diff --git a/crypto sysarch.md b/crypto sysarch.md index 00bb406..24e4705 100644 --- a/crypto sysarch.md +++ b/crypto sysarch.md @@ -2,8 +2,8 @@ Yigid BALABAN, -Revision 1 -21/08/2024 +Revision 2 +23/08/2024 ## System Elements @@ -12,7 +12,7 @@ The system elements are/will be described and discussed in the ZKL System Archit ### 1. Key Derivation Service The Key Derivation Service (or KDS for short) provides -1. a deterministic Curve25519 keypair generator from BIP-39 mnemonics, +1. a deterministic secp256k1 keypair generator from BIP-39 mnemonics, 2. a pseudo-random BIP-39 mnemonic generator through web-bip-39 package. ### 2. Cross-chain Identity Registry @@ -32,9 +32,9 @@ The client (the sender) generates the encrypted payload to be sent to the reciev ### Sending a file #### Definitions -$K_{r}:\text{Recipient's public key on Curve25519}$ -$K_{e}:\text{A symmetric key derived for the file to be sent, 256 bits}$ -$E(K_{e}):\text{The symmetric key, encrypted using ECIES}$ +$Q_{r}:\text{Recipient's public key on curve secp256k1}$ +$G:\text{The generator point on curve secp256k1}$ +$Z:\text{A symmetric key derived for the file to be sent, the shared secret}$ $F:\text{The file contents, in plaintext}$ $F_{c}:\text{The file contents, in ciphertext}$ $IV:\text{The initialization vector required for AES-GCM-256}$ @@ -42,9 +42,12 @@ $P:\text{The payload, what is sent to the recipient}$ #### Workflow -1. The $K_{r}$ is retrieved from the CCIR. -2. The $K_{e}$ is generated randomly for the file, $F$. -3. File $F$ is encrypted using AES-GCM-256 with encryption key $K_{e}$, and a randomly generated initialization vector, $IV$. -4. The $K_{e}$ is encrypted using ECIES, which is discussed in detail, in section “Key Encryption through ECIES”. This results in a new encrypted data, $E(K_{e})$. -5. The payload $P$ is created by concatenating $F_{e},\;IV\;E(K_{e})$ -6. The payload is uploaded to the EFS. \ No newline at end of file +1. The $Q_{r}$ is retrieved from the CCIR. +2. An ephemeral keypair is generated, $Q_{e}$ and $d_{e}$. +3. The shared secret which will be used in symmetric encryption is computed from $Z=d_{e}\times Q_{r}$. +5. File $F$ is encrypted using AES-GCM-256 with encryption key $Z$, and a randomly generated initialization vector, $IV$. +7. The payload $P$ is created by concatenating $Q_{e},\;IV,\;\text{MAC},\;F_{e}$. +8. The payload is uploaded to the EFS. + +> [!info] Reminder +> The MAC in the payload $P$ at step 7 is a result of using AES-GCM-256, which is selected in ECIES implementation in the Rust crate we consume through ecies/rs-wasm package. diff --git a/pdfs/crypto sysarch.pdf b/pdfs/crypto sysarch.pdf new file mode 100644 index 0000000..487bb3b Binary files /dev/null and b/pdfs/crypto sysarch.pdf differ