RFC 0019: Are the additional layers of encryption relevant for security or (only) privacy?

[SvenHammann90]

Dear Hyperledger-Aries and broader SSI Community,

I hope this is an appropriate place to reach out to you.

I am a PhD student interested in formal verification of security protocols, in particular relating to identity. I have been following the SSI work for a while. I believe that it is very promising, and I have become interested in contributing. I have started thinking if and how formal verification could help achieve desired security properties for agent-to-agent communication protocols (built on DIDComm).

As a first step, I am trying to better understand where cryptography is applied to achieve which security goals, which brings me to my question:

As described in RFC0019, it looks like an encryption layer is added in each routing step. For example, when, in 1 --> 2 --> 8 --> 9 --> 3 --> 4, 2 encrypts the message (anonycrypt) with 8's public key. It seems to be that for security, the innermost encryption layer (with 4's public key) would be sufficient. Are the additional encryption layers done for privacy purposes only (such that e.g. 8 only knows it should forward to 9 but does not know that the final recipient will be 4)? I see why this can be important, I just wonder whether it is also important for confidentiality and integrity of the message itself.

Thank you,
Sven

P.S: In general, what would you recommend I do to get involved in the community? I consider going to RWOT in September, are there other important events or similar coming up?

[kdenhartog]

The main benefit is for the purposes of privacy as you've pointed out. The confidentiality and integrity are covered with a single encryption round. The majority of cryptography is contained within this pack/unpack APIs and RFC 0066 ( #41 ). This has been chosen to try and abstract the security of the protocols from the semantics of the protocols. Getting formal security analysis on this work would be great in terms of credibility of the system.

As for participation in the community using the RFCs repository is one of the major methods. Additionally, participating on https://chat.hyperledger.org/channel/aries and calls on Wednesday weekly at 7PM UTC.

As for events, RWOT is an excellent event to attend. It's a great way to get involved with the community and push the efforts of the community forward with a peer collaborative environment. The other great event to attend Bi-annually is the Internet Identity Workshop.

[SvenHammann90]

Hello kdenhartog,

Thanks a lot for your quick response. Maybe it would help others that are confused about the purpose of the nested encryptions to clarify this (e.g., in RFC 0019)?

Thank you also for the pointers regarding the community. I saw that RWOT sign-up is now available. I do plan to attend, and also plan on writing a topic paper about formal methods / protocol verification and how I believe it could be useful for the SSI universe.

[dhh1128]

@SvenHammann90 I agree with Kyle's answer, but I wanted to give a slightly different explanation as a supplement. Each encryption produces two pieces of data -- the encrypted bytes, plus metadata that includes the public key(s) of the recipient(s). When you re-encrypt, what you are really protecting is the metadata from the previous encryption pass. The main reason to do this is, as both you and Kyle have said, to preserve privacy.

[TelegramSam]

Closed as discussed in Aries WG Call 2019-11-13