Safecloud: Browser Tabs as Encrypted Storage Nodes in a New Decentralized Network
A research paper describes Safecloud, a browser-based decentralized storage system where storage nodes see only ciphertext, turning ordinary browser tabs into encrypted storage for others' files.
A research paper by Gregory Magarshak, a professor at IENYC, introduces Safecloud, a decentralized storage network designed around a single rule: nodes that store data see only ciphertext, and nodes that route data hold no keys. The system turns ordinary browser tabs into encrypted storage nodes, aiming to solve the trust problem that has long plagued decentralized storage networks.
Safecloud breaks each file into fixed-size chunks and encrypts every chunk on the owner's device before it leaves the device. The encrypted pieces are distributed across two types of nodes: Drops, which run inside browser tabs and store encrypted chunks in IndexedDB, and Jets, which are routing servers that match chunks to Drops and handle retrieval requests. The owner, called the Cloud, holds the root secret and is the only party that can decrypt content.
Every key in the system derives from a single 32-byte root secret through a standard derivation function. Identical content under the same root yields identical ciphertext, enabling deduplication within a single owner's root. However, two owners encrypting the same file produce different addresses. The address for each chunk is computed over the encrypted bytes, so a storage node can confirm it holds the correct chunk without any key or view of the contents.
Safecloud maintains three structures that share one addressing scheme: a public Merkle tree for chunk integrity, a key-derivation tree for confidentiality, and an access tree for authorization. A single path locates a chunk's integrity proof, decryption key, and access grant simultaneously. When a consumer retrieves a chunk, the system checks the returned bytes against a public root, detecting any swapped or corrupted data.
The key hierarchy also enables streaming media. A player holding the key for a track can derive the key for the next segment in one step, allowing seeking to any point in a video with just one derivation and one fetch. Video, audio, and caption tracks sit in separate branches, each unlockable independently. An owner can grant access to a range of segments—such as a preview or a rented chapter—by handing over a single key for that range.
Drops earn a token called Safebux for holding and serving chunks, while Jets earn it for routing. Payments settle through a signed claim that authorizes up to a rising maximum on a numbered line, preventing replay attacks. Storage honesty is enforced through challenges where a Jet asks a Drop to sign a fresh content address and nonce. A Drop that no longer holds the chunk fails, leading to a slashed stake and re-replication of the chunk.
Magarshak notes that encryption, chunking, content addressing, the Merkle integrity tree, and the delegation construction are already working. The payment and proof-of-storage layer is specified and partly wired, with payment verification hooks currently returning true and the proof-of-storage challenge response as a placeholder. The open piece is the relay path, where a routing server covers gas for a storage node and needs session-key signing wired in. Safecloud is independent of a separate system called Safebox, which serves as an optional attestation layer.