🔒 Cryptography

[nichoth]

cryptography

• Everything you wanted to know about Elliptic Curve Cryptography — An excellent article from Fission once again
• Using Ed25519 signing keys for encryption

---

Using noble ECC packages for encrypt/decrypt.

• dajiaji/hpke-js + see docs
• x25519 encrypt/decrypt?
  • points to dhkem-x25519
• Equivalent of Sodium's crypto_box_seal

---

• Follow burrito.space on bluesky for updates about ECC in browsers

---

• Key to Simplicity: Squeezing the hassle out of encryption key recovery
• radical-edward — see maake-oob — mutually authenticating AKE with out-of-band parameters

---

Open MLS -- An open-source implementation of the Messaging Layer Security protocol (written in Rust)

• Cryptography Guidelines — Guidance on implementing cryptography as a developer.

ratchets

• Double ratchet algorithm: The ping-pong game encrypting Signal and WhatsApp — a nice video explanation
• matheus23/wnfs2/src/fs/data/private/spiralratchet.ts — implementation in ts
• see Brooklyn Zelenka Strange Loop talk about skip ratchet

double ratchet

Create a new key per message with a KDF. This creates "forward secrecy", meaning you can't get previous keys if you learn the current key.

Each time we send a message, we create a new keypair. We embed the public side in the message, and use the private side to do a Diffie-Hellman exchange with the recipient's most recent public key, creating a new secret key for this message.

see Sending the initial message

MLS

• Messaging layer security: Encrypting a group chat — youtube high-level explanation
• A giant leap forwards for encryption with MLS — matrix article about MLS

MLS provides a standard way for users of a messaging service to communicate securely without servers being able to eavesdrop on their conversations.

• A look at Matrix.org’s OLM | MEGOLM encryption protocol — see video

roughly compared the concept of matrix to how git works

• mlswg/mls-implementations — Coordination of implementation and interop specific details

wikipedia diffie hellman

It is also possible to use Diffie–Hellman as part of a public key infrastructure, allowing Bob to encrypt a message so that only Alice will be able to decrypt it, with no prior communication between them other than Bob having trusted knowledge of Alice's public key.

wikipedia double ratchet

the Double Ratchet Algorithm is a key management algorithm

It combines a cryptographic so-called "ratchet" based on the Diffie–Hellman key exchange (DH) and a ratchet based on a key derivation function (KDF), such as a hash function, and is therefore called a double ratchet

---

signal.org/blog/advanced-ratcheting

OTR takes things a step further by continuously ratcheting the key material forward during the course of a session.

Alice will use the advertised and acknowledged key the next time she sends a message.

---

End-to-End Encryption in the Browser

this is the premise of https://wormhole.app/ — put a private key after the # in the URL

[nichoth]

security

• Help Everyone Do Better Security

[nichoth]

node + webcrypto

• Storing keys in a non-extractable way — node can, at best "obfuscate" the key

[nichoth]

Streams for the Web Cryptography API

see also

• bicycle-codes/crypto-stream — streaming encryption implementation

[nichoth]

homomorphic encryption

• Country Lookup Example
• Private information retrieval using homomorphic encryption (explained from scratch)
• Private Message Exchange — Cool demo using homomorphic encryption
• blyssprivacy/sdk