Actors
Announcing the public card
On each account, an actor publishes and updates public information:
The public card links the actor's public key. This allows others to send messages to this actor, or verify signatures of messages received from this actor.
The card also lists actor group members, and the keys it entrusts.
In addition, the public card may contain other public information. A person may publish their name and profession — just like they would do on a business card — and a shop may link a tree with their product list.
An actor may update this information at any time by creating a new public card, and removing the old one.
Sending a message
To send a message, an actor (sender) prepares a message tree with the desired content:
The envelope is then submitted to the recipient's message box, while the rest of the tree is uploaded onto a publicly accessible store of the sender:
To prevent the message data from being garbage collected, it is attached to the sender's private data for some time, e.g. through a sent list.
Updating a message
The sender, or any recipient may remove a message from the message box. To share some data, for example, a sender may post a first message, and replace it whenever the data changes:
The actual data is transferred only when the recipient reads the message.
Reading messages
An actor reads messages by listing its message box(es), and processing message by message.
For each message, the actor first downloads the envelope from its own store, verifies the signature and the indicated store, and decrypts the AES key. If anything goes wrong, the message is silently discarded. Depending on the application, an actor may allow messages from known senders or known stores only.
The actor then downloads the actual message object(s) from the sender's store, and merges the received information into his private data. Once the private data has been saved, the message is removed from the message box.
Private data
An actor's private data is an encrypted tree of forward-moving data, such as a document, attached to the private box:
Sender and receiver on the envelope are the same.
To modify that data (e.g. while processing messages U and V), the actor merges (⊗) all information, constructs a new tree, and adds it to the private box:
There are now two versions of the data: the previous version A, and the new version B. Merging them would yield the new version:
A ⊗ B = B and A ⊗ B ⊗ U ⊗ V = B
Hence, version A and the messages U and V can be removed:
Entrusted actors
An actor may entrust other actors. Entrusted actors have full read access to all data of the actor. This is achieved by adding the entrusted actor as recipient to all envelopes. Entrusted accounts are published on the public card.
Actor groups
Actors may join to form a group. Within such a group, actors unconditionally share their private data, and can read each other's messages. A lonely actor can be regarded as a group with one actor.
Every actor of the group announces the other group members on this public card, and encrypts its private data for all members. Actors usually first read their own private data and messages, and then merge the private data and messages of other groups members.
When sending a message to a group, the actor reads all public cards (actor group discovery), encrypts the message for all groups members, and posts it on the message box of the most recent account.
With actor groups, a user can use the same data on multiple devices. Each device uses its own RSA key pair and accounts, potentially on different stores.
In addition, actor groups may rotate their keys regularly by creating and adding a new actor (key pair), and removing an existing one.
Synchronization
Actors often use two stores:
- A highly available and fast local store on the device they are running.
- A slower and less reliable remote store to exchange messages other actors, and back up the private data.