Algebraic Replicated Data Types: Programming Secure Local-First Software

Authors Christian Kuessner , Ragnar Mogk , Anna-Katharina Wickert , Mira Mezini

Thumbnail PDF


  • Filesize: 2.76 MB
  • 33 pages

Document Identifiers

Author Details

Christian Kuessner
  • Technische Universität Darmstadt, Germany
Ragnar Mogk
  • Technische Universität Darmstadt, Germany
Anna-Katharina Wickert
  • Technische Universität Darmstadt, Germany
Mira Mezini
  • hessian.AI, Darmstadt, Germany
  • Technische Universität Darmstadt, Germany

Cite AsGet BibTex

Christian Kuessner, Ragnar Mogk, Anna-Katharina Wickert, and Mira Mezini. Algebraic Replicated Data Types: Programming Secure Local-First Software. In 37th European Conference on Object-Oriented Programming (ECOOP 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 263, pp. 14:1-14:33, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


This paper is about programming support for local-first applications that manage private data locally, but still synchronize data between multiple devices. Typical use cases are synchronizing settings and data, and collaboration between multiple users. Such applications must preserve the privacy and integrity of the user’s data without impeding or interrupting the user’s normal workflow - even when the device is offline or has a flaky network connection. From the programming perspective, availability along with privacy and security concerns pose significant challenges, for which developers have to learn and use specialized solutions such as conflict-free replicated data types (CRDTs) or APIs for centralized data stores. This work relieves developers from this complexity by enabling the direct and automatic use of algebraic data types - which developers already use to express the business logic of the application - for synchronization and collaboration. Moreover, we use this approach to provide end-to-end encryption and authentication between multiple replicas (using a shared secret), that is suitable for a coordination-free setting. Overall, our approach combines all the following advantages: it (1) allows developers to design custom data types, (2) provides data privacy and integrity when using untrusted intermediaries, (3) is coordination free, (4) guarantees eventual consistency by construction (i.e., independent of developer errors), (5) does not cause indefinite growth of metadata, (6) has sufficiently efficient implementations for the local-first setting.

Subject Classification

ACM Subject Classification
  • Information systems → Data management systems
  • Computer systems organization → Dependable and fault-tolerant systems and networks
  • Security and privacy → Cryptography
  • local-first
  • data privacy
  • coordination freedom
  • CRDTs
  • AEAD


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. Comparing the usability of cryptographic apis. In 2017 IEEE Symposium on Security and Privacy (SP), pages 154-171, 2017. URL:
  2. Paulo Sérgio Almeida, Ali Shoker, and Carlos Baquero. Delta state replicated data types. Journal of Parallel and Distributed Computing, 111:162-173, 2018. URL:
  3. Scott Arciszewski. XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305. Internet-Draft draft-irtf-cfrg-xchacha-03, Internet Engineering Task Force, 2020. Work in Progress. URL:
  4. Manuel Barbosa, Bernardo Ferreira, João Marques, Bernardo Portela, and Nuno Preguiça. Secure conflict-free replicated data types. In International Conference on Distributed Computing and Networking 2021, ICDCN '21, pages 6-15, New York, NY, USA, 2021. Association for Computing Machinery. URL:
  5. Lars Baumgärtner, Jonas Höchst, and Tobias Meuser. B-dtn7: Browser-based disruption-tolerant networking via bundle protocol 7. In 2019 International Conference on Information and Communication Technologies for Disaster Management (ICT-DM), pages 1-8, 2019. URL:
  6. Lars Baumgärtner, Patrick Lieser, Julian Zobel, Bastian Bloessl, Ralf Steinmetz, and Mira Mezini. Loragent: A dtn-based location-aware communication system using lora. In 2020 IEEE Global Humanitarian Technology Conference (GHTC), pages 1-8, 2020. URL:
  7. Daniel J. Bernstein. Extending the salsa20 nonce. In Workshop Record of Symmetric Key Encryption Workshop 2011, 2011. URL:
  8. Annette Bieniusa, Marek Zawirski, Nuno Preguiça, Marc Shapiro, Carlos Baquero, Valter Balegas, and Sérgio Duarte. An optimized conflict-free replicated set. Research Report RR-8083, INRIA, October 2012. URL:
  9. Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, and Philipp Jovanovic. Nonce-disrespecting adversaries: Practical forgery attacks on GCM in TLS. In 10th USENIX Workshop on Offensive Technologies (WOOT 16). USENIX Association, 2016. URL:
  10. Russell Brown. Vector clocks revisited, 2015. Online; accessed 18 October 2021. URL:
  11. Tse-Hsun Chen, Weiyi Shang, Jinqiu Yang, Ahmed E. Hassan, Michael W. Godfrey, Mohamed N. Nasser, and Parminder Flora. An empirical study on the practice of maintaining object-relational mapping code in java systems. In Miryung Kim, Romain Robbes, and Christian Bird, editors, Proceedings of the 13th International Conference on Mining Software Repositories, MSR 2016, Austin, TX, USA, May 14-22, 2016, pages 165-176. ACM, 2016. URL:
  12. Neil Conway, William R. Marczak, Peter Alvaro, Joseph M. Hellerstein, and David Maier. Logic and lattices for distributed programming. In Michael J. Carey and Steven Hand, editors, ACM Symposium on Cloud Computing, SOCC '12, San Jose, CA, USA, October 14-17, 2012, page 1. ACM, 2012. URL:
  13. Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In 13th USENIX Security Symposium (USENIX Security 04), San Diego, CA, August 2004. USENIX Association. URL:
  14. Morris J. Dworkin. Recommendation for block cipher modes of operation: Galois/counter mode (gcm) and gmac. Technical report, National Institute of Standards and Technology, 2007. URL:
  15. Vitor Enes, Paulo Sérgio Almeida, Carlos Baquero, and João Leitão. Efficient synchronization of state-based crdts. In 2019 IEEE 35th International Conference on Data Engineering (ICDE), pages 148-159. IEEE, 2019. URL:
  16. Sascha Fahl, Marian Harbach, Thomas Muders, Lars Baumgärtner, Bernd Freisleben, and Matthew Smith. Why eve and mallory love android: An analysis of android ssl (in)security. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 50-61, New York, NY, USA, 2012. Association for Computing Machinery. URL:
  17. Google. Authenticated encryption with associated data (aead). Online; accessed 12 October 2021. URL:
  18. Matthew Green and Matthew Smith. Developers are not the enemy!: The need for usable security apis. IEEE Security & Privacy, 14(5):40-46, 2016. URL:
  19. Shay Gueron and Yehuda Lindell. GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pages 109-119, New York, NY, USA, October 2015. Association for Computing Machinery. URL:
  20. Christoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, and Thomas Schneider. All the numbers are US: large-scale abuse of contact discovery in mobile messengers. In 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, February 21-25, 2021. The Internet Society, 2021. URL:
