1.3. Integrity

Your client must preserve the integrity of uploaded files and filenames. At a minimum, this means that, when a user attempts to download a file that they have previously uploaded, if the adversary has maliciously tampered with the file contents, the user must be able to detect the integrity violation and raise an error accordingly.

Integrity should also extend to other components of your system. For instance, if the adversary has maliciously tampered with any metadata you are storing related to user authentication, you may want to (and are allowed to) raise an integrity error in the authenticate_user operation in order to avoid further issues later.

Additionally, given that users may share files with other users, any users shared on a file must be allowed to make modifications to the file in such a way that preserves the integrity of the file.

Of course, it is easy to prevent the adversary from tricking the user if you always raise an integrity violation error. Thus, regardless of your integrity checks, your implementation must preserve correctness—that is, any operations performed by a user outside the presence of any adversarial actions must return the correct (non-error) response.