Secure Scuttlebutt Protocol Design and Implementation (eBook)

Chapter 2
SSB Data Model and Cryptographic Foundations

The integrity, resilience, and trust of Secure Scuttlebutt stem from its meticulously designed data structures and cryptographic principles. In this chapter, we dive beneath the surface to explore how immutable append-only feeds, verifiable identities, and hash-linked chains lay the groundwork for SSB’s security and robust data propagation. Readers will gain insight into the technical rigor that makes tampering infeasible and privacy a core feature—illuminating the unseen mechanisms supporting SSB’s unique social fabric.

2.1 Append-Only Feeds

Append-only feeds represent the core data structure underpinning Secure Scuttlebutt (SSB), serving as the immutable logs through which identities express a verifiable history of events. Each feed is a cryptographically authenticated sequence of messages, uniquely associated with a single public key. The data model constrains modifications to append operations, thereby providing tamper-evidence and auditability essential to decentralized social protocols.

At the technical level, a feed maintains a strictly sequential, linked list of messages, where every new entry references the hash of the immediately preceding entry. This linkage operates akin to a blockchain but scoped per identity instead of a global ledger. Formally, message Mn contains a cryptographic hash pointer to Mn−1, establishing a causal chain:

where Signsk denotes signing with the private key of the feed owner. The inclusion of the previous message’s hash guarantees sequencing integrity and chronological ordering, preventing insertion or tampering of historical messages without invalidating subsequent entries.

This sequential hash-chaining confers immutability guarantees: once a message is appended, altering or deleting it requires recomputation and resigning of all descendant messages, a computational impossibility without the private key. Consequently, feeds operate as cryptographically secure, append-only logs, providing a permanent social ledger of an identity’s activity.

Feeds have dual conceptual roles within SSB. First, they function as change logs or event streams, recording discrete state updates, posts, or actions by the user. Second, they represent verifiable social histories, enabling peers to audit an identity’s evolution over time with cryptographic proof. Observers validate the authenticity and order of messages by verifying signatures and hash pointers, constructing a consistent and append-only view of user data.

The feed’s genesis message, M0, acts as an inception point without predecessor linkage, signed by the identity’s keypair, establishing feed authenticity. Subsequent messages maintain the feed’s forward progress. The figure above illustrates this sequential chain, emphasizing deterministic ordering.

Although feeds enforce total order per identity, the global system operates asynchronously with multiple independent feeds. This partial ordering introduces challenges in reconstructing global timelines and reasoning about causality across feeds. SSB addresses this by relying on gossip protocols that propagate feeds and messages peer-to-peer, synchronizing states incrementally.

The append-only nature simplifies conflict resolution at the feed level but necessitates robust algorithms to handle ordering inter-feed. Higher-level protocols define “happens-before” relationships combining timestamps and message references, enabling causal models necessary for social consistency.

The cryptographic bindings in append-only feeds largely defend against tampering; however, adversaries might attempt subtle manipulations:

• Forking attacks: Creating divergent branches from a message by appending different sequences, effectively splitting the feed’s history. Because peers store full histories, forks are detectable by comparing hash chains, and followers reject inconsistencies.
• Replay attacks: Reintroducing old messages out of sequence. Sequencing and strict referencing prevent replaying invalid states since each message’s predecessor must be the immediate prior in the chain.
• Eclipse attacks: Malicious nodes selectively withhold parts of a feed or provide inconsistent views to isolate peers. Mitigations rely on multi-peer connectivity and cross-validation among multiple data sources.

The figure above depicts a feed fork originating from M0, illustrating potential divergence. Detection mechanisms rely on peers comparing their stored hashes; conflicting branches are evidence of tampering or key compromise.

The append-only property confers more than just data integrity; it encodes an identity’s living social artifact that peers can audit and witness. The chronological immutability enables reliable reputation systems, trust computations, and ownership proofs.

Feeds, by their nature, are append-only event streams, thus supporting incremental synchronization and incremental cryptographic verification. Peers joining the network fetch missing segments from multiple sources, reconstructing complete histories efficiently.

The encoding of social actions and state transitions within feeds provides a rich substrate for declarative queries, enabling diverse decentralized applications ranging from messaging to collaborative editing and reputation management.

This well-defined, cryptographically anchored feed model forms the foundational data infrastructure upon which SSB’s distributed, offline-first, user-centric ecosystem is constructed. The append-only constraints reconcile decentralization with data integrity, enabling secure, auditable, and censorship-resistant social data exchange.

2.2 Message Schemas and Serialization

The Scalable Streaming Bus (SSB) employs rigorously defined message schemas and serialization techniques to ensure robust communication between distributed components. Each message is composed according to a formal specification that prescribes the precise structure, field definitions, and encoding rules. This formalism underpins interoperability, enabling diverse applications to coexist while maintaining consistency and minimizing ambiguity.

An SSB message is logically segmented into a fixed schema comprising a header and a payload section. The header includes metadata essential for routing, versioning, and schema identification, while the payload encapsulates application-specific data fields.

Formally, each message M can be represented as:

where H is the header and P is the payload, and ∥ denotes concatenation.

The header H consists of the following fields:

• messageType (uint16): Unique identifier for the message schema.
• messageVersion (uint8): Version number indicating the schema iteration.
• flags (uint8): Bitfield for control flags such as compression indicators.
• messageLength (uint32): Length of the entire message, facilitating boundary detection.

Payload fields are defined per message type by the schema associated with messageType. Each field within the payload has:

• name: Canonical identifier used in schema documentation.
• fieldType: Primitive or composite data type (e.g., int32, string, array).
• fieldId: Numeric tag for binary serialization, used in tag-length-value (TLV) encoding.
• optional: Boolean indicating presence is not mandatory.

This explicit specification of field names, types, and tags curtails discrepancies in interpretation and facilitates tooling for automatic code generation.

SSB adopts a binary serialization format optimized for compactness and parsing efficiency. The primary serialization strategy combines tag-length-value encoding with fixed-length fields, depending on the data type.

Fields are serialized as follows:

• Fixed-length primitives: Serialized as binary in network byte order (big-endian). For example, uint32 occupies exactly 4 bytes.
• Variable-length types: Encoded as TLV triplets. The tag corresponds to fieldId, the length specifies the payload size, and value contains the serialized data.
• Composite fields: Nested messages or arrays are encoded recursively, enabling complex data structures.

A minimal example of TLV encoding for a string field with fieldId 3 and length 5 bytes is:

The header is always serialized first, using fixed-length fields to facilitate rapid processing. Following the header, the payload is serialized field by field...