Keyhive explores local-first access control for collaborative applications without central servers. The project introduces convergent capabilities for CRDT-based authorization, a group management CRDT with coordination-free revocation, and BeeKEM—a continuous group key agreement protocol providing end-to-end encryption with post-compromise security. The system uses RIBLT set reconciliation and sedimentree compression for efficient synchronization across thousands of members while maintaining security guarantees similar to private messaging apps but for any local-first application.
Table of contents
Local-first access control00 · Keyhive Background01 · Welcome to the KeyhiveAudience & ApplicationLayersPull ControlTrust Minimized Sync ServersWhat’s Next?02 · Group Key Agreement with BeeKEMContinuous Group Key AgreementBeeKEM03 · What's In a Name?04 · Opening the Pre-Alpha05 · Syncing KeyhiveOverviewAuthenticationSyncing the membership graphDocument Collection SyncDocument SyncConclusionSort: