[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [taler-anastasis] branch master updated: Crypto Draft(bad E
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [taler-anastasis] branch master updated: Crypto Draft(bad English) |
|
Date: |
Thu, 26 Sep 2019 12:03:21 +0200 |
This is an automated email from the git hooks/post-receive script.
ds-meister pushed a commit to branch master
in repository anastasis.
The following commit(s) were added to refs/heads/master by this push:
new 19a2028 Crypto Draft(bad English)
19a2028 is described below
commit 19a20285d67fe8bece1dbdf214cc3eacdbaceb19
Author: Dominik Meister <address@hidden>
AuthorDate: Thu Sep 26 12:03:11 2019 +0200
Crypto Draft(bad English)
---
src/api/crypto-anastasis.rst | 145 ++++++++++++++++++++++++++++---------------
1 file changed, 95 insertions(+), 50 deletions(-)
diff --git a/src/api/crypto-anastasis.rst b/src/api/crypto-anastasis.rst
index 02872c8..1bb62ce 100644
--- a/src/api/crypto-anastasis.rst
+++ b/src/api/crypto-anastasis.rst
@@ -21,72 +21,117 @@
==========================================
Specification of Cryptography in Anastasis
==========================================
+This document specifies the Crypto used in Anastasis.
-----------------
-Common Encodings
-----------------
-This section describes how certain types of values are represented throughout
the Anastasis API.
+-------------------
+1. Key derivations
+-------------------
+EdDSA and ECDHE public keys always point on Curve25519
+and represented using the standard 256 bits Ed25519 compact format,
+converted to Crockford Base32.
-Keys
-^^^^
-.. _`tsref-anastasis-type-EddsaPublicKey`:
-.. _`tsref-anastasis-type-EcdhePublicKey`:
-.. _`tsref-anastasis-type-EcdhePrivateKey`:
-.. _`tsref-anastasis-type-EddsaPrivateKey`:
+At the begin the user choses a secret e.g. AHV Number with full name we define
it here as user_identifier.
+This user_identifier will be Hashed first with SCRYPT. From this Hash the Key
Pairs(ECDHE, EdDSA) will be derived.
-.. code-block:: tsref
+.. code-block::
- // EdDSA and ECDHE public keys always point on Curve25519
- // and represented using the standard 256 bits Ed25519 compact format,
- // converted to Crockford `Base32`_.
- type EddsaPublicKey = string;
- type EddsaPrivateKey = string;
- type EcdhePublicKey = string;
- type EcdhePrivateKey = string;
+ kdf_id := SCrypt( user_identifier, server_salt, keysize )
-------------------------
-Cryptographic primitives
-------------------------
+**user_identifier**: The secret defined from the user beforehand.
-All elliptic curve operations are on Curve25519. Public and private keys are
thus 32 bytes,
-and signatures 64 bytes. For hashing, including HKDFs, Anastasis uses 512-bit
hash codes (64 bytes).
+**server_salt**: The Salt from the Server
-.. sourcecode:: c
+**keysize**: The output Size of the KDF, here 32Byte.
+
+
+1.1 Verification
+^^^^^^^^^^^^^^^^
+For the verficiation of the Data we need a EdDSA Key Pair. For the
+generation of the Private Key we use the kdf_id and derive another
+key from this. This Key will then be proccessed to fit for EdDSA
+private Key. With this private Key we can then generate a matching
+Public Key.
+
+.. code-block::
+
+ ver_secret:= HKDF(kdf_id, salt_ver, keysize)
+ eddsa_priv := eddsa_d_to_a(ver_secret)
+ eddsa_pub := get_EdDSA_Pub(eddsa_priv)
+
+**HKDF()**: The HKDF-function uses to phases: First we use HMAC-SHA512 for the
extraction phase, then HMAC-SHA256 is used for expansion phase.
+
+**kdf_id**: Hashed user secret
+
+**salt_ver**: Salt for the derivation of the verficiation Keys
+
+**key_size**: Size of the output, here 32Byte
+
+**ver_secret**: Derived Key from the kdf_id, serves as intermediate Step for
the generation of the private Key
+
+**eddsa_d_to_a()**: Function which converts the ver_key to a valid
+EdDSA private Key (modulo p etc..)
