From 5fd1d7b6b3f3266fd7da730ec005cfa0cd95ef3a Mon Sep 17 00:00:00 2001 From: Corey Petty Date: Mon, 15 Jul 2019 16:20:32 -0400 Subject: [PATCH 1/2] changes to account spec to update X3DH --- x9.md | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/x9.md b/x9.md index b92591e..7507487 100644 --- a/x9.md +++ b/x9.md @@ -1,4 +1,4 @@ -# Status Account Creation and Maintenance Specification +# Status Account ## Summary @@ -16,37 +16,42 @@ Everything else associated with the contact is either verified or derived from t ### 1.1 Public/Private Keypairs - An ECDSA (secp256k1 curve) public/private keypair MUST be generated via a [BIP43](https://github.com/bitcoin/bips/blob/master/bip-0043.mediawiki) derived path from a [BIP39](https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) mnemonic seed phrase. - The default paths are defined as such: - - Whisper Chat Key ($IK$): `m/43'/60'/1581'/0'/0` (post Multiaccount integration) + - Whisper Chat Key (`IK`): `m/43'/60'/1581'/0'/0` (post Multiaccount integration) - following [EIP1581](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1581.md) - - DB encryption Key ($DBK$): `m/43'/60'/1581'/1'/0` (post Multiaccount integration) + - DB encryption Key (`DBK`): `m/43'/60'/1581'/1'/0` (post Multiaccount integration) - following [EIP1581](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-1581.md) - Status Wallet paths: `m/44'/60'/0'/0'/i` starting at `i=0` - following [BIP44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki) - NOTE: this (`i=0`) is also the current (and only) path for Whisper key before Multiaccount integration ### 1.2 X3DH Prekey bundle creation -- A client must create an amount of X3DH prekey bundles, each defined by the following items: - - Identity Key: $IK$ - - Signed prekey: $SPK$ - - Prekey signature: $Sig(IK, \text{Encode}(SPK)$) - - one-time prekey: $OPK$ (???? need this?) +- Status follows the X3DH prekey bundle scheme that Open Whisper Systems outlines [in their documentation](https://signal.org/docs/specifications/x3dh/#the-x3dh-protocol) with the following exceptions: + - Because there are no central servers, we do not publish one-time keys `OPK` or perform DH including them. +- A client MUST create X3DH prekey bundles, each defined by the following items: + - Identity Key: `IK` + - Signed prekey: `SPK` + - Prekey signature: `Sig(IK, Encode(SPK))` + - Timestamp +- These bundles are made available in a variety of ways, as defined in section 2.1. ## 2 Account Broadcasting - A user is responsible for broadcasting certain information publicly so that others may contact them. ### 2.1 X3DH Prekey bundles -- A client [MUST/SHOULD] regenerate a group of X3DH prekey bundles every 24 hours and broadcast them through the appropriate channels +- A client SHOULD regenerate a new X3DH prekey bundle every 24 hours. This MAY be done in a lazy way, such that a client that does not come online past this time period does not regenerate or broadcast bundles. +- The current bundle MUST be broadcast on a whisper topic specific to his Identity Key, `{IK}-contact-code`, intermittently. This MAY be done every 6 hours. +- A bundle MUST accompany every message sent. +- TODO: retreival of long-time offline users bundle via `{IK}-contact-code` ## 3 Optional Account additions ### 3.1 ENS Username -- A user MAY register a public username on the Ethereum Name System (ENS). This username is a user-chosen subdomain of the `stateofus.eth` ENS registration that maps to their whisper identity key ($IK$). - - TODO: verify if this is contact code or public key +- A user MAY register a public username on the Ethereum Name System (ENS). This username is a user-chosen subdomain of the `stateofus.eth` ENS registration that maps to their whisper identity key (`IK`). ### 3.2 User Chosen Name - An account MAY create a display name to replace the $IK$ generated 3-word pseudonym in chat screens. This chosen display name will become part of the publicly broadcasted profile of the account. ### 3.3 User Profile Picture -- An account MAY edit the $IK$ generated identicon with a chosen picture. This picture will become part of the publicly broadcasted profile of the account. +- An account MAY edit the `IK` generated identicon with a chosen picture. This picture will become part of the publicly broadcasted profile of the account. ### 3.4 Tribute to Talk - TODO - Couched until later From 8e1475a6dbb0836bb318f7143ba381a5c0128fa8 Mon Sep 17 00:00:00 2001 From: Corey Petty Date: Mon, 15 Jul 2019 16:30:40 -0400 Subject: [PATCH 2/2] WIP changes to trust establishment and x6 --- x6.md | 18 +++++++----------- x9.md | 3 +++ 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/x6.md b/x6.md index 399d016..af568bc 100644 --- a/x6.md +++ b/x6.md @@ -96,12 +96,7 @@ Types used in this specification are defined using [Protobuf](https://developers ### 1.5. User flow for 1-to-1 communications #### 1.5.1. Account generation - -Generating a user account in Status involves 3 steps: - -- Generation of a random seed, and the respective account; -- Generation of a X3DH bundle. This prekey bundle will become part of the user's contact code; -- Registration with Push Notification platform. +See [Account specification](./x9.md) #### 1.5.2. Account recovery @@ -137,19 +132,20 @@ Status uses the following cryptographic primitives: ### 2.2. Prekeys Every client initially generates some key material which is stored locally: -- Identity keypair based on secp256k1 - $IK$; -- A signed prekey based on secp256k1 - $SPK$; -- A prekey signature - Sig($IK$, Encode($SPK$)) +- Identity keypair based on secp256k1 - `IK` +- A signed prekey based on secp256k1 - `SPK` +- A prekey signature - `Sig(IK, Encode(SPK))` -TODO: Formatting is off here, not sure what this is supposed to be in Markdown. Assumes LaTeX? +More details can be found in section 1.2 of [Account specification](./x9.md) A `contact-code` is a protobuf `Bundle` message, encoded in `JSON` and converted to their `base64` string representation. -Prekey bundles are exchanged through QR codes, contact codes, 1:1 or public chat messages. *We will be updating this document with information about bundle exchange through [ENS](https://ens.domains/) and [Swarm](https://swarm-guide.readthedocs.io/en/latest/introduction.html) as work progresses and technologies become more usable.* +Prekey bundles are can be extracted from any user's messages, or found via searching for their specific contact code topic, `{IK}-contact-code`. TODO: See below on bundle retrieval, this seems like enhancement and parameter for recommendation ### 2.3. Bundle retrieval +TODO: Potentially move this completely over to [Trust Establishment](./x5.md) X3DH works by having client apps create and make available a bundle of prekeys (the X3DH bundle) that can later be requested by other interlocutors when they wish to start a conversation with a given user. diff --git a/x9.md b/x9.md index 7507487..cdfa418 100644 --- a/x9.md +++ b/x9.md @@ -34,6 +34,9 @@ Everything else associated with the contact is either verified or derived from t - Timestamp - These bundles are made available in a variety of ways, as defined in section 2.1. +### 1.3 Register at push notification system +- TODO: Add this. + ## 2 Account Broadcasting - A user is responsible for broadcasting certain information publicly so that others may contact them.