I wonder if it would be possible to encrypt the data associated with each snapshot ID with a seperate key.
Chunks would need to be encrypted with a common key as is currently the case as these would be shared between all revisions across all snapshot IDs.
The use case I’m thinking of is a shared storage used by many clients that are from different organisations but we want to take advantage of “global” deduplication across all clients.
Each org would have their own key plus the common key, and then only be able to “see” their own snapshot IDs. They would be able to decrypt arbitrary chunks using the common key, however that is a much smaller issue than being able to enumerate, restore or even delete/prune any revision from any snapshot ID.
Such a design would mean that any use of prune across all IDs would need to know all keys to decide which chunks could be deleted, but in my thoughts around use cases for this it would be for a provider who manages all access and client setup, so they would have knowledge of the keys anyway.
Apologies if this has been asked previously, however I couldn’t find it on the forums when I searched.