From e3bd8d4f6680f26ac8140ea063f225d55548e0fa Mon Sep 17 00:00:00 2001 From: Oskar Thoren Date: Fri, 12 Jul 2019 11:27:42 +0800 Subject: [PATCH] Modify trust establishment based on Corey's draft https://notes.status.im/DxjyZ4RUTbm-GeUD9yQhCw?view --- x5.md | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 1 deletion(-) diff --git a/x5.md b/x5.md index 23a554f..fab00ad 100644 --- a/x5.md +++ b/x5.md @@ -8,7 +8,118 @@ created: 2019-04-18 updated: --- -# Introduction +# Trust Establishment Protocol Specification Draft +## Inspiration +- https://datprotocol.github.io/how-dat-works/ +- + +:::info +**Trust establishment deals with users verifying they are communicating with who they think they are.** +::: + +## Terms Glossary +| term | description | +| ---- | ----------- | +| privkey | ECDSA secp256k1 private key | +| pubkey | ECDSA secp256k1 public key | +| whisper key | pubkey for chat with HD derivation path m/44'/60'/0'/0/0 | + + +## Information Gathering Notes +:::danger +how do we identify nodes (mailservers/bootnodes/etc) +::: +possible connections +- client - client (not really ever, this is facilitated through all other connections) + - personal chat + - ratcheted with X3DH + - private group chat + - public chat +- client - mailserver (statusd + ???) + - a mailserver identifies itself by ??? +- client - whisper node (statusd) + - a node identifies itself by ??? +- client - bootnode (geth) + - a bootnode identifies itself by ??? +- client - ENS registry (ethereum blockchain -> default to infura) +- client - Ethereum RPC (custom geth RPC API -> default to infura API) +- client - IPFS (Status hosted IPFS gateway -> defaults to ???) + +A user in the system is a public-private key pair using the Elliptic-Curve Cryptography secp256k1 that Ethereum uses. +- A 3-word random name is derived from the public key using the following package + - + - This provides an associated human-readble fingerprint to the user's public key +- A user can optionally add additional layers on top of this keypair + - Chosen username + - ENS username + +All messages sent are encrypted with the public key of the destination and signed by the private key of the given user using the following scheme: +- private chat + - the message is encrypted with the public key of the intended user +- private group chat + - the message is pairwise encrypted with each of the public keys of the members of the private group, e.g. for a group of 6 members, 5 messages will be sent. +- public group chat + - the message is encrypted with the topic + +## Initial Trust Establishment Specification +### 1. Contact Discovery +#### 1.1 Public channels +- Public group channels in Status are a broadcast/subscription system. All public messages are encrypted with a symmetric key drived from the channel name, $K_{\text{pub,sym}}$, which is publicly known. +- A public group channel's symmetric key MUST creation must follow the [web3 API](https://web3js.readthedocs.io/en/1.0/web3-shh.html#generatesymkeyfrompassword)'s `web3.ssh.generateSymKeyFromPassword` function +- In order to post to a public group channel, a client MUST have a valid account created (as per section [Account Creation Specification](#Account-Creation) TODO: LINK THIS). +- In order to listen to a public group channel, a client must subscribe to the channel name. The sender of a message is derived from the message's signature. +- Discovery of channel names is not currently part of the protocol, and is typically done out of band. If a channel name is used that has not been used, it will be created. +- channel name specification: + - lower case alphanumeric + - no special characters excluding `-` + - TODO: other langauge characters + +#### 1.2 Private 1:1 messages +This can be done in a the following ways: +1. scanning a user generated QR code +1. discovery through the Status app +1. asyncronous X3DH key exchange +1. public key via public channel listening + - `status-react/src/status_im/contact_code/core.cljs` +1. contact codes +2. decentralized storage (not implemented) +3. whisper + +### 2. Initial Key Exchange + +#### Contact Request + +#### Bundles +- NOTE: cant seem to find bundle code on account generation +- An X3DH prekey bundle is defined as ([code(https://github.com/status-im/status-go/messaging/chat/protobuf/encryption.pb.go)]): + ``` + Identity // Identity key + SignedPreKeys // a map of installation id to array of signed prekeys by that installation id + Signature // Prekey signature + Timestamp // When the bundle was lasted created locally + XXX_NoUnkeyedLiteral // ??? + XXX_unrecognized // ??? + XXX_sizecache // ??? + ``` + - include BundleContainer??? +- a new bundle SHOULD be created at least every 12 hours +#### QR code +- A generated QR code should include a X3DH bundle set along with the contact code but I can't find the code to do so. + +### 4. Contact Verification +Once you have the information of a contact, the following can be used to verify that the key material is as it should be. +#### Identicon +A low-poly identicon is deterministically generated from the whisper chat public key. This can then be compared out of band to ensure the reciever's public key is the one you have locally. +#### 3 word pseudonym / whisper key fingerprint +Status generates a deterministic 3-word random pseudonym from the whisper chat public key. This pseudonym acts as a human readable fingerprint to the whisper chat public key. This name also shows when viewing a contact's public profile and in the chat UI. +- implementation: [gfycat](https://github.com/status-im/status-react/tree/develop/src/status_im/utils/gfycat) +#### ENS name +Status offers the ability to register a mapping of a human readable subdomain of `stateofus.eth` to their whisper chat public key. This registration is purchased (currently by staking 10 SNT) and stored on the Ethereum mainnet blockchain for public lookup. + +## Security Implications + + +# Previous stuff (introduction) ## Requirement