LoFiRe

Local-First Repositories for Collaborative Decentralized Applications

About

LoFiRe is a local-first data repository for collaborative decentralized applications with the following properties:

Data ownership and portability
Users own their data and have a local copy.
Self-Sovereign Identities
Users control their identities, and have the choice to use their already existing public key identities or create new identities for each repository.
End-to-end encryption
Data in the repository is stored end-to-end encrypted.
Privacy
Minimize the amount of user data and metadata exposed to intermediaries.
Permissions & Access control
Fine-grained permissions for write access to the repository.
Tamperproof
Once a transaction is stored in a branch, it cannot be removed.
Asynchronicity
Allow collaboration between users, even if they are not online at the same time or work offline.
Controlled data locality
Each repository is replicated within a private network composed only of community member’s devices and their authorized replicas.
Multiple devices per user
Data is available and synchronized on multiple user devices.

Applications

LoFiRe can be used by local-first decentralized applications that use Conflict-free Replicated Data Types (CRDTs) as their data model. It is designed to support collaboration within communities and organizations. It does not depend on any specific blockchain, does not have a token, and it can synchronize its membership from external sources.

Communities and organizations (including Decentralized Autonomous Organizations, DAOs) can use it to support secure and authenticated interaction of their members through wikis, knowledge bases, structured discussions and decision making tools.

It supports Open Knowledge and Decentralized Science (DeSci) by providing infrastructure for collaboration around decentralized data repositories and knowledge bases that can be used to collaborate on research projects, as well as to share and publish research results and artifacts.

Here’s a selection of applications LoFiRe can be used for that we intend to develop once we’re ready with the underlying infrastructure:

Introduction

LoFiRe is a decentralized, collaborative data repository with authentication, access control, and change validation. It is built on local-first data storage, synchronization, and change notification protocols that aim to protect privacy by minimizing metadata exposed to intermediaries. It enables local-first, asynchronous collaboration and data storage within communities while respecting privacy and maintaining data ownership, and provides foundations for developing local-first decentralized applications and community overlay protocols.

Community members use local-first software to collaborate around a partition-tolerant, permissioned, tamper-proof data repository that contains Directed Acyclic Graphs (DAG) of causally related transactions with operations on Conflict-free Replicated Data Types (CRDTs). In other words, it is a permissioned, DAG-structured distributed ledger, or blockchain, with partially ordered CRDT transactions. CRDTs require only a partial order on transactions, there’s no need to determine a total order using a consensus protocol, which makes the protocol efficient and light-weight.

The DAG encodes a partial order of transactions through causality relations, and together with a reliable, causal publish-subscribe (pub/sub) protocol for change notifications and a DAG synchronization protocol, it provides strong eventual consistency of replicas, with persistence of transactions through a lightweight, quorum-based acknowledgement mechanism.

Each repository is synchronized within a private community overlay network that offers immutable block storage, data synchronization, and asynchronous publish-subscribe change notification services.

The two-tier network architecture consists of a stable core network and ephemeral edge networks. On edge networks, edge nodes synchronize locally and directly between each other, while when communicating with remote participants, they connect to a core node that stores and forwards encrypted objects and change notifications for them, thus acting as a pub/sub broker and object store for the edge nodes.

The system is composed of the following components:

Repository
Data structures, encryption, permissions, authentication and access control.
Network
Data synchronization, publish-subscribe change notification.
Applications
CRDT state machine & change validation.

Design overview

Conflict-free replicated data types enable asynchronous, conflict-free collaboration on shared data repositories, and make eventual consistency possible among a set of replicas.

Authenticated CRDT operations disseminated over pub/sub to subscribers form a tamper-proof log, which is stored in mergeable data repositories and replicated to subscribers with access control on the allowed operations.

This enables decentralized collaboration on data repositories without relying on a centralized server for coordination, and allows resource-constrained mobile and IoT devices on edge networks to participate in the network.

Authorization and access control

Authorization is based on public-key cryptography, where the repository owner can grant access rights to members based on their public key. Each operation is signed and encrypted by its author and disseminated to all replicas subscribed to the repository. Before a replica can merge an operation, it needs to verify that its causal dependencies are merged already and that the author is allowed to perform the operation according to the CRDT access control rules defined by the repository owners.

Immutable objects

Next to mutable objects, data repositories also store immutable objects using a content-addressed object store that stores encrypted chunked objects in the repository. These objects are referenced from the mutable store.

Protocol design & specifications

Repositories

Contact

See also