-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
End-To-End Encryption: Custom Encryption Library #21144
Comments
High Level spec completed, opening for evaluation/discussion/implementation |
Hey! We @margelo are excited to get our hands dirty with this!! 💪 Are we assuming synchronous functions for everything, or should there also be async options? E.g. |
Thanks!! I think async might actually be the "default" behavior for all of the functions on the JS side, but I'll leave it up to you all to decide what would work better with our current App design 🙏 |
I think we should add both options, but maybe async should be default and the sync one should be suffixed with |
Makes sense! It would be interesting to benchmark things to compare- I'd imagine some of the functions would be much, much slower when compiled to |
Just porting over these comments from slack ... it sounds like we've agreed that we should use WebAssembly for web instead of asm.js So that means we'll use C/C++ and JSI on native and C/C++ and WebAssembly on web |
Also, have we agreed on which Kyber implementation we'll use? Are we using the reference implementation? Interestingly, there's a Rust implementation that says:
We might be able to use that w/ bindings from Rust -> C -> JSI (example), but it would probably be easier to compile another C/C++ based library for wasm |
The reference implementation works, but it's done in a way to allow for easy testing/NIST evaluation. There's also https://github.com/PQClean/PQClean , which organizes Kyber and other encryption algorithms to have a standardized interface (for testing, library making, etc.), so it would be good to refer to that implementation as well. |
@roryabraham Sure, lemme talk to my team! :) |
@robertjchen @roryabraham i'm gonna start working on implementing the encryption library now! Gonna keep u updated here and on Slack! 👍🚀 |
Awesome, please keep us posted on the details! |
Great! That should work for our purposes, thanks 🙌
That makes sense to me- however, the only pitfall I can think of is that you don't know if the person sending you the Without introducing a new algo, I think what we can do is add on another piece of data to prove The sender would use their own private Kyber key to generate a new Using The receiver would get a signature composed of the following: Signature =
That should be enough to verify message authenticity and serve as a signature mechanism. If either RSA or Kyber was broken one of those above checks would fail, ensuring safety. What are your thoughts on that approach? 🙏 |
The problem here is, that we can't use the Kyber private key for encapsulating a key. It's only working in the opposite direction. That's why Kyber is fundamentally not designed for signing and verifying, that's what say Dillithium is for. The proposal seems very logical, but i don't think we can achieve this with Kyber... |
Ah that makes sense! It looks like it's a one-way operation and only for key exchange 😞 |
In that case, let's move forward with just plain encryption for now without signatures. 👍 (The server would be the one to ensure proper identity- certain classes of attacks would be feasible but could be mitigated by user awareness and other protections elsewhere in the stack. It's always a tradeoff between complexity and security and we're already made those choices for the sake of usability so I don't think we'll miss this aspect too much 😅 ) |
Got it! 👍 So all of the encryption functionality is already working and we should be ready to either publish it to some (private) package registry or use it directly through git. The only thing i'm currently still working on is using the |
Awesome, can't wait to see the |
Giving a brief update on the WebAssembly journey here... The WebAssembly process on web principally consists of 3 parts:
Steps 2 and 3 are already done and working. I created compilation scripts for compiling the library as well as compiling a local Since WebAssembly relies on C++ code to be compiled with the Emscripten toolchain, we have to compile OpenSSL ourself, since there are no working pre-compiled binaries. Also, we want to ensure, that we're using the original library for security reasons. I've had some major breakthroughs in this process yesterday and i'm currently fixing some memory allocation problems, when it comes to using RSA from the OpenSSL library. Other than that, everything should be done 👍 I'm hoping to finish this by the end of the week. |
@chrispader Great work! Let us know how it goes (if OpenSSL's complexity proves a bit too much, maybe we could consider just using the basic raw reference C implementations for RSA/AES, especially since we're just using a small part of OpenSSL?) |
@chrispader any update here? |
Yes! Just made the library completely work with WebAssembly for the first time 🥳🥳🥳 There are some quirks and some weird stuff going on when compiling WebAssembly, i'd like to investigate and then document, so the whole build process is clear 👍 |
I added a PR/branch for testing the WebAssembly library: #30146 This PR also introduces a |
Awesome work! Can't wait to try this out locally and see what the numbers are like: #30341 |
Update: Ongoing work in #30146 |
Looking forward to hardware benchmarks, next steps discussion/planning in progress. |
Hardware benchmarks posted. Ongoing discussion on next steps! |
Given that the library itself is completed, I think we can close this out for now! 🎉🎉 We'll sync on the main issue on next steps and create new issues from there. Great job @chrispader ! 🙇 |
Thanks and wuhuu! 🚀🎉 |
Are we still thinking about adding signing and verifying functionality with Dillithium? |
Great q, I think we'll still need it down the line 🤔 We'll see how things pan out in planning now that the priorities are clear |
cc: Margelo
Please implement a custom encryption library to be used as part of the new End to End Encryption feature in the App.
Namely, it will provide symmetric (AES) and asymmetric (RSA4096 + Kyber1024) encryption functions to be used by the App as well as in the backend.
Please refer to the planning doc for additional context!
Considerations
wasm
binary for direct use in the Web client.Proposed Interface
// synchronous mockup, but final solution may be asynchronous as well 👍
KEMGenKeys()
- return a JSON object in the format of:For the following functions, the
pubKeys
andprivKeys
arguments should be provided in JSON format:KEMEncrypt(pubKeys, dataString)
- encrypts a given stringRSA4096_Encrypt(Kyber1024_Encrypt(dataString))
given the pubKey set (input string should be padded behind the scenes if necessary, etc.). ThepubKeyHash
should be a hash of the two public keys combined. The result is the raw encrypted string in base64 format (note that this is directly encrypted by RSA4096 + Kyber1024, not AES!)KEMDecrypt(privKeys, dataString)
- decrypts a given string given the privKey set (input string should be padded behind the scenes if necessary, etc.)KEMSign(privKeys, dataString)
- signs a given string given the privKey set (see doc for additional implementation notes)KEMVerify(pubKeys, dataString)
- verifies the signature of a given data string given the pubKey setAESDecrypt(iv, key, data)
// simple symmetric encryption w/ AES-GCMAESEncrypt(iv, key, data)
// simple symmetric encryption w/ AES-GCMThe text was updated successfully, but these errors were encountered: