WIP: keyfork-shard: limit size of encrypted payload, can fit at max a 256 bit shard

ryan commented

2024-02-10 05:46:06 +00:00

Owner

This change is backwards-incompatible and will require a version bump, but knocks 9 words off of the remote hunk. That space can be reclaimed by moving the nonce from the combiner payload to the operator payload.

Side note: combiner payload does not have a hunk version. That should be remedied in the same change. It will take four bytes.

This change is backwards-incompatible and will require a version bump, but knocks 9 words off of the remote hunk. That space can be reclaimed by moving the nonce from the combiner payload to the operator payload. Side note: combiner payload does _not_ have a hunk version. That should be remedied in the same change. It will take four bytes.

ryan added 1 commit 2024-02-10 05:46:07 +00:00

af230f55df

keyfork-shard: limit size of encrypted payload, can fit at max a 256 bit shard

ryan changed title from ~~keyfork-shard: limit size of encrypted payload, can fit at max a 256 bit shard~~ to WIP: keyfork-shard: limit size of encrypted payload, can fit at max a 256 bit shard

2024-02-10 05:46:33 +00:00

ryan commented

2024-02-10 05:46:45 +00:00

Author

Owner

Waiting on confirmation of moving nonce.

ryan commented

2024-02-24 22:49:57 +00:00

Author

Owner

note: nonce is sent over an assumed authenticated channel, tampering with the nonce is not considered an option, and if someone can send an invalid nonce over the authenticated channel, they can also just initialize their own decrypt request. nonce tampering only becomes an issue with authenticated requests (see: #23, #24). once that's done, authenticated payloads will look like the following:

1-byte version number: 0x01
1-byte is-authenticated flag: 0x01
2-byte padding
32-byte ephemeral public key
8-byte timestamp: std::time::SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs()
64-byte signature(ephemeral public key || timestamp)

Total payload is 81 words and should be encoded all at once.

Unauthenticated payloads will look like the following:

1-byte version number: 0x01
1-byte is-authenticated flag: 0x00
2-byte padding
32-byte ephemeral public key

Total payload is 27 words and should be encoded all at once.

Payload from the client will be:

32-byte public key
12-byte nonce
52-byte payload

Total payload is 72 words and should be encoded all at once.

The size decrease of the payload is now negated by the nonce, but in exchange authenticated payloads become possible and unauthenticated payloads are reduced to 27 words instead of 33 words.

note: nonce is sent over an assumed authenticated channel, tampering with the nonce is not considered an option, and if someone can send an invalid nonce over the authenticated channel, they can also just initialize their own decrypt request. nonce tampering only becomes an issue with authenticated requests (see: #23, #24). once that's done, authenticated payloads will look like the following: 1-byte version number: 0x01 1-byte is-authenticated flag: 0x01 2-byte padding 32-byte ephemeral public key 8-byte timestamp: `std::time::SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs()` 64-byte signature(ephemeral public key || timestamp) Total payload is 81 words and should be encoded all at once. Unauthenticated payloads will look like the following: 1-byte version number: 0x01 1-byte is-authenticated flag: 0x00 2-byte padding 32-byte ephemeral public key Total payload is 27 words and should be encoded all at once. Payload from the client will be: 32-byte public key 12-byte nonce 52-byte payload Total payload is 72 words and should be encoded all at once. The size decrease of the payload is now negated by the nonce, but in exchange authenticated payloads become possible and unauthenticated payloads are reduced to 27 words instead of 33 words.

ryan commented

2024-02-24 22:53:36 +00:00

Author

Owner

Authentication of authenticated requests is not exclusive to enclaves and does not use enclave attestation. Enclave attestation can be added atop the existing framework to attest the public key used to verify the request. This assumes that, at some point, an authorized key is to be added to the shard payload file, likely as its own encrypted message.

Once this is implemented, keyfork-shard should also have some kind of repair-shardfile, which upgrades a shardfile from one version to the next. TODO: embed version in shardfile.

Authentication of authenticated requests is not exclusive to enclaves and does not use enclave attestation. Enclave attestation can be added atop the existing framework to attest the public key used to verify the request. This assumes that, at some point, an authorized key is to be added to the shard payload file, likely as its own encrypted message. Once this is implemented, keyfork-shard should also have some kind of `repair-shardfile`, which upgrades a shardfile from one version to the next. TODO: embed version in shardfile.

ryan referenced this pull request

2024-04-09 23:55:47 +00:00

Shard improvements #34

ryan commented

2024-08-11 21:49:42 +00:00

Author

Owner

no longer applicable, other PRs managed this better

ryan closed this pull request

2024-08-11 21:49:42 +00:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.

WIP: keyfork-shard: limit size of encrypted payload, can fit at max a 256 bit shard #26

Pull request closed