 59ms 0.8ms 247ms https://github.com/SerenityNotes/naisho/tree/main/benchmarks/snapshots Numbers on a M1 Macbook 2020 

Performance (Yjs 13.5.28) 250k changes Document Changes Snapshot Snapshot w/ 1000 Changes Size
 (base64 encoded) 11.1MB 0.21MB 0.25MB Construct Document 979ms 11ms 127ms https://github.com/SerenityNotes/naisho/tree/main/benchmarks/snapshots Numbers on a M1 Macbook 2020 

Snapshots only (serial) xyz xyz asd jkl xyz asd • Server must ensure you have the most recent snapshot before accepting yours • Easy protocol, lots of data overhead, real-time collaboration not feasible • Requires a central service, delta fetching is easy 

Snapshots + Updates (serial) xyz jkl asd • Server must ensure you have the most recent snapshot before accepting yours • Easy protocol, lots of overhead due retries when using real-time collaboration • Requires a central service, delta fetching is easy xyz asd poi 

Snapshots + Updates (per client) xyz jkl asd • Server must ensure you have the most recent snapshot before accepting yours • Easy protocol, scaling issue with many clients, real-time collaboration works, UX nightmare • Works decentralized, delta fetching is tricky xyz asd poi jkl hjk 

Snapshots (serial) + Updates (serial per client) xyz jkl asd • Server must ensure you have the most recent data before accepting your snapshot • More tricky protocol, little data overhead, real-time collaboration works well • Requires a central service, delta fetching is ok xyz asd poi jkl hjk poi 

Desired properties • Offline collaboration - without multiple parties being online • Real-time collaboration incl. ephemeral state • Privacy • Be able to remove content - through Snapshots & Tombstones (if supported) • Snapshot History • Good loading times for fetching a document • Integrity checking! 

Entities • Document -> ID • Snapshot -> Automerge.save, Y.encodeStateAsUpdate • Update -> Automerge change, Yjs Update • EphemeralMessage -> Yjs Awarness 

Cryptography • Key rotation for Snapshots • Verify authors • Prevent against server leaving out updates or manipulating message • Prevent against server sending an older snapshot (reply attack) • Ignores reply attacks (snapshots, updates & ephemeral messages) 

Cryptography Doc encryption 

Cryptography EphemeralMessages Auth 

Don’t roll you own crypto! (I shouldn’t do too) 

Thanks! https://www.secsync.com/ https://github.com/serenity-kit/secsync 

Resources • Inspiration: Snapdoc: Authenticated snapshots with history privacy in peer-to- peer collaborative editing https://martin.kleppmann.com/papers/snapdoc- pets19.pdf 

Desired properties • Async collaboration - without multiple parties being online • Real-time collaboration incl. ephemeral state • Privacy • Be able to remove content - through Snapshots and Tombstones (if supported) • Solid Performance for loading a document • Confidentiality - content only accessible to participants • Authenticity - all changes can be verified to come from participants • Integrity - no change missing • Offline editing • Two modes: • Public Key Infrastructure based • Shared Symmetric Key (e.g. via PAKE) • Confidential and authenticated information who created which section • Meta data: not in scope for 1.0 to hide who is participating (Zero-knowledge proofs)