How It Works

Behind Sietch's resilient, survival-first design is a carefully engineered architecture that prioritizes security, offline functionality, and resource efficiency. This page explains the technical components that make your vault reliable even in the harshest conditions.

Chunking & Deduplication

Files in Sietch are never stored as monolithic blobs, but intelligently divided into smaller, manageable pieces:

Smart Chunking

Each file is split into chunks using configurable size (default 4MB). This approach enables efficient sync, storage, and recovery-even when connections are unstable.

  • Fixed-size chunking: Predictable, efficient splitting of files
  • Content-defined chunking (CDC): Identifies natural boundaries in files for better deduplication
  • Rolling hash algorithms: Find duplicate chunks across different files
  • Automatic deduplication: Identical chunks are stored only once
# Example of configuring chunking during initialization
sietch init --name research-vault --chunking-strategy cdc --chunk-size 2MB

Encryption Layer

Sietch ensures your data remains private through robust encryption systems:

End-to-End Encryption

Each chunk is encrypted before storage with no exceptions. Only authorized parties with the correct keys can decrypt and access your data.

  • AES-256-GCM: Fast symmetric encryption with passphrase protection
  • GPG-compatible: Public/private key encryption for multi-peer sharing
  • Per-chunk encryption: Individual encryption of each chunk for maximum security
  • Nonce generation: Unique nonces prevent identical ciphertexts even for identical content

Key Management is Critical

Peer Discovery

To function in decentralized environments, Sietch needs robust ways to find other vaults:

Gossip Discovery Protocol

A lightweight mechanism for vaults to find each other without centralized servers, even in disconnected or local-only networks.

  • LAN discovery: Auto-discovery via UDP broadcast messages
  • Manual peering: Direct specification of known peer addresses
  • Peer exchange: Vaults can share information about other known peers
  • Planned features: Bluetooth, NFC, and QR-code based discovery
# Manually add a known peer
sietch peer add 192.168.1.42
Discovery protocols operate on a zero-trust model. Finding a peer doesn't automatically grant access to vault contents.

Syncing Mechanism

Once peers are discovered, Sietch uses an intelligent syncing process:

Rsync-Inspired Sync

Efficient, resumable transfer of only the data that's changed or missing between vaults.

  • Manifest comparison: Peers exchange encrypted manifests to identify differences
  • Chunk transfer: Only missing chunks are requested and sent
  • Resumable transfers: Sync can pause and continue if interrupted
  • Transport options:
    • TCP direct connections (fastest, local)
    • LibP2P (most robust, NAT traversal)
    • Sneakernet (physical media transfer for airgap scenarios)
# Manually add a known peer
sietch sync --peer 192.168.1.42

Security Flow

Sietch's architecture defends against multiple threats:

ThreatMitigation
Passive eavesdroppingEnd-to-end encryption of chunks
Man-in-the-middleLibP2P TLS transport security
Unauthorized accessContent verification via cryptographic hashes
Chunk tamperingMerkle tree verification of chunk integrity
Replay attacksSecure transport with nonce/timestamp validation

Technical Deep Dive

Ready to set up your first vault?
Continue to Installation to get started.
Edit this page on GitHub
Table of Contents