This is a repository containing an implementation of Diffie-Hellman Key Exchange payload messenging over blockchain.
Docker containers act as isolated user agents interacting with a Hardhat node running on the host device, sending and receiving data payloads.
Individual container endpoints exist for publishing and retrieving payloads (defined in /docker/app.ts
).
Payloads published on-chain by one container are received/listened-to by all other containers, but only the intended recipient of the container (designated by PARTNER_ADDRESS
in docker-compose.yml
) can decrypt the payload.
Files are uploaded via multiform data (using multer Express middleware), chunked to 1024 bytes (default), and sent in order to the recipient. The recipient then decrypts the payload and saves it to disk. Comments on this are elaborated-upon in UserAgent.ts
. Payloads can be verified by observing the uploads
directory of the sending container and the received
directory of the receiving container, as well as the logs.
- Make sure you have NodeJS, Hardhat, Foundry, and Docker installed. You should be able to run
npm
,npx hardhat
,forge
, anddocker
in your terminal.
# Install NPM dependencies
npm install
# Build Solidty contracts in ./src
forge build
# Optional: test Solidity contracts in ./test
forge test
# Build Hardhat artifacts from Forge
npx hardhat compile
# Run Hardhat node in one terminal
./hardhat.sh
# Run Docker sevices in another terminal
cd docker && ./docker.sh
Call locally-running Docker container endpoints as defined in app.ts
.
This is a proof-of-concept implementation of Diffie-Hellman Key Exchange over blockchain using Docker containers for full isolation. It is not currently intended for production use, as full files are sent and stored on-chain. Files themselves are encrypted using AES-256-CBC.
Kyber, a quantum-resistant cryptography scheme, is a potential future candidate for use to ensure that transmitted files/symlinks are not decrypted, even if the underlying blockchain is compromised.
In the future, symlinks to encrypted payloads can be sent instead of full files, and the data can be stored off-chain in a distributed file system (IPFS, etc.) for more efficient storage and communication. This way, egress of data can be measured in regulated environments. User agents defined here are done to simulate behaviour, and in real-world applications can be any arbitrary user agent (mobile, web, etc.).
MIT