NET - Make research on encryption

[wkargul]

Why:

• we want to have secure connections

What:

• research protocol changees that have to be made
• make changes being backward compatible

[nieznanysprawiciel]

Solution:

• Protocol messages aren't encrypted, they are only signed (they reveal mainly public information)
• Forward messages (Payload) are encrypted using symmetric encryption
• Symmetric key will be generated using private/public key pair
• Both reliable and unreliable forwarding is encrypted

P2P encryption:

• Initiating Node sends encryption flag
• Receiver should follow with the same flag, if he supports encryption
• If Receiver doesn't send encryption flag, communication won't be encrypted
• Nodes are using session key generated from public/private key pair (doesn't require explicit key exchange)

Relay forwarding encryption (end-to-end encryption):

• Node encrypts messages, if target Node has encryption algorithm specified in Node Info returned from server
• Nodes are using session key generated from public/private key pair (doesn't require explicit key exchange)
  • No need for additional initialization protocol between Nodes
• Node knows if it should decrypt message, because of encryption flag set in Forward packet
  • which algorithm should it use?? - In the first release: algorithm declared on relay server

Changes:

• Add encryption flag in Session message
• We should include encryption algorithm field (Can be added later)
• Extend Node information with encryption info (supports or not, algorithm)
  • We should use list of possible algorithms in the future
• Adjust UDP max packets size, since encrypted data will be longer (can be added later)
• Forward packet should contain flag, when it's encrypted

Compatibility considerations:

• First few releases introducing encryption should always propose encryption and omit it only if other Node is unable to decrypt
• After few releases Nodes should require encryption and won't talk with Nodes not using it
• In the future we need to think, how can we change or negotiate encryption algorithm between newer and older Nodes

[jiivan]

👍

I would add explicit information whether information forwarded by relay/repeater is end-to-end encrypted. If only one node supports encryption, we could introduce partial encryption only on node <-> relay path.

Also special care should be taken to handle change of size of packet before and after encryption. (Would encrypted data be longer than unencrypted? Will it still fit within packet limits?)

[nieznanysprawiciel]

I would add explicit information whether information forwarded by relay/repeater is end-to-end encrypted.

Edited

If only one node supports encryption, we could introduce partial encryption only on node <-> relay path.

Supporting both versions isn't a goal. We expect that at some point all Nodes will update yagna and whole communication will be encrypted. This solution is only for transitional period

size of packet before and after encryption

Already included: Adjust UDP max packets size

[mfranciszkiewicz]

The possible encryption scheme set is limited to those relying on a derived shared secret. We should either:

• allow exchanging extra session information (e.g. Diffie-Hellman key exchange)
• decide on only supporting derived secret-based algorithms

[nieznanysprawiciel]

The possible encryption scheme set is limited to those relying on a derived shared secret. We should either:

* allow exchanging extra session information (e.g. Diffie-Hellman key exchange)

* decide on only supporting derived secret-based algorithms

We will rely only on secret-based algorithm at this point