+
+**eddsa_priv**: The generated EdDSA private Key
+
+**eddsa_pub**: The generated EdDSA public Key
+
+
+1.2 Encryption
+^^^^^^^^^^^^^^^^
+For the encryption of our data we use AES256-GCM. For this we need
+a symetric Key and IV. To derive such a symetric Key we use ECDHE.
+The ECDHE private Key is another key derivation from our kdf_id.
+The public Key is an ephemeral ECDHE Key which is always generated
+before every encryption.
+
+.. code-block::
+
+ enc_secret:= HKDF(kdf_id, salt_enc, keysize)
+ ecdhe_priv := ecdhe_d_to_a(enc_secret)
+ ecdhe_pub := get_ecdhe_pub(ecdhe_priv)
+ sym_key := ecdhe(ecdhe_priv, ecdhe_pub)
+ enc_key:= HKDF(sym_key, salt_enc, keysize)
+
+**HKDF()**: The HKDF-function uses to phases: First we use HMAC-SHA512 for the
extraction phase, then HMAC-SHA256 is used for expansion phase.
+
+**kdf_id**: Hashed user secret
+
+**salt_enc**: Salt for the derivation of the encryption Keys
+
+**key_size**: Size of the output, here 32Byte
+
+**enc_secret**: Derived Key from the kdf_id, serves as intermediate Step for
the generation of the private Key
+
+**ecdhe_d_to_a()**: Function which converts the enc_secret to a valid ECDHE
private Key.
+
+**sym_key**: Intermediate step for the generation of the Key
+
+**enc_key**: Symetric Key which is later used to encrypt the documents with
AES256-GCM
+
+----------------------------
+2. Key Usage
+----------------------------
+The Keys we have generated, are now used to encrypt the recovery_document and
the key_share of the user.
+
+2.1 Encryption
+^^^^^^^^^^^^^^^^
+Before every encryption an ephemeral ECDHE public key is generated.
+From this the symetric Key is computed as described above.
+We use AES256-GCM for the encryption of the recovery_document and
+key_share.
+
+2.2 Signatures
+^^^^^^^^^^^^^^^^
+The EdDSA Keys are used to sign the data sent from the client to the server.
Everything the client sends to server is signed.
- struct GNUNET_HashCode {
- uint8_t hash[64]; // usually SHA-512
- };
-.. _ephemeral_pub:
-.. sourcecode:: c
- struct ANASTASIS_EphemeralPublicKeyP {
- uint8_t ecdhe_pub[32];
- };
-------------------------
-Anastasis Objects
-------------------------
-.. _user_id:
-At the begin the user choses a secret e.g. AHV Number, social security
number... we define it here as user_identifier.
-From this user_identifier we derive then two Hashes H_1 and H_2.
-The first Hash H_1 is generated with the SCRYPT KDF function, the Hash has a
length of 32Byte. As an Input we take the
-user_identifier and the Server Salt. For the second Hash H_2 we the take the
**FIXME** function with the same length and Input.
-H_1 then serves as our $ACCOUNT_PRIV we then compute through the EDDSA
Algorithm the $ACCOUNT_PUB.
-The H_2 Hash is then used for the encryption of the user data.
-.. _recovery_document:
-The recover_document is encrypted with AES256-GCM (AEAD). We generate the Key
for the encryption with the following steps.
-1. We derive a ephemeral public key from our H_2 value.
-2. Perform a ECDHE with the ephemeral public key and our H_2 this gives us a
key K
-3. From this K we derive our Symetric Key and IV through the HKDF function
**FIXME**.
-4. Now the IV and Symetric Key is used in the AES256-GCM to encrypt our
Recovery Document.
-.. _key_share:
-The same procedure, but it generates a different Key since the ephemeral
public key is different.
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [taler-anastasis] branch master updated: Crypto Draft(bad English),
gnunet <=