The Convergence Secret

What Is It?

The identifier of a file (also called the “capability” to a file) is derived from two pieces of information when the file is uploaded: the content of the file and the upload client’s “convergence secret”. By default, the convergence secret is randomly generated by the client when it first starts up, then stored in the client’s base directory (<Tahoe’s node dir>/private/convergence) and re-used after that. So the same file content uploaded from the same client will always have the same cap. Uploading the file from a different client with a different convergence secret would result in a different cap – and in a second copy of the file’s contents stored on the grid. If you want files you upload to converge (also known as “deduplicate”) with files uploaded by someone else, just make sure you’re using the same convergence secret when you upload files as them.

The advantages of deduplication should be clear, but keep in mind that the convergence secret was created to protect confidentiality. There are two attacks that can be used against you by someone who knows the convergence secret you use.

The first one is called the “Confirmation-of-a-File Attack”. Someone who knows the convergence secret that you used when you uploaded a file, and who has a copy of that file themselves, can check whether you have a copy of that file. This is usually not a problem, but it could be if that file is, for example, a book or movie that is banned in your country.

The second attack is more subtle. It is called the “Learn-the-Remaining-Information Attack”. Suppose you’ve received a confidential document, such as a PDF from your bank which contains many pages of boilerplate text as well as containing your bank account number and balance. Someone who knows your convergence secret can generate a file with all of the boilerplate text (perhaps they would open an account with the same bank so they receive the same document with their account number and balance). Then they can try a “brute force search” to find your account number and your balance.

The defense against these attacks is that only someone who knows the convergence secret that you used on each file can perform these attacks on that file.

Both of these attacks and the defense are described in more detail in Drew Perttula’s Hack Tahoe-LAFS Hall Of Fame entry

What If I Change My Convergence Secret?

All your old file capabilities will still work, but the new data that you upload will not be deduplicated with the old data. If you upload all of the same things to the grid, you will end up using twice the space until garbage collection kicks in (if it’s enabled). Changing the convergence secret that a storage client uses for uploads can be though of as moving the client to a new “deduplication domain”.

How To Use It

To enable deduplication between different clients, securely copy the convergence secret file from one client to all the others.

For example, if you are on host A and have an account on host B and you have scp installed, run:

scp ~/.tahoe/private/convergence my_other_account@B:.tahoe/private/convergence

If you have two different clients on a single computer, say one for each disk, you would do:

cp /tahoe1/private/convergence /tahoe2/private/convergence

After you change the convergence secret file, you must restart the client before it will stop using the old one and read the new one from the file.