So in a multiuser environment, the "first" client to upload an encrypted chunk a...

mappu · on May 5, 2016

Multi-user deduplication also leaks information via timing attacks (user2 can upload a million key files to see if user1 already stored one).

It's better to only deduplicate on a per-user basis.

robryk · on May 5, 2016

If your encryption is deterministic, the second client can check with the server that Hash(Enc(chunk)) is the same on the client and server.

signa11 · on May 5, 2016

> If your encryption is deterministic, the second client can check with the server that Hash(Enc(chunk)) is the same on the client and server

but the chunk on the server was encrypted using a different public-key, so how can hash(pub-key-1(chunk)) == hash(pub-key-2(chunk)) ?

Natanael_L · on May 5, 2016

Isn't only the decryption keys encrypted to the public keys?

robryk · on May 5, 2016

They use nacl cryptobox primitive.

This means that you are right. Alas, the decryption key (they symmetric key used to encrypt this particular message) is derived deterministically from the private key and nonce. The nonce they use is the hash of the chunk. Thus, the same chunk will always be encrypted with the same symmetric key.

signa11 · on May 5, 2016

> Isn't only the decryption keys encrypted to the public keys?

from the readme, it appears (to me at least), that chunks are encrypted using public-keys. concretely, the following lines :

"Every time rdedup saves a new chunk file, it's data is encrypted using public key so it can only be decrypted using the corresponding secret key. "