Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secure p2p communication #329

Closed
Tracked by #326
itegulov opened this issue Oct 20, 2023 · 1 comment · Fixed by #354
Closed
Tracked by #326

Secure p2p communication #329

itegulov opened this issue Oct 20, 2023 · 1 comment · Fixed by #354
Assignees
Labels
Emerging Tech Emerging Tech flying formation at Pagoda Near BOS NEAR BOS team at Pagoda

Comments

@itegulov
Copy link
Contributor

Description

As per the security requirements of the protocol, communication between nodes should be private (i.e. the contents of communication between each pair of nodes cannot be open to any other party).

This means we need one of the two approaches explored below. Regardless of which one the assignee chooses, make sure to communicate your choice as it might impact other multichain efforts (extra state in the contract, networking etc).

(Option 1) Asymmetric cryptography

Each node manages one HPKE keypair and one EDDSA keypair to encrypt all outgoing messages and then sign them. Recommended libraries: ed25519-dalek and hpke-rs/rust-hpke

Theoretically, it is possible to use one key for both signing and encryption, but usually, it is not a good idea as it exposes us to many vectors of attacks. There is little reason to sacrifice that for the slight inconvenience of having to manage one more key.

Nodes have to make the two public keys known to everyone else, so it probably makes sense to put that information in the multichain consensus smart contract.

(Option 2) Symmetric cryptography

All pairs of nodes maintain a key for both the encryption of plaintext and the decryption of ciphertext. Meaning that each node has to manage $N - 1$ keys. Recommended library: AES-GCM.

I have not explored this option very well, but my layman's perspective is that you would use some sort of key-agreement protocol to establish a common symmetric-key cipher. You might have to redo the protocol each time the connection is severed.

@itegulov itegulov added Near BOS NEAR BOS team at Pagoda Emerging Tech Emerging Tech flying formation at Pagoda labels Oct 20, 2023
@ChaoticTempest
Copy link
Member

I believe option 1 is best, since the key-agreement protocol AFAIU would require us to do key-exchange over asymmetric cryptography anyways. The downside of redoing the protocol each time the connection gets severed makes option 1 preferred for stability, since adding extra complexity for key-agreement over storing the public keys on the contract doesn't seem worth it.

The only benefit of option 2 I see is being able to transmit large amounts of data more efficiently, but then I can see us just doing a hybrid version of this where we utilize option 1 as the key exchange, and then switch symmetric when it comes to larger messages that needs to be passed on later. In which case, option 2 is just an optimization and we can defer this to later

@github-project-automation github-project-automation bot moved this from Backlog to Done in Emerging Technologies Nov 24, 2023
@itegulov itegulov linked a pull request Nov 24, 2023 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Emerging Tech Emerging Tech flying formation at Pagoda Near BOS NEAR BOS team at Pagoda
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

2 participants