  21. Joseph M. Hellerstein and Peter Alvaro. Keeping calm: When distributed consistency is easy. Commun. ACM, 63(9):72-81, 2020. URL:
  22. Antoine Joux. Nonce misuse-resistant authenticated encryption, 2019. URL:
  23. Martin Kleppmann. Making CRDTs Byzantine fault tolerant. In 9th Workshop on Principles and Practice of Consistency for Distributed Data, PaPoC 2022, pages 8-15. ACM, April 2022. URL:
  24. Martin Kleppmann and Alastair R. Beresford. A conflict-free replicated json datatype. IEEE Transactions on Parallel and Distributed Systems, 28(10):2733-2746, 2017. URL:
  25. Martin Kleppmann, Adam Wiggins, Peter van Hardenberg, and Mark McGranaghan. Local-first software: you own your data, in spite of the cloud. In Proceedings of the 2019 ACM SIGPLAN International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software, Onward! 2019, pages 154-178, New York, NY, USA, 2019. Association for Computing Machinery. URL:
  26. Stephan A Kollmann, Martin Kleppmann, and Alastair R Beresford. Snapdoc: Authenticated snapshots with history privacy in peer-to-peer collaborative editing. Proceedings on Privacy Enhancing Technologies (PoPETS), 2019(3):210-232, July 2019. URL:
  27. Stefan Krüger, Johannes Späth, Karim Ali, Eric Bodden, and Mira Mezini. CrySL: An extensible approach to validating the correct usage of cryptographic APIs. IEEE Transactions on Software Engineering, 47(11):2382-2400, 2019. URL:
  28. Leslie Lamport. Time, clocks, and the ordering of events in a distributed system. Commun. ACM, 21(7):558-565, 1978. URL:
  29. Paul J. Leach, Rich Salz, and Michael H. Mealling. A universally unique identifier (uuid) urn namespace. RFC 4122, 2005. URL:
  30. Libsodium Project. Aes256-gcm. Online; accessed 14 October 2021. URL:
  31. David McGrew. An interface and algorithms for authenticated encryption. RFC 5116, 2008. URL:
  32. Kai Mindermann, Philipp Keck, and Stefan Wagner. How usable are rust cryptography apis? In 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS), pages 143-154, 2018. URL:
  33. Ragnar Mogk. A Programming Paradigm for Reliable Applications in a Decentralized Setting. PhD thesis, Technische Universität Darmstadt, Darmstadt, March 2021. URL:
  34. Ragnar Mogk, Lars Baumgärtner, Guido Salvaneschi, Bernd Freisleben, and Mira Mezini. Fault-tolerant distributed reactive programming. In Todd D. Millstein, editor, 32nd European Conference on Object-Oriented Programming, ECOOP 2018, July 16-21, 2018, Amsterdam, The Netherlands, volume 109 of LIPIcs, pages 1:1-1:26. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2018. URL:
  35. Ragnar Mogk, Joscha Drechsler, Guido Salvaneschi, and Mira Mezini. A fault-tolerant programming model for distributed interactive applications. Proc. ACM Program. Lang., 3(OOPSLA):144:1-144:29, 2019. URL:
  36. Sarah Nadi, Stefan Krüger, Mira Mezini, and Eric Bodden. Jumping through hoops: why do java developers struggle with cryptography APIs? In Laura K. Dillon, Willem Visser, and Laurie A. Williams, editors, Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016, pages 935-946. ACM, 2016. URL:
  37. Petru Nicolaescu, Kevin Jahns, Michael Derntl, and Ralf Klamma. Yjs: A framework for near real-time p2p shared editing on arbitrary data types. In Philipp Cimiano, Flavius Frasincar, Geert-Jan Houben, and Daniel Schwabe, editors, Engineering the Web in the Big Data Era, pages 675-678. Springer International Publishing, 2015. URL:
  38. Marten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes, and Sascha Fahl. Why eve and mallory still love android: Revisiting TLS (In)Security in android applications. In 30th USENIX Security Symposium (USENIX Security 21), pages 4347-4364. USENIX Association, August 2021. URL:
  39. Nuno Preguiça, Carlos Baquero, and Marc Shapiro. Conflict-free replicated data types crdts. In Sherif Sakr and Albert Zomaya, editors, Encyclopedia of Big Data Technologies, pages 1-10. Springer International Publishing, 2018. URL:
  40. Nuno Preguiça, Carlos Bauqero, Paulo Sérgio Almeida, Victor Fonte, and Ricardo Gonçalves. Brief announcement: Efficient causality tracking in distributed storage systems with dotted version vectors. In Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing, PODC '12, pages 335-336, New York, NY, USA, 2012. Association for Computing Machinery. URL:
