English

Enabling self-verifiable mutable content items in IPFS using Decentralized Identifiers

Cryptography and Security 2021-05-19 v1 Networking and Internet Architecture

Abstract

In IPFS content identifiers are constructed based on the item's data therefore the binding between an item's identifier and its data can be deterministically verified. Nevertheless, once an item is modified, its identifier also changes. Therefore when it comes to mutable content there is a need for keeping track of the "latest" IPFS identifier. This is achieved using naming protocols on top of IPFS, such as IPNS and DNSlink, that map a constant name to an IPFS identifier, allowing at the same time content owners to update these mappings. Nevertheless, IPNS relies on a cryptographic key pair that cannot be rotated, and DNSlink does not provide content authenticity protection. In this paper, we propose a naming protocol that combines DNSlink and decentralized identifiers to enable self-verifiable content items. Our protocol provides content authenticity without imposing any security requirement to DNSlink. Furthermore, our protocol prevent fake content even if attackers have access to the DNS server of the content owner or have access to the content owner secret keys. Our proof of concept implementation shows that our protocol is feasible and can be used with existing IPFS tools.

Keywords

Cite

@article{arxiv.2105.08395,
  title  = {Enabling self-verifiable mutable content items in IPFS using Decentralized Identifiers},
  author = {Nikos Fotiou and Vasilios A. Siris and George C. Polyzos},
  journal= {arXiv preprint arXiv:2105.08395},
  year   = {2021}
}

Comments

In: DI2F: Decentralising the Internet with IPFS and Filecoin, IFIP Networking 2021 workshop

R2 v1 2026-06-24T02:12:57.997Z