This page has three main sections. (Note that the listings could be empty.) moreā€¦ Tip: Remember the back-button! And don't click the number on the left.

  1. The first item displays a term, URL, text or picture.
  2. Followed by a (still unordered) listing of statements about this subject. (for details follow ">"-link)
  3. Separated by a horizontal rule a "reverse" listing of statements referring to this item in object position.
1662 is a > software
1666 title > The drogulus is a programmable peer-to-peer data store. It's an open, federated and decentralised system where the identity of users and provenance of data is ensured by cryptographically signing digital assets.
1794 description >

Items stored in the drogulus are designed to stand on their own and be self-verifiable through cryptographic signing.

An item stored in the DHT is a collection of named fields and associated values (it's a JSON object):

  • value - the actual value to store.
  • timestamp - a UNIX timestamp representing when the creator of the item thinks the item was created (so it's easy to work out the latest version of an item given two candidates).
  • expires - a UNIX timestamp beyond which the creator of the item would like the item to expire, be ignored and deleted in remote nodes.
  • name - a meaningful name given by the creator for the key.
  • created_with - the version of the drogulus the creator used to generate the item.
  • public_key - the creator's public key.
  • key - the SHA-512 value of the compound key (based upon the public_key and name fields) used as the actual key on the distributed hash table.
  • signature - a cryptographic signature generated using the creator's private key with the fields described above.

The public-key field is used to validate the signature value. If this is OK then the compound SHA-512 key is checked using the obviously valid public-key and name fields.

This ensures both the provenance of the data and that it hasn't been tampered with. Any items that don't pass the cryptographic checks are ignored and nodes that propagate them are punished by being blocked. It also confirms that the generated SHA-512 key for the item is correct given the public_key and meaningful name ensuring no other entity may set items with this unique key (assuming no key collision vulnerability in the hashing function).

Nicholas H. Tollervey


  • "meaningful name": see Zooko's triangle. Human meaningful names are always in lexical scope of the referrer, not the referee.
  • The key preserves too much and too less at the same time. It fails to proof anything without the private key.
1664 homepage >