fyb/zkl-docs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more ECIES, change to secp256k1, etc.

Browse Source
This commit is contained in:
yigid balaban 2024-08-23 12:34:26 +03:00
parent 9f0abb5a19
commit 5cd13dccc0
Signed by: fyb
GPG Key ID: E21FEB2C244CB7EB
2 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
crypto sysarch.md
View File

@ -2,8 +2,8 @@
Yigid BALABAN, <fyb@fybx.dev> Yigid BALABAN, <fyb@fybx.dev>
Revision 1 Revision 2
21/08/2024 23/08/2024
## System Elements ## System Elements
@ -12,7 +12,7 @@ The system elements are/will be described and discussed in the ZKL System Archit
### 1. Key Derivation Service ### 1. Key Derivation Service
The Key Derivation Service (or KDS for short) provides The Key Derivation Service (or KDS for short) provides
1. a deterministic Curve25519 keypair generator from BIP-39 mnemonics, 1. a deterministic secp256k1 keypair generator from BIP-39 mnemonics,
2. a pseudo-random BIP-39 mnemonic generator through web-bip-39 package. 2. a pseudo-random BIP-39 mnemonic generator through web-bip-39 package.
### 2. Cross-chain Identity Registry ### 2. Cross-chain Identity Registry
@ -32,9 +32,9 @@ The client (the sender) generates the encrypted payload to be sent to the reciev
### Sending a file ### Sending a file
#### Definitions #### Definitions
$K_{r}:\text{Recipient's public key on Curve25519}$ $Q_{r}:\text{Recipient's public key on curve secp256k1}$
$K_{e}:\text{A symmetric key derived for the file to be sent, 256 bits}$ $G:\text{The generator point on curve secp256k1}$
$E(K_{e}):\text{The symmetric key, encrypted using ECIES}$ $Z:\text{A symmetric key derived for the file to be sent, the shared secret}$
$F:\text{The file contents, in plaintext}$ $F:\text{The file contents, in plaintext}$
$F_{c}:\text{The file contents, in ciphertext}$ $F_{c}:\text{The file contents, in ciphertext}$
$IV:\text{The initialization vector required for AES-GCM-256}$ $IV:\text{The initialization vector required for AES-GCM-256}$
@ -42,9 +42,12 @@ $P:\text{The payload, what is sent to the recipient}$
#### Workflow #### Workflow
1. The $K_{r}$ is retrieved from the CCIR. 1. The $Q_{r}$ is retrieved from the CCIR.
2. The $K_{e}$ is generated randomly for the file, $F$. 2. An ephemeral keypair is generated, $Q_{e}$ and $d_{e}$.
3. File $F$ is encrypted using AES-GCM-256 with encryption key $K_{e}$, and a randomly generated initialization vector, $IV$. 3. The shared secret which will be used in symmetric encryption is computed from $Z=d_{e}\times Q_{r}$.
4. The $K_{e}$ is encrypted using ECIES, which is discussed in detail, in section “Key Encryption through ECIES”. This results in a new encrypted data, $E(K_{e})$. 5. File $F$ is encrypted using AES-GCM-256 with encryption key $Z$, and a randomly generated initialization vector, $IV$.
5. The payload $P$ is created by concatenating $F_{e},\;IV\;E(K_{e})$ 7. The payload $P$ is created by concatenating $Q_{e},\;IV,\;\text{MAC},\;F_{e}$.
6. The payload is uploaded to the EFS. 8. The payload is uploaded to the EFS.
> [!info] Reminder
> The MAC in the payload $P$ at step 7 is a result of using AES-GCM-256, which is selected in ECIES implementation in the Rust crate we consume through ecies/rs-wasm package.

BIN
pdfs/crypto sysarch.pdf Normal file
View File

Binary file not shown.