Multi-Writer Single-Reader Autobase

🎤✨ Storyteller in tha house.. ✨🎤
🍐👶 This is another app for the Pear Baby Room! 👶🍐

🚀 Go to keet.io and download Keet, then ask to enter the Pear Baby Room.
🏰 It’s the room where we create unstoppable peer to peer software! 🛡️🌍

📚 Then go to https://docs.pears.com/ and study the examples to understand how to build peer to peer software. 🧑‍💻🔗

Have fun, little pear! 🍐💚

Imagine how Peer to Peer Mail could be...INTRODUCING PEARMAIL

This time we are featuring code of @Blahah https://gist.github.com/blahah Many thanks to help this pear baby @Storyteller understand Pears.

Thanks to @blahah for creating this demo. You can find the original code here: https://gist.github.com/blahah/2054224eef0e0620d64b022765054b10

I have studied this demo and added some comments in it. And I have exented the demo with a Pearmail example. Start with demo.js and proceed with demo_pearmail.js.

What is it?

A comprehensive example demonstrating how to create an Autobase where multiple peers can write encrypted data, but only the bootstrapper can read the aggregated view. This implements a "single-reader" pattern using public key encryption.

How this relates to Pear mail?

If you are receiving peer to peer mail, you want to be able to:

• Receive messages from multiple peers
• Be the only one who can read these messages
• Want to be identified by only your public key.

Overview

This example shows how to layer encryption on top of standard Autobase multi-writer patterns to create a system where:

• Multiple writers can connect and send encrypted messages
• Only the bootstrapper (reader) can decrypt and view the content
• Writers cannot read each other's messages or the aggregated view
• All communication is end-to-end encrypted using public key cryptography

How It Works

1. Bootstrapper (Single Reader)

• Creates the Autobase and generates an encryption keypair
• Accepts new writers via blind-pairing
• Receives the bootstrapper's public key for encryption
• Decrypts messages using their private key
• Can read the complete aggregated view

2. Writers (Multiple)

• Connect to the bootstrapper using an invite code
• Receive the bootstrapper's public key during pairing
• Encrypt messages using ephemeral keypairs + bootstrapper's public key
• Cannot decrypt or read the Autobase view
• Can only write encrypted data

3. Encryption Process

Each message is encrypted using:

• Ephemeral keypair generated per message
• Bootstrapper's public key for encryption
• Sodium crypto_box for authenticated encryption
• Format: [ephemeralPubKey][nonce][ciphertext]

Key Architecture Features:

• 🔐 Single Reader: Only bootstrapper has private key to decrypt messages
• ✍️ Multiple Writers: Alice, Bob, Charlie can all write encrypted data
• 🔒 End-to-End Encryption: Messages encrypted before entering Autobase
• 🤝 Secure Pairing: Blind-pairing for writer authentication
• ❌ Write-Only for Writers: Writers cannot read encrypted content
• 🌐 P2P Networking: Hyperswarm for peer discovery and connections

Files

• bootstrapper.js - Creates Autobase, manages encryption keys, reads decrypted view
• writer.js - Connects via blind-pairing, encrypts and writes data
• demo.js - Automated demonstration with multiple writers
• README.md - This documentation

Usage

Manual Testing

First install the modules Go into your directory and type:

npm install autobase blind-pairing corestore hyperswarm sodium-universal z32

To install all the packages.

Start the bootstrapper in one terminal:

node bootstrapper.js

The bootstrapper will output an invite code. Copy this code and start writers in separate terminals:

# Terminal 2 - Start Alice
node writer.js <invite_code> Alice

# Terminal 3 - Start Bob
node writer.js <invite_code> Bob

# Terminal 4 - Start Charlie
node writer.js <invite_code> Charlie

Writers can then type messages that will be encrypted and sent to the Autobase. Only the bootstrapper can read the decrypted content.

Automated Demo

Run the complete demonstration:

node demo.js

This will automatically:

1. Start a bootstrapper
2. Connect three writers (Alice, Bob, Charlie)
3. Send several encrypted messages
4. Show that only the bootstrapper can read the content
5. Clean up all resources

Automated Demo: every peer has its own Pearmail

Run the complete demonstration:

node demo_pearmail.js

This will automatically:

1. Start a bootstrapper for Alice, Bob and Charlie
2. Connect three writers (Alice for Bob and Charlie, Bob for Alice and Charlie and Charlie for Alice and Bob)
3. Send several encrypted messages. Each peer sends to the other two peers.
4. Show that only the bootstrapper of its own autobase can read the content of its own autobase.
5. Clean all resources.

Key Features

Security

• End-to-end encryption: Messages are encrypted before writing to Autobase
• Forward secrecy: Each message uses a unique ephemeral keypair
• Reader isolation: Only the bootstrapper can decrypt messages
• Authenticated encryption: Uses sodium crypto_box for integrity

Autobase Integration

• Standard patterns: Follows reference Autobase multi-writer patterns
• Proper writer addition: Uses addWriter messages and autobase.update()
• Blind-pairing: Secure peer discovery and writer authorization
• Clean apply function: Separates encryption from Autobase logic

Networking

• Hyperswarm: For peer discovery and connections
• Corestore replication: Standard Hypercore data sync
• Graceful cleanup: Proper resource management

Technical Details

Encryption Scheme

Message: { text: "Hello", from: "Alice", timestamp: 1234567890 }
↓ JSON serialize
↓ Generate ephemeral keypair
↓ crypto_box_easy(message, nonce, bootstrapper_pubkey, ephemeral_seckey)
↓ Combine: [ephemeral_pubkey][nonce][ciphertext]
↓ Store as hex string in Autobase

Decryption Process

Encrypted data from Autobase
↓ Parse: [ephemeral_pubkey][nonce][ciphertext]
↓ crypto_box_open_easy(ciphertext, nonce, ephemeral_pubkey, bootstrapper_seckey)
↓ JSON parse decrypted message
↓ Display in readable view

Use Cases

This pattern is useful for:

• Anonymous data collection: Multiple sources, single analyzer
• Confidential reporting: Whistleblowing or sensitive feedback systems
• Research data gathering: Privacy-preserving data aggregation
• Audit logs: Multiple writers, single auditor with decryption access
• IoT sensor networks: Many sensors, centralized encrypted data lake

Dependencies

• autobase - Multi-writer append-only log
• corestore - Hypercore storage management
• hyperswarm - Peer discovery and networking
• blind-pairing - Secure peer pairing without shared secrets
• sodium-universal - Authenticated encryption
• z32 - Base32 encoding for invite codes

Notes

• Writers become writable after being added by the bootstrapper
• The bootstrapper must remain online to add new writers
• Encryption keys are generated per session (not persisted)
• All temp files are cleaned up automatically
• Compatible with standard Autobase tooling and patterns

This example demonstrates how to add a security layer to Autobase while maintaining compatibility with the core protocol and patterns.