Difference between revisions of "Cryptographic and Network Primitives"
LordVetinari (talk | contribs) Tag: Reverted |
|||
Line 110: | Line 110: | ||
Each validator generates four sessions keys that are used during xx chain operations to sign different messages. If a Node operator loses their session keys, they can generate new ones. | Each validator generates four sessions keys that are used during xx chain operations to sign different messages. If a Node operator loses their session keys, they can generate new ones. | ||
To learn more, refer to the [https://substrate. | To learn more, refer to the [https://docs.substrate.io/main-docs/fundamentals/accounts-addresses-keys/ Substrate documentation]. | ||
== Gensis Block Hash == | == Gensis Block Hash == |
Revision as of 22:58, 28 July 2022
There are various cryptographic primitives used in the xx network; some are provided by the xx network and some are generated by the Node operator.
Primitives Provided by xx network
The following primitives are provided to you by the xx network as downloads from public repositories.
Scheduling TLS Certificate | Provided inside the tarball | A TLS certificate is provided to be used to identify the Scheduling server. |
---|---|---|
Scheduling Server Address | Provided inside the tarball | The DNS address of the Scheduling server is pre-populated inside the YAML files for Node and Gateway. |
Wrapper Script Bucket Address | Provided inside the tarball | The IP address the Wrapper Script uses to update the binaries. It is pre-populated in the Wrapper Script. |
Log Bucket Address | Provided inside the tarball | The IP address the Wrapper Script uses to upload logs to. It is pre-populated in the Wrapper Script. |
cMix Cyclic Group | Provided as part of the NDF on initial registration | The cMix cyclic group is the modulo cyclic group in which cMix operations are conducted. At launch, this will be defined by a 2048-bit strong and safe prime with a generator of 2. |
E2E Cyclic Group | Provided as part of the NDF on initial registration | The E2E cyclic group is the modulo cyclic group in which end-to-end encryption operations by clients will be conducted. At launch, this will be defined by a 3192-bit strong and safe prime with a generator of 2. |
Genesis Block | Provided inside the xx chain binary | The genesis block contains all the initial information for the network. |
Primitives Created by the Node Operator
The following primitives are generated before and during the initial registration of the Node. More details about generation can be found in Generate Identity Information.
TLS Credentials
The TLS credentials are generated as X.509, SHA-256, RSA 4096-bits, and are recommended to last 730 days (2 years). The generated credentials include:
- cMix TLS certificate
- cMix private key
- Gateway TLS certificate
- Gateway private key
ID File (IDF)
IDs are 264 bits and consist of a 256-bit hash (BLAKE2b) of a salt and the RSA public key from the Node’s TLS certificate appended with 8 bits that describe the ID type.
ID = Hash(Node_PubKey, Salt) + TYPE
Due to the construction of the ID, the ownership of the ID can be proved under RSA’s cryptographic assumptions. Furthermore, due to the hash, IDs are unpredictably generated in a large sparse space, so it is overwhelmingly improbable that independently generated IDs will ever collide, so no central checking of ID generation is necessary.
The last byte of the ID is a type byte that describes what type of entity it belongs to. The options for type are:
Type | Hex | Note |
---|---|---|
Generic | 0x00 | Used for one-off entities such as the Permissioning server |
Gateway | 0x01 | Used for Gateways |
Node | 0x02 | Used for cMix Nodes |
User | 0x03 | Used for clients on the network |
Group | 0x04 | Used for each group chat |
On the first run, cMix automatically generates the ID and saves it to a JSON file with the following structure.
{
"id": "4YtvGZrivai2EIZew8OOOE1YtYW/LvzhooDyAVp6yxQC",
|
The ID of cMix or Gateway presented as a base 64 encoded string. |
"type": "node",
|
The type of ID is shown here for readability. |
"salt": [155, 19, 124, 4, 101, 32, 154, 84, 32, 100, 8, 236, 220, 228, 161, 237, 62, 124, 81, 33, 164, 69, 10, 20, 59, 209, 181, 157, 250, 186, 67, 247],
|
The salt used to generate the ID. |
"idBytes": [225, 139, 111, 25, 154, 226, 189, 168, 182, 16, 134, 94, 195, 195, 142, 56, 77, 88, 181, 133, 191, 46, 252, 225, 162, 128, 242, 1, 90, 122, 203, 20, 2],
|
The ID of cMix or Gateway presented as an array of bytes. |
"hexNodeID": "0xe18b6f199ae2bda8b610865ec3c38e384d58b585bf2efce1a280f2015a7acb14",
}
|
The ID of cMix or Gateway presented as a hexadecimal number. |
Wallet Mnemonic and Address
Each wallet you generate will have two mnemonics (quantum secure and regular) and an address. The mnemonic phrase is an easier way for users to generate their private key. Each mnemonic phrase consists of 24 words. Refer to the sleeve repository to learn more.
The wallet address is a base 58 encoding of the public key for the wallet.
Session Keys
Each validator generates four sessions keys that are used during xx chain operations to sign different messages. If a Node operator loses their session keys, they can generate new ones.
To learn more, refer to the Substrate documentation.
Gensis Block Hash
The BLAKE2 hash for the gensis block is shown below.
0x895af51ef894d3b96df443714028c4f72f86ba929ae9530f689ebe212d87082f