zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3657 Commits
183 Branches
291 MiB
Tree: aaa81092e7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'aaa81092e7'
${ noResults }
tendermint/docs/specification/secure-p2p.rst

80 lines
3.3 KiB
Raw Normal View History

docs: organize the specification
7 years ago
[docs/specification/secure-p2p] add a note about config
7 years ago
docs: clean a bunch of stuff up
7 years ago
docs: organize the specification
7 years ago
 
  1. Secure P2P

  2. ==========

  3. 

  4. The Tendermint p2p protocol uses an authenticated encryption scheme

  5. based on the `Station-to-Station

  6. Protocol <https://en.wikipedia.org/wiki/Station-to-Station_protocol>`__.

  7. The implementation uses

  8. `golang's <https://godoc.org/golang.org/x/crypto/nacl/box>`__ `nacl

  9. box <http://nacl.cr.yp.to/box.html>`__ for the actual authenticated

  10. encryption algorithm.

  11. 

  12. Each peer generates an ED25519 key-pair to use as a persistent

  13. (long-term) id.

  14. 

  15. When two peers establish a TCP connection, they first each generate an

  16. ephemeral ED25519 key-pair to use for this session, and send each other

  17. their respective ephemeral public keys. This happens in the clear.

  18. 

  19. They then each compute the shared secret. The shared secret is the

  20. multiplication of the peer's ephemeral private key by the other peer's

  21. ephemeral public key. The result is the same for both peers by the magic

  22. of `elliptic

  23. curves <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography>`__.

  24. The shared secret is used as the symmetric key for the encryption

  25. algorithm.

  26. 

  27. The two ephemeral public keys are sorted to establish a canonical order.

  28. Then a 24-byte nonce is generated by concatenating the public keys and

  29. hashing them with Ripemd160. Note Ripemd160 produces 20byte hashes, so

  30. the nonce ends with four 0s.

  31. 

  32. The nonce is used to seed the encryption - it is critical that the same

  33. nonce never be used twice with the same private key. For convenience,

  34. the last bit of the nonce is flipped, giving us two nonces: one for

  35. encrypting our own messages, one for decrypting our peer's. Which ever

  36. peer has the higher public key uses the "bit-flipped" nonce for

  37. encryption.

  38. 

  39. Now, a challenge is generated by concatenating the ephemeral public keys

  40. and taking the SHA256 hash.

  41. 

  42. Each peer signs the challenge with their persistent private key, and

  43. sends the other peer an AuthSigMsg, containing their persistent public

  44. key and the signature. On receiving an AuthSigMsg, the peer verifies the

  45. signature.

  46. 

  47. The peers are now authenticated.

  48. 

  49. All future communications can now be encrypted using the shared secret

  50. and the generated nonces, where each nonce is incremented by one each

  51. time it is used. The communications maintain Perfect Forward Secrecy, as

  52. the persistent key pair was not used for generating secrets - only for

  53. authenticating.

  54. 

  55. Caveat

  56. ------

  57. 

  58. This system is still vulnerable to a Man-In-The-Middle attack if the

  59. persistent public key of the remote node is not known in advance. The

  60. only way to mitigate this is with a public key authentication system,

  61. such as the Web-of-Trust or Certificate Authorities. In our case, we can

  62. use the blockchain itself as a certificate authority to ensure that we

  63. are connected to at least one validator.

  64. 

  65. Config

  66. ------

  67. 

  68. Authenticated encryption is enabled by default. If you wish to use another

  69. authentication scheme or your peers are connected via VPN, you can turn it off

  70. by setting ``auth_enc`` to ``false`` in the config file.

  71. 

  72. Additional Reading

  73. ------------------

  74. 

  75. -  `Implementation <https://github.com/tendermint/go-p2p/blob/master/secret_connection.go#L49>`__

  76. -  `Original STS paper by Whitfield Diffie, Paul C. van Oorschot and

  77.    Michael J.

  78.    Wiener <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.216.6107&rep=rep1&type=pdf>`__

  79. -  `Further work on secret

  80.    handshakes <https://dominictarr.github.io/secret-handshake-paper/shs.pdf>`__