aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpukkamustard <pukkamustard@posteo.net>2020-10-23 10:32:05 +0200
committerpukkamustard <pukkamustard@posteo.net>2020-10-23 10:32:05 +0200
commit25986f98d606f3b0980bfc5f7da54cd3877ce373 (patch)
tree6f3e54152adc0fdd2c1fce269dd275fcaeee4712
parent9d13a9678c45a530972da3182683ce74e5c90656 (diff)
eris.adoc: ellaborate on cryptographic primitives
-rw-r--r--doc/eris.adoc26
-rw-r--r--public/index.html52
2 files changed, 64 insertions, 14 deletions
diff --git a/doc/eris.adoc b/doc/eris.adoc
index b4d1607..b208423 100644
--- a/doc/eris.adoc
+++ b/doc/eris.adoc
@@ -72,11 +72,29 @@ TODO a glossary of terms used.
=== Cryptographic Primitives
-The cryptographic primitives used by ERIS are:
+The cryptographic primitives used by ERIS are a cryptographic hash funciton, a symmetric key cipher and a padding algorithm. The hash function and cipher are readily available in open-source libraries such as https://github.com/jedisct1/libsodium[libsodium] or https://monocypher.org/[Monocypher]. The padding algorithm can be implemented with reasonable effort.
-Cryptographic hash function :: Blake2b <<RFC7693>> with output size of 256 bit (32 byte).
-Symmetric Key Cipher :: ChaCha20 (IETF variant) <<RFC8439>>.
-Padding algorithm :: According to ISO/IEC 7816-4.
+==== Cryptographic Hash Function
+
+Blake2b <<RFC7693>> with output size of 256 bit (32 byte). We use the keying feature and refer to the key used for keying Blake2b as the _hashing key_.
+
+Provides the functions `Blake2b-256(INPUT,HASHING-KEY)` for keyed hashing and `Blake2b-256(INPUT)` for unkeyed hashing.
+
+==== Symmetric Key Cipher
+ChaCha20 (IETF variant) <<RFC8439>>. Provides `ChaCha20(INPUT, KEY)`, where `INPUT` is an arbirtarty length byte sequence and `KEY` is the 256 bit encryption key. The output is the encrypted byte sequence.
+
+The 32 bit initial counter as well as the 96 bit nonce are set to 0. We can safely use the zero nonce as we never reuse a key.
+
+Decryption is done with the same function where `INPUT` is the encrypted byte sequence.
+
+==== Padding Algorithm
+
+We use a byte padding scheme to ensure that input content size is a multiple of a block size. Provides following functions:
+
+`PAD(INPUT,BLOCK-SIZE)` :: For `INPUT` of size `n` adds a mandatory byte valued `0x80` (hexadecimal) to `INPUT` followed by `m < BLOCK-SIZE - 1` bytes valued `0x00` such that `n + m + 1` is a multiple of `BLOCK-SIZE`.
+`UNPAD(INPUT,BLOCK-SIZE)` :: Starts reading bytes from the end of `INPUT` until a `0x80` is read and then returns bytes of `INPUT` before the `0x80`. Throws an error if a value other than `0x00` is read before reading `0x80` or if no `0x80` is read after reading `BLOCK-SIZE - 1` bytes from the end.
+
+This is the padding algorithm implemented in https://libsodium.gitbook.io/doc/padding[libsodium]footnote:[Also as apparently specified in ISO/IEC 7816-4, which however is not openly available. Fuck you ISO.].
=== Block Size
diff --git a/public/index.html b/public/index.html
index 4533c0e..e01c65a 100644
--- a/public/index.html
+++ b/public/index.html
@@ -618,24 +618,50 @@ The Encoding for Robust Immutable Storage (ERIS) is an encoding of arbitrary con
<div class="sect2">
<h3 id="_cryptographic_primitives"><a class="anchor" href="#_cryptographic_primitives"></a>2.1. Cryptographic Primitives</h3>
<div class="paragraph">
-<p>The cryptographic primitives used by ERIS are:</p>
+<p>The cryptographic primitives used by ERIS are a cryptographic hash funciton, a symmetric key cipher and a padding algorithm. The hash function and cipher are readily available in open-source libraries such as <a href="https://github.com/jedisct1/libsodium">libsodium</a> or <a href="https://monocypher.org/">Monocypher</a>. The padding algorithm can be implemented with reasonable effort.</p>
+</div>
+<div class="sect3">
+<h4 id="_cryptographic_hash_function"><a class="anchor" href="#_cryptographic_hash_function"></a>2.1.1. Cryptographic Hash Function</h4>
+<div class="paragraph">
+<p>Blake2b <a href="#RFC7693">[RFC7693]</a> with output size of 256 bit (32 byte). We use the keying feature and refer to the key used for keying Blake2b as the <em>hashing key</em>.</p>
+</div>
+<div class="paragraph">
+<p>Provides the functions <code>Blake2b-256(INPUT,HASHING-KEY)</code> for keyed hashing and <code>Blake2b-256(INPUT)</code> for unkeyed hashing.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_symmetric_key_cipher"><a class="anchor" href="#_symmetric_key_cipher"></a>2.1.2. Symmetric Key Cipher</h4>
+<div class="paragraph">
+<p>ChaCha20 (IETF variant) <a href="#RFC8439">[RFC8439]</a>. Provides <code>ChaCha20(INPUT, KEY)</code>, where <code>INPUT</code> is an arbirtarty length byte sequence and <code>KEY</code> is the 256 bit encryption key. The output is the encrypted byte sequence.</p>
+</div>
+<div class="paragraph">
+<p>The 32 bit initial counter as well as the 96 bit nonce are set to 0. We can safely use the zero nonce as we never reuse a key.</p>
+</div>
+<div class="paragraph">
+<p>Decryption is done with the same function where <code>INPUT</code> is the encrypted byte sequence.</p>
+</div>
+</div>
+<div class="sect3">
+<h4 id="_padding_algorithm"><a class="anchor" href="#_padding_algorithm"></a>2.1.3. Padding Algorithm</h4>
+<div class="paragraph">
+<p>We use a byte padding scheme to ensure that input content size is a multiple of a block size. Provides following functions:</p>
</div>
<div class="dlist">
<dl>
-<dt class="hdlist1">Cryptographic hash function </dt>
-<dd>
-<p>Blake2b <a href="#RFC7693">[RFC7693]</a> with output size of 256 bit (32 byte).</p>
-</dd>
-<dt class="hdlist1">Symmetric Key Cipher </dt>
+<dt class="hdlist1"><code>PAD(INPUT,BLOCK-SIZE)</code> </dt>
<dd>
-<p>ChaCha20 (IETF variant) <a href="#RFC8439">[RFC8439]</a>.</p>
+<p>For <code>INPUT</code> of size <code>n</code> adds a mandatory byte valued <code>0x80</code> (hexadecimal) to <code>INPUT</code> followed by <code>m &lt; BLOCK-SIZE - 1</code> bytes valued <code>0x00</code> such that <code>n + m + 1</code> is a multiple of <code>BLOCK-SIZE</code>.</p>
</dd>
-<dt class="hdlist1">Padding algorithm </dt>
+<dt class="hdlist1"><code>UNPAD(INPUT,BLOCK-SIZE)</code> </dt>
<dd>
-<p>According to ISO/IEC 7816-4.</p>
+<p>Starts reading bytes from the end of <code>INPUT</code> until a <code>0x80</code> is read and then returns bytes of <code>INPUT</code> before the <code>0x80</code>. Throws an error if a value other than <code>0x00</code> is read before reading <code>0x80</code> or if no <code>0x80</code> is read after reading <code>BLOCK-SIZE - 1</code> bytes from the end.</p>
</dd>
</dl>
</div>
+<div class="paragraph">
+<p>This is the padding algorithm implemented in <a href="https://libsodium.gitbook.io/doc/padding">libsodium</a><sup class="footnote">[<a id="_footnoteref_1" class="footnote" href="#_footnotedef_1" title="View footnote.">1</a>]</sup>.</p>
+</div>
+</div>
</div>
<div class="sect2">
<h3 id="_block_size"><a class="anchor" href="#_block_size"></a>2.2. Block Size</h3>
@@ -1324,9 +1350,15 @@ The constructed tree of nodes containing reference-key pairs is called a Merkle
</div>
</div>
</div>
+<div id="footnotes">
+<hr>
+<div class="footnote" id="_footnotedef_1">
+<a href="#_footnoteref_1">1</a>. Also as apparently specified in ISO/IEC 7816-4, which however is not openly available. Fuck you ISO.
+</div>
+</div>
<div id="footer">
<div id="footer-text">
-Last updated 2020-10-22 17:26:34 +0200
+Last updated 2020-10-23 10:29:58 +0200
</div>
</div>
</body>