From 461ac64b212917c2c2574b1c9f920fb1d1055d01 Mon Sep 17 00:00:00 2001 From: assafmo Date: Sun, 7 Jun 2020 11:19:33 +0300 Subject: [PATCH 1/2] ECDH implementation is x25519 --- docs/encryption-specs.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/encryption-specs.md b/docs/encryption-specs.md index 33efa9411..6d5a87db2 100644 --- a/docs/encryption-specs.md +++ b/docs/encryption-specs.md @@ -177,7 +177,7 @@ TODO reasoning - https://github.com/miscreant/meta - The input key is 256 bits, but half of it is used to derive the internal IV. - `seed_exchange_key` is derived the following way: - - `seed_exchange_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) with `consensus_seed_exchange_privkey` and `registration_pubkey`. + - `seed_exchange_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) ([x25519](https://tools.ietf.org/html/rfc7748#section-6)) with `consensus_seed_exchange_privkey` and `registration_pubkey`. - `seed_exchange_key` is derived using HKDF-SHA256 from `seed_exchange_ikm` and `nonce`. ```js @@ -219,7 +219,7 @@ TODO reasoning - `seed_exchange_key`: An AES-128-SIV encryption key. Will be used to decrypt `consensus_seed`. - `seed_exchange_key` is derived the following way: - - `seed_exchange_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) with `consensus_seed_exchange_pubkey` (public in `genesis.json`) and `registration_privkey` (available only inside the new node's Enclave). + - `seed_exchange_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) ([x25519](https://tools.ietf.org/html/rfc7748#section-6)) with `consensus_seed_exchange_pubkey` (public in `genesis.json`) and `registration_privkey` (available only inside the new node's Enclave). - `seed_exchange_key` is derived using HKDF-SHA256 with `seed_exchange_ikm` and `nonce`. @@ -397,8 +397,8 @@ return current_state_plaintext; TODO reasoning - `tx_encryption_key`: An AES-128-SIV encryption key. Will be used to encrypt tx inputs and decrypt tx outpus. - - `tx_encryption_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) with `consensus_io_exchange_pubkey` and `tx_sender_wallet_privkey` (on the sender's side). - - `tx_encryption_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) with `consensus_io_exchange_privkey` and `tx_sender_wallet_pubkey` (inside the Enclave of every full node). + - `tx_encryption_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) ([x25519](https://tools.ietf.org/html/rfc7748#section-6)) with `consensus_io_exchange_pubkey` and `tx_sender_wallet_privkey` (on the sender's side). + - `tx_encryption_ikm` is derived using [ECDH](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman) ([x25519](https://tools.ietf.org/html/rfc7748#section-6)) with `consensus_io_exchange_privkey` and `tx_sender_wallet_pubkey` (inside the Enclave of every full node). - `tx_encryption_key` is derived using HKDF-SHA256 with `tx_encryption_ikm` and a random number `nonce`. This is to prevent using the same key for the same tx sender multiple times. ## Input From 1b164fd23893b8c18ce59e4388ab1e571d8c4b6c Mon Sep 17 00:00:00 2001 From: assafmo Date: Sun, 7 Jun 2020 15:59:18 +0300 Subject: [PATCH 2/2] clean up old iv references --- docs/encryption-specs.md | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/docs/encryption-specs.md b/docs/encryption-specs.md index 6d5a87db2..eee50f72b 100644 --- a/docs/encryption-specs.md +++ b/docs/encryption-specs.md @@ -9,7 +9,6 @@ - [`consensus_seed_exchange_privkey`](#consensus_seed_exchange_privkey) - [`consensus_io_exchange_privkey`](#consensus_io_exchange_privkey) - [`consensus_state_ikm`](#consensus_state_ikm) - - [`consensus_state_iv`](#consensus_state_iv) - [Bootstrap Process Epilogue](#bootstrap-process-epilogue) - [Node Startup](#node-startup) - [New Node Registration](#new-node-registration) @@ -115,19 +114,6 @@ consensus_state_ikm = hkdf({ }); // 256 bits ``` -### `consensus_state_iv` - -TODO reasoning - -- `consensus_state_iv`: An input secret IV to prevent IV manipulation while encrypting contracts' state. - -```js -consensus_state_iv = hkdf({ - salt: hkfd_salt, - ikm: consensus_seed.append(uint8(4)), -}); // 256 bits -``` - ## Bootstrap Process Epilogue TODO reasoning @@ -158,7 +144,6 @@ TODO reasoning - The remote attestation proof that the node's Enclave is genuine. - `registration_pubkey` - 256 bits true random `nonce` - - 256 bits true random `iv` ## On the consensus layer, inside the Enclave of every full node @@ -337,7 +322,7 @@ if (current_state_ciphertext == null) { // field_name doesn't yet initialized in state ad = sha256(encrypted_field_name); } else { - // read previous_ad, verify it, calculate new iv + // read previous_ad, verify it, calculate new ad previous_ad = current_state_ciphertext.slice(0, 32); // first 32 bytes/256 bits current_state_ciphertext = current_state_ciphertext.slice(32); // skip first 32 bytes @@ -345,7 +330,7 @@ if (current_state_ciphertext == null) { key: encryption_key, data: current_state_ciphertext, ad: previous_ad, - }); // just to authenticate previous_iv + }); // just to authenticate previous_ad ad = sha256(previous_ad); }