r/ipfs

▲ 2 r/ipfs+2 crossposts

Designing a zero-knowledge encrypted storage app with only two features. Looking for feedback.

​

I've been working on the architecture for a privacy-first encrypted storage app, and I'm intentionally keeping it as simple as possible.

The core idea is that every additional feature increases the attack surface, so the application only does two things:

Upload (encrypt locally before upload)

Download (decrypt locally after download)

Some design decisions:

Users receive a 24-word recovery phrase during registration.

The recovery phrase derives the Master Key.

The Master Key is never used directly. It only derives purpose-specific keys using HKDF.

Every file has its own derived encryption key.

File metadata is encrypted with a separate key hierarchy.

The server never sees plaintext, encryption keys, or the recovery phrase.

The local password is only used to unlock an encrypted Master Key vault stored on the device.

A maximum of two authorized devices can be linked to an account.

Users can export an encrypted Vault containing all ciphertext and encrypted indexes at any time.

The long-term goal is that even if the company shuts down, users can still recover all their files using only their 24-word recovery phrase and the exported Vault.

The philosophy is simple:

The server stores data. The client owns trust.

I'm not trying to build another cloud drive with collaboration, document editing, AI features, or social functionality. The goal is to build a storage system that does one job extremely well: protecting user data.

I'm interested in feedback from people with experience in cryptography, secure storage, or zero-knowledge systems.

What potential weaknesses or design mistakes do you see in this approach?

reddit.com
u/Nice_Regular516 — 2 days ago
▲ 13 r/ipfs+1 crossposts

ce-net: a peer-to-peer device mesh in Rust (libp2p + capabilities + pluggable runtimes)

I've been building ce-net, a peer-to-peer compute mesh for your own devices — laptops, servers, Pis, phones — where you can deploy and run software across the whole fleet with one command. Posting here for the Rust-specific design feedback, since the whole thing is Rust end to end.

Stack and choices that might interest people here:

  • libp2p for transport/discovery (mDNS on LAN, bootstrap peers + relay for hybrid public/private). NAT traversal so devices behind home routers join the same mesh as servers.
  • Pluggable runtimes behind a Runtime trait — the node holds a Vec<Arc<dyn Runtime>> and dispatches a Workload by type. Four backends today: OCI images (gVisor/runsc, falling back to runc), native per-target binaries, WASM (fuel-metered, linear-memory-capped), and a build-from-source "recipe" tier. Apps are described by a small ceapp.toml manifest, so wrapping an existing Docker image or binary is ~15 lines.
  • Content-addressed artifacts (blake3) so installs are reproducible across the mesh.
  • Capability-based auth — attenuating, scoped, time-limited tokens instead of a central auth server, layered over libp2p identities/keypairs.
  • ce-rs SDK (Rust) plus a TypeScript client, for building your own mesh apps, schedulers, and dashboards. There's a WASM target too (compiles to wasm32), so the same client runs in the browser.

Things I'd genuinely like opinions on:

  • The runtime-tier abstraction — is Workload enum + dyn Runtime the right seam, or would you push more into the type system?
  • WASM sandboxing for untrusted workloads (currently wasmtime-style fuel + memory caps) — anyone done capability-passing to WASM guests cleanly?
  • libp2p ergonomics for a long-running supervised daemon — pain points you've hit at scale?
  • Source (mostly AGPL, commercial option): GitHub org ce-net — ce, ce-rs, rdev are the best starting points. Site: ce-net.com

Disclosure: architecture and core implementation are mine; I used Claude as an assistant for tests, boilerplate, docs, and rubber-ducking hard parts. Happy to go deep on any of the internals — would love critique of the trait design and the capability model in particular.

u/leifrydenfalk — 8 days ago
▲ 10 r/ipfs+1 crossposts

FileOrbit - Private IPFS Swarm and AT Proto login giving a permissioned IPFS.

Hey y'all,

I have been working on a cool project. I call it FileOrbit check out the repo; https://tangled.org/straiforos.tngl.sh/substratum.cloud/

https://fileorbit.cloud/

The idea is to bring P2P and the distributed web to a drive experience. I had this idea after having a failed Nextcloud server and wanted to be able to share storage across all my devices and even at family and friends houses.

I would love folks feedback if a alternative to DropBox based on open standards AT Proto, and IPFS interests you. I use AT Proto for identity and ownership and wrap a private IPFS swarm with identity and ownership so sharing and permissions are possible.

What do you think?

File explorer for FileOrbit with my BlueSky account

Alpha self hosted installer

reddit.com
u/triforce009 — 11 days ago
▲ 19 r/ipfs+5 crossposts

Semantic distance as routing layer: an on-device, serverless alternative to the central-index model

Premise: For ~30 years, discovery (of information or of people) has been mediated by a central index: search engines, recommenders....

Ranking is computed server-side, under rules the user can't inspect and incentives they don't share. I wanted to test whether this is a fundamental requirement or merely the historically convenient one.

Hypothesis: If each device can (a) run a competent embedding model locally and (b) reach other devices peer-to-peer, then relevance no longer needs a central index. It can be computed at the edge, by semantic distance, with no privileged ranking party.

Method: I built a working prototype to pressure-test the idea rather than simulate it. Each post is encoded into a embedding by a model running on the device (EmbeddingGemma-300M). A lightweight signed announcement (author + embedding) gossips peer-to-peer across a shared room; full bodies are pulled only for the bounded set a node actually admits. Each device ranks incoming posts against its own posts by cosine similarity and keeps a bounded local inbox. There is no server, no account, no global ranking, the address space is meaning.

Extension to agents: The same substrate lets AI agents discover each other: an agent publishes a need or an offer as an embedding, and agents whose profiles are semantically close respond.

I'm interested in where this breaks. Specifically: does edge-computed semantic routing degrade gracefully as the network grows, or does the lack of a global view become fatal?

It's fully open source (Apache-2.0) code, the complete threat model, and the architecture docs are all public. Happy to go deep on any of it:

👉 https://github.com/Helldez/Resonance

u/dai_app — 13 days ago