more ECIES, change to secp256k1, etc.
This commit is contained in:
parent
9f0abb5a19
commit
5cd13dccc0
GPG Key ID:
E21FEB2C244CB7EB
@ -2,8 +2,8 @@
|
||||
|
||||
Yigid BALABAN, <fyb@fybx.dev>
|
||||
|
||||
Revision 1
|
||||
21/08/2024
|
||||
Revision 2
|
||||
23/08/2024
|
||||
|
||||
## System Elements
|
||||
|
||||
@ -12,7 +12,7 @@ The system elements are/will be described and discussed in the ZKL System Archit
|
||||
### 1. Key Derivation Service
|
||||
|
||||
The Key Derivation Service (or KDS for short) provides
|
||||
1. a deterministic Curve25519 keypair generator from BIP-39 mnemonics,
|
||||
1. a deterministic secp256k1 keypair generator from BIP-39 mnemonics,
|
||||
2. a pseudo-random BIP-39 mnemonic generator through web-bip-39 package.
|
||||
|
||||
### 2. Cross-chain Identity Registry
|
||||
@ -32,9 +32,9 @@ The client (the sender) generates the encrypted payload to be sent to the reciev
|
||||
### Sending a file
|
||||
|
||||
#### Definitions
|
||||
$K_{r}:\text{Recipient's public key on Curve25519}$
|
||||
$K_{e}:\text{A symmetric key derived for the file to be sent, 256 bits}$
|
||||
$E(K_{e}):\text{The symmetric key, encrypted using ECIES}$
|
||||
$Q_{r}:\text{Recipient's public key on curve secp256k1}$
|
||||
$G:\text{The generator point on curve secp256k1}$
|
||||
$Z:\text{A symmetric key derived for the file to be sent, the shared secret}$
|
||||
$F:\text{The file contents, in plaintext}$
|
||||
$F_{c}:\text{The file contents, in ciphertext}$
|
||||
$IV:\text{The initialization vector required for AES-GCM-256}$
|
||||
@ -42,9 +42,12 @@ $P:\text{The payload, what is sent to the recipient}$
|
||||
|
||||
#### Workflow
|
||||
|
||||
1. The $K_{r}$ is retrieved from the CCIR.
|
||||
2. The $K_{e}$ is generated randomly for the file, $F$.
|
||||
3. File $F$ is encrypted using AES-GCM-256 with encryption key $K_{e}$, and a randomly generated initialization vector, $IV$.
|
||||
4. The $K_{e}$ is encrypted using ECIES, which is discussed in detail, in section “Key Encryption through ECIES”. This results in a new encrypted data, $E(K_{e})$.
|
||||
5. The payload $P$ is created by concatenating $F_{e},\;IV\;E(K_{e})$
|
||||
6. The payload is uploaded to the EFS.
|
||||
1. The $Q_{r}$ is retrieved from the CCIR.
|
||||
2. An ephemeral keypair is generated, $Q_{e}$ and $d_{e}$.
|
||||
3. The shared secret which will be used in symmetric encryption is computed from $Z=d_{e}\times Q_{r}$.
|
||||
5. File $F$ is encrypted using AES-GCM-256 with encryption key $Z$, and a randomly generated initialization vector, $IV$.
|
||||
7. The payload $P$ is created by concatenating $Q_{e},\;IV,\;\text{MAC},\;F_{e}$.
|
||||
8. The payload is uploaded to the EFS.
|
||||
|
||||
> [!info] Reminder
|
||||
> The MAC in the payload $P$ at step 7 is a result of using AES-GCM-256, which is selected in ECIES implementation in the Rust crate we consume through ecies/rs-wasm package.
|
||||
|
||||
BIN
pdfs/crypto sysarch.pdf
Normal file
BIN
pdfs/crypto sysarch.pdf
Normal file
Binary file not shown.
Loading…
x
Reference in New Issue
Block a user