Skip to content

Latest commit

 

History

History
71 lines (45 loc) · 3.56 KB

README.md

File metadata and controls

71 lines (45 loc) · 3.56 KB
Raw

Privacy Storage Library

Overview

This Solidity library, PrivacyStorageLibrary, provides a secure means of storing and retrieving data while ensuring privacy using custom salts. It's designed to maintain data integrity through a Merkle tree root and allows users to associate data hashes with their addresses and custom salts.

Purpose

The library is developed to address the following key objectives:

  • Privacy: Enable users to store and retrieve data in a manner that's resistant to precomputed hash attacks by utilizing custom salts.
  • Data Integrity: Maintain the integrity of stored data using a Merkle tree root to ensure tamper resistance.
  • Customization: Allow users to associate their data with unique custom salts for added security.

Components

PrivacyStorage Struct

The core structure within the library is PrivacyStorage, which contains:

  • root: A Merkle tree root used to maintain data integrity.
  • userDataByHash: A mapping that associates user addresses and data hashes with the actual data.
  • userSaltHashes: A mapping to link user addresses and salts with corresponding data hashes.

Functions

The library provides three key functions:

  • storeDataWithSalt: Stores data provided by users along with a custom salt. It calculates the hash of the data combined with the salt, updates the Merkle tree root, and associates the data hash with the user and salt.
  • retrieveDataWithSalt: Allows users to retrieve their data associated with a specific address and salt. This function ensures that only the authorized user can access the data.
  • getUserDataHashesWithSalt: Provides users with a list of data hashes associated with their address and a specific salt. This function is used to retrieve all data hashes linked to a particular user and salt combination.

Events

The library emits an event DataStored whenever data is successfully stored using storeDataWithSalt.

Security Considerations

  • Custom Salts: The use of custom salts significantly enhances security by making it harder for attackers to reverse-engineer hashes and access data.
  • Data Integrity: The Merkle tree root ensures that any tampering with stored data can be easily identified.
  • Access Control: Functions like retrieveDataWithSalt enforce access control, ensuring that only authorized users can retrieve their data.

Usage

To utilize this library, the following steps can be followed:

  1. Import the Library: Import PrivacyStorageLibrary.sol into your Solidity contract:

    import "PrivacyStorageLibrary.sol";

  2. Create an Instance: Create an instance of PrivacyStorage in your contract:

    using PrivacyStorageLibrary for PrivacyStorageLibrary.PrivacyStorage;
PrivacyStorageLibrary.PrivacyStorage private privacyStorage;

  3. Use Library Functions: Utilize functions like storeDataWithSalt, retrieveDataWithSalt, and getUserDataHashesWithSalt as required in your contract logic.

Auditing and Security

For auditing purposes and security preparation, it's essential to:

  • Test Scenarios: Create test cases to cover various scenarios for storing and retrieving data with different salts.
  • Edge Cases: Consider edge cases, such as empty data, nonexistent data hashes, or unauthorized access, and ensure the contract behaves as expected.
  • Gas Optimization: Evaluate gas costs associated with storing and retrieving data, especially when dealing with larger data sizes or a high number of stored hashes.