We present Safecloud, a distributed, encrypted, self-pricing storage and streaming network whose storage and routing nodes never see plaintext and never hold keys. Each file is split into chunks, encrypted on the owner's device, and distributed across Drops (browser tabs storing ciphertext in IndexedDB) and Jets (federated routing servers). Only the owner, or an authorised grantee, can decrypt. We make five contributions: (1) A one-root key hierarchy: every key derives deterministically from a single root via HKDF, and owner and range-scoped grantee derive identical chunk keys (derivation agreement); a subtree key derives its range and nothing else (delegation containment). (2) Convergent content addressing: identical content yields identical ciphertext and identifiers, enabling deduplication without plaintext exposure, with identifiers binding authenticated ciphertext so a keyless Drop verifies integrity (blind verifiability). (3) Three parallel trees over one navigation path (Merkle for integrity, key-derivation for confidentiality, access for authorisation), with sound Merkle-verified retrieval. (4) The key tree doubles as a streaming index: a player derives each segment key in O(1), seeking by derivation, while parallel tracks (video, audio, captions) are independent subtrees unlockable per-track and per-segment, a combination we believe no prior encrypted-storage network offers. (5) Jets and Drops earn Safebux verifiably, kept honest by a one-signature proof-of-storage challenge under chilling-effect Proof-of-Corruption, a zero-sum economy that is significantly cheaper than Filecoin's proof-of-replication sealing (which is slow and provides no confidentiality). We give the architecture, cryptographic construction, a threat model, and an open-source reference implementation, stating precisely what is implemented versus designed.

翻译：摘要：本文提出Safecloud——一种分布式、加密、自主定价的存储与流媒体网络，其存储节点与路由节点始终无法访问明文，亦不持有密钥。每个文件被分割成若干数据块，在所有者设备上完成加密，并分布式存储于Drops（以IndexedDB存储密文的浏览器标签页）与Jets（联邦化路由服务器）。仅所有者或经授权的被授权方能够解密。本文贡献有五：（1）单根密钥层级体系：所有密钥均通过HKDF从单一根密钥确定性派生，所有者与范围限定的被授权方派生出相同的数据块密钥（派生一致性）；子树密钥仅派生其对应范围，而不派生其它内容（委托包含性）。（2）汇聚内容寻址：相同内容生成相同的密文与标识符，可在不暴露明文的情况下实现去重，且标识符绑定认证密文，使无密钥的Drop可验证完整性（盲验性）。（3）基于单一导航路径的三重并行树结构：用于完整性验证的Merkle树、用于机密性的密钥派生树、用于授权的访问树，并实现可靠的Merkle验证检索机制。（4）密钥树兼作流媒体索引：播放器以O(1)复杂度派生每个分段的密钥（通过派生实现寻址），而并行轨道（视频、音频、字幕）作为独立子树，可按每轨道和每分段解锁——据我们所知，此组合尚未被任何现有加密存储网络提供。（5）Jets与Drops可通过可验证方式获取Safebux，其诚实性由威慑性损坏证明机制下的单签名存储证明挑战维护——此零和经济系统比Filecoin的复制证明密封机制（速度慢且不提供机密性）显著降低成本。本文给出了架构设计、密码学构造、威胁模型及开源参考实现，并精确说明了已实现与仍在设计中的部分。