Design question - nonces and deduplication

Can someone help me understand how restic generates and stores encryption nonces in such a way that chunk deduplication occurs betwen backups? Are chunks deduplicated eg when the beginning of a large file changes but the rest of the file stays the same? If so, how do you end up with the same nonce for the chunks each time?

Some info here:

@wurp To your specific question: The repository format references chunks by its ID which is the SHA256 of its content. Whenever a chunk ID is present, it will not be saved another time, if it is not present, it will be encrypted using a random nonce and then saved.

I see, the chunk data is encrypted, but is addressed by its unencrypted sha256 hash. Thanks! There’s a bit of data leaked there - if someone has the same content, they can see that you also have that content, since the hashes are the same.

From linked blog post I sent you:

Repository contents are content-addressed by SHA-256 at the encrypted file level, not at the backed up file level. That’s good not to leak hashes of files…

read all and it should shed enough light to clarify your questions.

Ha, your link was too subtle and I thought your reply was spam, instead of the nice dive into Restic’s internals that it was. Thanks!