[GNUnet-SVN] [taler-anastasis] branch master updated: more comments, mor

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [taler-anastasis] branch master updated: more comments, mor

From:	gnunet
Subject:	[GNUnet-SVN] [taler-anastasis] branch master updated: more comments, more fixes
Date:	Thu, 26 Sep 2019 19:34:38 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository anastasis.

The following commit(s) were added to refs/heads/master by this push:
     new 8896d8d  more comments, more fixes
8896d8d is described below

commit 8896d8d6a16b08fae41394ca309adea243a7fee5
Author: Christian Grothoff <address@hidden>
AuthorDate: Thu Sep 26 19:34:36 2019 +0200

    more comments, more fixes
---
 src/api/crypto-anastasis.rst | 52 ++++++++++++++++++++++++++++++--------------
 1 file changed, 36 insertions(+), 16 deletions(-)

diff --git a/src/api/crypto-anastasis.rst b/src/api/crypto-anastasis.rst
index 9bcda4a..85f7cbd 100644
--- a/src/api/crypto-anastasis.rst
+++ b/src/api/crypto-anastasis.rst
@@ -91,6 +91,9 @@ generate the corresponding public key.
     eddsa_priv := eddsa_d_to_a(ver_secret)
     eddsa_pub := get_EdDSA_Pub(eddsa_priv)
 
+FIXME: ecdhe_d_to_a() needs to be specified.
+
+
 **HKDF()**: The HKDF-function uses to phases: First we use HMAC-SHA512 for the 
extraction phase, then HMAC-SHA256 is used for expansion phase.
 
 **kdf_id**: Hashed user_identifier.
@@ -112,19 +115,22 @@ generate the corresponding public key.
 ^^^^^^^^^^^^^^
 
 For symmetric encryption of data we use AES256-GCM. For this we need a
-symmetric key and an initialization vector (IV).
+symmetric key and an initialization vector (IV).  To ensure that the
+symmetric key changes for each encryption operation, we compute the
+key material using Diffie-Hellman (DH), combining a long-term ECDH
+key with an ephemeral (single-use) ECDHE key.
 
-To derive such a symmetric key
-we use ECDHE.  The ECDHE private key is another key derivation from our
-kdf_id.  The public Key is an ephemeral ECDHE Key which is always generated
-before every encryption.
+The long-term ECDH private key is again derived from the user's kdf_id.  The
+ephemeral ECDHE key is chosen at random before every encryption.
 
 .. code-block::
 
     enc_secret:= HKDF(kdf_id, salt_enc, keysize)
-    ecdhe_priv := ecdhe_d_to_a(enc_secret)
+    ecdh_priv := ecdhe_d_to_a(enc_secret)
+    ecdh_pub := get_ecdhe_pub(ecdh_priv)
+    ecdhe_priv := ecdhe_create(PRNG)
     ecdhe_pub := get_ecdhe_pub(ecdhe_priv)
-    sym_key := ecdhe(ecdhe_priv, ecdhe_pub)
+    sym_key := ecdhe(ecdhe_priv, ecdh_pub) = ecdhe(ecdh_pub, ecdhe_priv)
     enc_key:= HKDF(sym_key, salt_enc, keysize)
 
 **HKDF()**: The HKDF-function uses to phases: First we use HMAC-SHA512 for the 
extraction phase, then HMAC-SHA256 is used for expansion phase.
@@ -135,26 +141,40 @@ before every encryption.
 
 **key_size**: Size of the output, here 32Byte
 
-**enc_secret**: Derived Key from the kdf_id, serves as intermediate Step for 
the generation of the private Key
+**enc_secret**: Derived key material from the kdf_id, serves as intermediate 
step for the generation of the long-term private key.
+
+**ecdhe_d_to_a()**: Function which converts the enc_secret to a valid ECDH(E) 
private key.
+
+**sym_key**: Intermediate step for the generation of the symmetric key.
 
-**ecdhe_d_to_a()**: Function which converts the enc_secret to a valid ECDHE 
private Key.
+FIXME: Maybe call it something else? "dh_secret" might be a good name.
 
-**sym_key**: Intermediate step for the generation of the Key
+**enc_key**: Symmetric key which is later used to encrypt the documents with 
AES256-GCM.
 
-**enc_key**: Symetric Key which is later used to encrypt the documents with 
AES256-GCM
+FIXME: You need to specify the salt, and you also need to derive an IV (from 
sym_key).
 
 ----------------------------
 2. Key Usage
 ----------------------------
-The Keys we have generated, are now used to encrypt the recovery_document and 
the key_share of the user.
+
+The keys we have generated, are now used to encrypt the recovery_document and
+the key_share of the user.
 
 2.1 Encryption
-^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^
+
 Before every encryption an ephemeral ECDHE public key is generated.
-From this the symetric Key is computed as described above.
+From this the symmetric key is computed as described above.
 We use AES256-GCM for the encryption of the recovery_document and
 key_share.
 
+FIXME: This is underspecified.
+
+
 2.2 Signatures
-^^^^^^^^^^^^^^^^
-The EdDSA Keys are used to sign the data sent from the client to the server. 
Everything the client sends to server is signed.
+^^^^^^^^^^^^^^
+
+The EdDSA keys are used to sign the data sent from the client to the
+server. Everything the client sends to server is signed.
+
+FIXME: This is underspecified.

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [taler-anastasis] branch master updated: more comments, more fixes, gnunet <=

Prev by Date: [GNUnet-SVN] [libeufin] branch master updated: return ID upon successful user creation
Next by Date: [GNUnet-SVN] [lsd0001] branch master updated: update
Previous by thread: [GNUnet-SVN] [libeufin] branch master updated: return ID upon successful user creation
Next by thread: [GNUnet-SVN] [libeufin] branch master updated: half-baking customerInfo request
Index(es):
- Date
- Thread