This Solidity library, PrivacyStorageLibrary, provides a secure means of storing and retrieving data while ensuring privacy using custom salts. It's designed to maintain data integrity through a Merkle tree root and allows users to associate data hashes with their addresses and custom salts.
The library is developed to address the following key objectives:
- Privacy: Enable users to store and retrieve data in a manner that's resistant to precomputed hash attacks by utilizing custom salts.
- Data Integrity: Maintain the integrity of stored data using a Merkle tree root to ensure tamper resistance.
- Customization: Allow users to associate their data with unique custom salts for added security.
The core structure within the library is PrivacyStorage, which contains:
root: A Merkle tree root used to maintain data integrity.userDataByHash: A mapping that associates user addresses and data hashes with the actual data.userSaltHashes: A mapping to link user addresses and salts with corresponding data hashes.
The library provides three key functions:
storeDataWithSalt: Stores data provided by users along with a custom salt. It calculates the hash of the data combined with the salt, updates the Merkle tree root, and associates the data hash with the user and salt.retrieveDataWithSalt: Allows users to retrieve their data associated with a specific address and salt. This function ensures that only the authorized user can access the data.getUserDataHashesWithSalt: Provides users with a list of data hashes associated with their address and a specific salt. This function is used to retrieve all data hashes linked to a particular user and salt combination.
The library emits an event DataStored whenever data is successfully stored using storeDataWithSalt.
- Custom Salts: The use of custom salts significantly enhances security by making it harder for attackers to reverse-engineer hashes and access data.
- Data Integrity: The Merkle tree root ensures that any tampering with stored data can be easily identified.
- Access Control: Functions like
retrieveDataWithSaltenforce access control, ensuring that only authorized users can retrieve their data.
To utilize this library, the following steps can be followed:
-
Import the Library: Import
PrivacyStorageLibrary.solinto your Solidity contract:import "PrivacyStorageLibrary.sol";
-
Create an Instance: Create an instance of
PrivacyStoragein your contract:using PrivacyStorageLibrary for PrivacyStorageLibrary.PrivacyStorage; PrivacyStorageLibrary.PrivacyStorage private privacyStorage;
-
Use Library Functions: Utilize functions like
storeDataWithSalt,retrieveDataWithSalt, andgetUserDataHashesWithSaltas required in your contract logic.
For auditing purposes and security preparation, it's essential to:
- Test Scenarios: Create test cases to cover various scenarios for storing and retrieving data with different salts.
- Edge Cases: Consider edge cases, such as empty data, nonexistent data hashes, or unauthorized access, and ensure the contract behaves as expected.
- Gas Optimization: Evaluate gas costs associated with storing and retrieving data, especially when dealing with larger data sizes or a high number of stored hashes.