This posting isn’t really about Wave, it’s about a lovely detail in the protocol design, in particular in the crypto spec.
Imagine that Germany, Britian and France are running wave servers for their citizens, and of course many wave documents have participants from all three countries. These three servers are all federated and a torrent of traffic is flowing between the servers as citizens of various countries collaborate.
Federation is always a bit like Goldilocks (not too hot, not too cold). These three trust each other enough to exchange messages but they don’t really trust each other not to mess with those messages. So obviously it would be nice if the crypto design assured that all the messages had a cryptographic signature on them. Then when the German server got a message from a French by user way of the Brits it could be checked to be sure the Brits didn’t mess with it. Nice idea, sure, but these messages typically constitute a single character, so signing every message is going to be aweful expensive.
The design has a lovely trick for solving this problem. The French server bundles up batches of messages, signs the batch, and sends it off to the Brits. This batch will include the edits of numerous citizens on numerous wavelets. These batches will also have conflict resolutions for edits on wavelets the French server is hosting. The Brits chew on that bundle and some of it, but not all of it, gets sent on to the Germans. So the Brits clip out all the parts of the bundle that the Germans don’t need (and in fact shouldn’t see) and pass it on. The trick? Well, usually if you delete a portion of a signed message the signature breaks, but by designing the bundles just right the design avoids that.
They do this with hash trees. The bundles are a tree; the messages are the leaves. Each node in the tree has a hash of it’s immediate children. At the root we sign just the top most hash. You can clip off any branch in this tree as long as you leave it’s hash behind. Cute.
I’ve been having fun thinking of other applications for this trick. It lets you sign a document and then selectively reveal portions of that document. For example you could use it to play battleship; signing the overall board at the beginning and then revealing each square one at a time as the game proceeds. You could use it to sign a secret document which is later declassified, but with portions of the document censored out.
Isn’t git based on a tree of hashes?
Yes, this is exactly how directories and files are hashed in git.