Design

In an encrypted file system, we need techniques to (1) differentiate between readers and writers; (2) prevent destruction of data by malicious writers; (3) prevent known plaintext attacks with different keys for different files; (4) revoke readers and writers; and (5) minimize the number of keys exchanged between users. The following core mechanisms together achieve these functions: filegroups, lockboxes, keys, read-write differentiation, lazy revocation, key rotation, and server-verified writes.

Figure 1: Keys in Plutus. The keys are all highlighted in bold and are linked to the objects that they operate on using bold lines. Dashed lines indicate object pointers. File-name keys can encrypt the names of files in directories. An inode contains the names of the filegroup that the file belongs to, and the filegroup-name key can encrypt filegroup names. The header contains the Merkle hash tree. The leaves of the hash tree are lockboxes containing the file-block keys, which are encrypted with the file-lockbox key. The signature of the root is computed and verified using the file-sign key and file-verify key, respectively.