  41. Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, and Danfeng (Daphne) Yao. Cryptoguard: High precision detection of cryptographic vulnerabilities in massive-sized java projects. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19, pages 2455-2472, New York, NY, USA, 2019. Association for Computing Machinery. URL:
  42. Pierre-Antoine Rault, Claudia-Lavinia Ignat, and Olivier Perrin. Distributed access control for collaborative applications using CRDTs. In 9th Workshop on Principles and Practice of Consistency for Distributed Data, PaPoC 2022, pages 33-38. ACM, April 2022. URL:
  43. Eric Rescorla. The transport layer security (tls) protocol version 1.3. RFC 8446, 2018. URL:
  44. Phillip Rogaway. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM conference on Computer and communications security, CCS '02, pages 98-107, New York, NY, USA, November 2002. Association for Computing Machinery. URL:
  45. Phillip Rogaway. Nonce-based symmetric encryption. In Bimal K. Roy and Willi Meier, editors, Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5-7, 2004, Revised Papers, volume 3017 of Lecture Notes in Computer Science, pages 348-359. Springer, 2004. URL:
  46. Joseph A. Salowey, David McGrew, and Abhijit Choudhury. Aes galois counter mode (gcm) cipher suites for tls. RFC 5288, 2008. URL:
  47. Hector Sanjuan, Samuli Poyhtari, Pedro Teixeira, and Ioannis Psaras. Merkle-CRDTs: Merkle-DAGs meet CRDTs. CoRR, April 2020. URL:
  48. Sebastian Schildt, Tim Lüdtke, Klaus Reinprecht, and Lars Wolf. User study on the feasibility of incentive systems for smartphone-based dtns in smart cities. In Proceedings of the 2014 ACM International Workshop on Wireless and Mobile Technologies for Smart Cities, WiMobCity '14, pages 67-76, New York, NY, USA, 2014. Association for Computing Machinery. URL:
  49. Bruce Schneier. Applied cryptography - Protocols, algorithms, and source code in C, 2nd Edition. Wiley, 1996. URL:
  50. Marc Shapiro, Annette Bieniusa, Nuno M. Preguiça, Valter Balegas, and Christopher Meiklejohn. Just-right consistency: Reconciling availability and safety. CoRR, abs/1801.06340, 2018. URL:
  51. Marc Shapiro, Nuno Preguiça, Carlos Baquero, and Marek Zawirski. A comprehensive study of Convergent and Commutative Replicated Data Types. Research Report RR-7506, Inria - Centre Paris-Rocquencourt ; INRIA, 2011. URL:
  52. Marc Shapiro, Nuno Preguiça, Carlos Baquero, and Marek Zawirski. Conflict-free replicated data types. In Xavier Défago, Franck Petit, and Vincent Villain, editors, Stabilization, Safety, and Security of Distributed Systems, pages 386-400. Springer Berlin Heidelberg, 2011. URL:
  53. Milan Stute, Florian Kohnhauser, Lars Baumgartner, Lars Almon, Matthias Hollick, Stefan Katzenbeisser, and Bernd Freisleben. RESCUE: A resilient and secure device-to-device communication framework for emergencies. IEEE Transactions on Dependable and Secure Computing, pages 1-1, 2020. URL:
  54. Chengzheng Sun. Reflections on collaborative editing research: From academic curiosity to real-world application. In Weiming Shen, Pedro Antunes, Nguyen Hoang Thuan, Jean-Paul A. Barthès, Junzhou Luo, and Jianming Yong, editors, 21st IEEE International Conference on Computer Supported Cooperative Work in Design, CSCWD 2017, Wellington, New Zealand, April 26-28, 2017, pages 10-17. IEEE, 2017. URL:
  55. Hien Thi Thu Truong, Claudia-Lavinia Ignat, and Pascal Molli. Authenticating operation-based history in collaborative systems. In 17th ACM International Conference on Supporting Group Work, GROUP 2012, pages 131-140. ACM, October 2012. URL:
  56. Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. Vuvuzela: Scalable private messaging resistant to traffic analysis. In Proceedings of the 25th Symposium on Operating Systems Principles, SOSP '15, pages 137-152, New York, NY, USA, 2015. Association for Computing Machinery. URL:
  57. Mathy Vanhoef and Frank Piessens. Key reinstallation attacks: Forcing nonce reuse in wpa2. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS '17, pages 1313-1328, New York, NY, USA, October 2017. Association for Computing Machinery. URL:
  58. Pascal Weisenburger, Mirko Köhler, and Guido Salvaneschi. Distributed system development with scalaloci. Proc. ACM Program. Lang., 2(OOPSLA):129:1-129:30, 2018. URL: