Secrecy in concurrent version control systems

  • Jerônimo Pellegrini UNICAMP


This paper describes two cryptographic protocols for incorporating secrecy in concurrent version control systems in such a way that neither text nor passphrases are ever sent to possibly hostile servers. One of the protocols works for centralized and one for distributed version control systems. Most operations, as defined by the protocols, take linear time on the size of keys or the size of changes made to the content, and the most frequent ones do not depend on the number of users. Both protocols rely on a public key infrastructure for access control.


Arch: a distributed version control system. (May, 2006).

Darcs: a revision control system. (May, 2006).

Jacky Estublier, David Leblang, Geoff Clemm, Reidar Conradi, Walter Tichy, André van der Hoek, and Darcy Wiborg-Weber. Impact of the research community on the field of software configuration management. Transactions on Software Engineering and Methodology, 14(4):1–48, 2005.

Git: Tree history storage tool. (May, 2006).

D. Hankerson, A. Menezes, and S. Vanstone. Guide to Elliptic Curve Cryptography. Springer-Verlag, 2004.

E. J. Whitehead Jr. and Annita P. Dahlqvist, editors. Proceedings of the 12th International Workshop on Software Configuration Management (SCM 2005), 2005.

Alexis Leon. Software Configuration Management Handbook. Artech House, 2 edition, 2004.

J. MacDonald. Versioned file archiving, compression, and distribution. UC Berkeley. Available at (May, 2006).

Monotone: a distributed version control system. (May, 2006).

Nettle: a low-level cryptographic library. (May, 2006).

C. Michael Pilato, Ben Collins-Sussman, and Brian W. Fitzpatrick. Version Control with Subversion. O’Reilly, 2004.

Dave Thomas and Andy Hunt. Pragmatic Version Control Using CVS. Pragmatic Bookshelf, 2003.
PELLEGRINI, Jerônimo. Secrecy in concurrent version control systems. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 6. , 2006, Santos. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2006 . p. 250-263. DOI: