Cryptpad Subsumation — Kapnet Document Protocol
Cryptpad is a collaborative office suite: end-to-end encrypted, open-source, real-time collaborative editing. Kapnet subsumes Cryptpad entirely. Every Cryptpad feature maps to a Kapnet primitive. We d
- Cryptpad Subsumation — Kapnet Document Protocol
Cryptpad Subsumation — Kapnet Document Protocol
The Thesis
Cryptpad is a collaborative office suite: end-to-end encrypted, open-source, real-time collaborative editing.
Kapnet subsumes Cryptpad entirely. Every Cryptpad feature maps to a Kapnet primitive. We don’t integrate Cryptpad — we absorb it.
Feature Mapping
| Cryptpad Feature | Kapnet Primitive | Implementation |
|---|---|---|
| Document | Sheet TXXM | Row-based state in braid |
| Edit | TXXM submission | Append row to sheet |
| Real-time sync | Nostr subscription | Push updates via relay |
| E2E encryption | MLS group key | White Noise group |
| User permissions | KOR scope + auth level | AUTH-0 through AUTH-7 |
| Version history | Braid ordering | All edits preserved in braid |
| File upload | Blob TXXM | Content-addressed attachment |
| Search | State tree query | Namespace-scoped search |
| Comments | Review TXXM | Linked to parent TXXM |
| Export | TXXM serialization | Canonical binary or JSON |
Document as Sheet TXXM
A “document” in Kapnet is a Sheet TXXM with a specific schema:
Sheet TXXM:
sheet_id: "doc-unique-id"
name: "Document Title"
columns: [seq, timestamp, author, operation, content, hash, prev_hash]
rows: [...]
Row (Edit) TXXM:
seq: 42
timestamp: 1717500000
author: npub1...
operation: insert|delete|update|format
content: "The text that was edited"
hash: sha256:abc...
prev_hash: sha256:def... (previous row)
Properties
- Append-only: Edits are new rows, never modify existing rows
- Hash-chained: Each row references previous row’s hash
- Author-signed: Each row signed by editor’s npub
- Namespace-scoped: Document belongs to a KOR namespace
- Encrypted: Sheet encrypted via MLS group key (White Noise room)
Collaborative Editing Flow
USER A KAPNET USER B
│ │ │
├─ Compose edit ────────────────┼───────────────────────────────┤
│ │ │
├─ Sign TXXM (npub) ───────────┼───────────────────────────────┤
│ │ │
├─ Encrypt (MLS group key) ────┼───────────────────────────────┤
│ │ │
├─ Publish to relay ───────────►│ │
│ ├─ Validate TXXM ───────────────┤
│ ├─ Update braid ────────────────┤
│ ├─ Update state tree ───────────┤
│ ├─ Push to subscribers ─────────┤
│ │ │
│ ├─ Relay ───────────────────────►│
│ │ │
│ │ Decrypt (MLS) ◄───────┤
│ │ Apply edit ◄──────────┤
│ │ Update view ◄─────────┤
Encryption Model
Room-Level Encryption (Exo)
- Each document room = White Noise group
- MLS group key encrypts all TXXMs in the room
- Forward secrecy: past edits safe even if key compromised
- Post-compromise security: future edits safe after key rotation
Content-Level Encryption (Endo)
- Each TXXM payload can be individually encrypted
- Only authorized KOR members can decrypt
- Auth level determines read/write permissions
Dual Encryption
TXXM PAYLOAD (Endo encryption)
└── Encrypted with KOR scope key
└── Only AUTH-3+ can decrypt
TXXM ENVELOPE (Exo encryption)
└── Encrypted with MLS group key
└── Only room members can receive
Permission Model
| Auth Level | Read | Write | Comment | Admin |
|---|---|---|---|---|
| AUTH-0 (Anonymous) | Public docs only | — | — | — |
| AUTH-1 (Identified) | All docs | — | — | — |
| AUTH-2 (Member) | All docs | Own docs | ✓ | — |
| AUTH-3 (Contributor) | All docs | All docs | ✓ | — |
| AUTH-4 (Maintainer) | All docs | All docs | ✓ | Own rooms |
| AUTH-6 (Operator) | All docs | All docs | ✓ | All rooms |
| AUTH-7 (Sovereign) | All docs | All docs | ✓ | All rooms + governance |
Version History
Every edit is a row in the sheet. The braid preserves ALL versions:
Row 1: [seq=1, op=insert, content="Hello", author=A, prev=genesis]
Row 2: [seq=2, op=insert, content=" World", author=B, prev=row1]
Row 3: [seq=3, op=update, content="Hello World!", author=A, prev=row2]
Row 4: [seq=4, op=delete, content="!", author=C, prev=row3]
...
To reconstruct document at any point:
- Start from genesis row
- Apply each row in sequence
- Stop at desired row
The hash chain ensures tamper detection. Any modification to history breaks the chain.
Real-Time Synchronization
Push Model (Nostr Subscription)
- Clients subscribe to relay for document updates
- New TXXMs pushed via WebSocket
- No polling needed
Conflict Resolution (Braid Ordering)
- Concurrent edits → braid captures both
- Deterministic ordering (weakwork score → timestamp → hash)
- No “last writer wins” — both edits preserved
- Users see both versions, choose which to keep
Offline Support
- Edits queued locally when offline
- Sync when reconnected
- Braid resolves conflicts automatically
Implementation Path
Phase 1: Basic Document (Mac Mini)
- Implement Sheet TXXM schema
- Implement row append (edit submission)
- Implement hash chain verification
- Implement Nostr push sync
Phase 2: Encryption (Mac Mini + White Noise)
- Integrate White Noise MLS for room encryption
- Implement KOR scope for permissions
- Implement dual encryption (endo + exo)
Phase 3: Advanced Features
- Rich text editing (Markdown → TXXM)
- Media attachments (blob TXXM)
- Comments (review TXXM linked to parent)
- Export (TXXM → PDF/Markdown/HTML)
- Search (state tree query)
Comparison: Kapnet Documents vs Cryptpad
| Feature | Cryptpad | Kapnet Documents |
|---|---|---|
| Encryption | E2E (pad-specific key) | MLS + KOR scope (dual) |
| Identity | Email/password | npub keypair |
| Real-time | WebSocket | Nostr subscription |
| Version history | Server-side | Braid (decentralized) |
| Permissions | Pad owner controls | KOR governance |
| Offline | Limited | Full (queue + sync) |
| Export | PDF/Markdown | TXXM binary/JSON/HTML |
| Server | Centralized (or self-host) | Distributed (relay network) |
| Censorship resistance | Low (server can block) | High (any relay) |
| Settlement | None | Bitcoin anchoring |
| Cost | $10/mo (SaaS) | $0 (self-hosted) |
Action Items
- Design Sheet TXXM schema (columns, row format)
- Implement edit submission (TXXM append)
- Implement hash chain verification
- Integrate White Noise MLS for room encryption
- Build web UI (TXXM → HTML rendering)
- Test real-time sync (Nostr subscription)
- Test conflict resolution (braid ordering)
Write a comment