Partially homomorphic encryption for server-side conflict resolution

[michwill]

Currently, when two clients save the same object at the same time, we get a ConflictError. When we work with plain, unencrypted database, it is possible to do server-side conflict resolution in ZODB. However, when we encrypt objects before they leave the client, we don't have that luxury.

It appears that most of ConflictErrors should happen at BTrees.Length.Length objects though. And for those, we can use additively homomorphic encryption (Pailier cryptosystem or, better, exponential ElGamal).

Two ways possible:

1. Store (enc(+value), enc(-value)). In a conflict, newval = (val1 + val2 - val, -val1 - val2 + val)
2. Store enc(newvalue) and have enc(newvalue - oldvalue) (not stored) as a temporary delta to add when a conflict occurs.

Variant 1 is cleaner, easier to implement and more ZODB-compatible but uses more space. In terms of size, 2048 bit ElGamal would yield 1KB in the first case or 0.5 KB in the second. Since we use Length objects not too often (numbers of items in datasets and numbers of documents for a given keyword) solution (1) shouldn't be problematic.

[michwill]

This is a low-priority nice-to-have, first we need client side conflict resolution