You use different hashes for discovery and encryption.
One method is use HASH(0 || content) for discovery and HASH(1 || content) for encryption.
You could also use HASH(content) for encryption and HASH(HASH(content)) for discovery.
(Talk to a real cryptographer to ensure that this is both theoretically sound and robust against likely algorithm vulnerabilities)
As long as you can't go from the discovery key to the encryption key you should be fine.
IIRC this is already done. I think they do something like HASH(CID) for publishing on the network, but before the data is sent to the node they have to prove that they know CID. This provides protocol-level protection this content-based encryption. (Although it has downsides such as not being able to store encrypted data on untrusted nodes)
One method is use HASH(0 || content) for discovery and HASH(1 || content) for encryption.
You could also use HASH(content) for encryption and HASH(HASH(content)) for discovery.
(Talk to a real cryptographer to ensure that this is both theoretically sound and robust against likely algorithm vulnerabilities)
As long as you can't go from the discovery key to the encryption key you should be fine.
IIRC this is already done. I think they do something like HASH(CID) for publishing on the network, but before the data is sent to the node they have to prove that they know CID. This provides protocol-level protection this content-based encryption. (Although it has downsides such as not being able to store encrypted data on untrusted nodes)