Skip to content
/ pdid Public

Password-authenticated Decentralized Identities

4 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pszal/pdid

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
chaincode
chaincode
 
 
lib
lib
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
fpc-1.0-gitdiff.patch
fpc-1.0-gitdiff.patch
 
 
integration_test.c
integration_test.c
 
 
local_test.c
local_test.c
 
 

Repository files navigation

Password-authenticated Decentralized Identities (PDIDs)

PDIDs are human-meaningful, globally unique, and decentralized identities, which are securely authenticated with passwords. The technical details of PDIDs are presented in P.Szalachowski, "Password-authenticated Decentralized Identities", 2020

This repository contains a proof-of-concept PDIDs implementation, intended for demonstration purposes only.

Code

  • lib/ contains main PDID procedures including the implementation of modified OPAQUE and HMQV protocols
  • lib/ecc.{c,h} are from Easy-ECC. It is modified (to be compatible with Intel SGX and its SDK) and extended by PDID-related functions (prefixed with pdid_)
  • lib/tweetnacl.{c,h} are from TweetNaCl
  • chaincode/ is the GPM smart contract to be deployed with Hyperledger Fabric Private Chaincode (FPC)
  • fpc-1.0-gitdiff.patch is fix for building FPCv1.0 and adding an SGX's ocall getting local system time (used for performance measurements only)

Local tests

Local (emulation) test should work out of box: make && ./local_test For better performance, you can use NaCl instead of TweetNaCl. Install NaCl, change the build path to yours export NACL_PATH=../../nacl-20110221/build/Latitude5280 and compile with the following flags (for x86_64) -I${NACL_PATH}/include/amd64 -L${NACL_PATH}/lib/amd64 -lnacl -DWITH_NACL

The integration test requires FPC deployment.

Hyperledger deployment

  1. Generate ./integration_test by make
  2. Install FPC as described here (I used the concept release 1.0 branch.)
  3. Do a clean FPC build (even if you go with the Docker option) and before building apply the patch from this directory: git apply fpc-1.0-gitdiff.patch
  4. Copy chaincode/ and lib/ to FPC's examples/. Then cd examples/chaincode && make.
  5. In another terminal, run ./integration_test and follow its instructions

Caveats and TODO

  • If you get "Enclave: VIOLATION!!! Oh oh! cmac does not match!" in FPC logs, see my comment in lib/pdid_gpm.c:11
  • Sanity checks and inline TODO/FIXMEs
  • Constant-time gpm_auth() and optimized server/client-side cryptographic operations
  • Fixing compilation warnings and C/C++ mixes
  • At least in FPCv1.0, state keys are not encrypted, revealing registered usernames. An easy fix is to generate a secret upon contract creation, and use PRF(secret|username) as state keys, instead of plain usernames.
  • ...

Author

Pawel Szalachowski

About

Password-authenticated Decentralized Identities

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages