Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add encryption/authentication #179

Open
conradoplg opened this issue Mar 22, 2024 · 0 comments · May be fixed by #336
Open

Add encryption/authentication #179

conradoplg opened this issue Mar 22, 2024 · 0 comments · May be fixed by #336
Assignees

Comments

@conradoplg
Copy link
Contributor

conradoplg commented Mar 22, 2024

The server is not currently secure because it does not encrypt nor authenticate data.

There are multiple requirements here:

  • Messages must be authenticated. While FROST does not strictly require this, it makes things easier.
  • Messages must be encrypted. Zcash transaction information is confidential and only the selected participants in a signing session should have access to them. This entails symmetric-key authentication, which is not the same as above; it can be done by simply using authenticated encryption.

This will likely interact with #178

There are many ways of accomplishing this. Some ideas:

  • Allow users to register public keys in their server accounts. Users can then use the key pairs to carry out encryption, e.g. each participant encrypts each message sent to other participant's using their public keys. They could also sign messages to authenticate them.
  • The server could be malicious and change user's public keys, so this would need a figerprinting mechanism like Signal
  • For encryption we could use something static like age (how to handle signing though?) or something dynamic like snow. The latter might be trickier, and might require the server to be more "dumb" and simply acts a proxy of sorts between coordinator and participants. Needs some study.
@conradoplg conradoplg changed the title Encryption/Authentication Add encryption/authentication Mar 22, 2024
@mpguerra mpguerra moved this to Product Backlog in FROST Apr 23, 2024
@mpguerra mpguerra moved this from Product Backlog to Sprint Backlog in FROST Sep 2, 2024
@mpguerra mpguerra moved this from Sprint Backlog to In Progress in FROST Sep 2, 2024
@conradoplg conradoplg linked a pull request Oct 10, 2024 that will close this issue
@mpguerra mpguerra linked a pull request Oct 12, 2024 that will close this issue
@mpguerra mpguerra moved this from In Progress to Review/QA in FROST Oct 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Review/QA
Development

Successfully merging a pull request may close this issue.

2 participants