What about secret sharing to make IPFS suitable for private use?


What about secret sharing to make IPFS suitable for private use?


Let’s talk about my use case. I want a personal file hosting service (such as ownCloud or Seafile) running on a inexpensive SBC (such as Raspberry Pi or OLinuXino) at home. The idea is to setup a self-hosting solution instead of relying on third-party file hosting service providers (such as Google Drive or Dropbox). This is reminiscent of the Freedombox project.

My data is physically stored on a hard drive or SD card attached to the SBC, which is “unreliable” storage because these types of devices regularly crash. Hence, I need the data to be continuously backed-up with point-in-time recovery so that I can easily recover if anything goes wrong. After some time I realized that IPFS is a promising solution, except for the fundamental issue that making my private data available on a publicly shared filesystem is exactly the opposite of my original motivation for confining my data at home.

I deem public/private key encryption insufficient to secure my data on IPFS, because of the possibility for current encryption schemes to become weak in the future.

My idea is to use secret sharing (such as Shamir’s algorithm) to allow the use of IPFS for personal/private purposes. I have seen discussion threads on ipfs.io related to the private/personal use of IPFS where some people suggested similar ideas, even though they formulated it in terms of “file splitting” rather than “secret sharing”.

I would guess only 2 shares would be enough to keep my data safe, but I am unsure about security risks involved with using IPFS. I was thinking it may be necessary to run 2 different IPFS nodes to publish shares so that it would not be possible to relate them (from whatever records are kept about a node’s history if any), so that only the originator of the data knows which shares can be used to reconstruct the data.

Any ideas or advice appreciated. IPFS is awesome.


You might want to take a look at the private networks feature of IPFS. This could likely be used together with ipfs-cluster to distribute the data accross multiple nodes.