[taler-anastasis] branch master updated: modified crypto API

[gnunet]

This is an automated email from the git hooks/post-receive script.

dennis-neufeld pushed a commit to branch master
in repository anastasis.

The following commit(s) were added to refs/heads/master by this push:
     new 7cf406f  modified crypto API
     new 194d108  Merge branch 'master' of ssh://git.taler.net/anastasis
7cf406f is described below

commit 7cf406f2300a425b0a5a4a06675742bb7ee04605
Author: Dennis Neufeld <dennis.neufeld@students.bfh.ch>
AuthorDate: Thu Jun 11 09:44:11 2020 +0000

    modified crypto API
---
 doc/thesis/client_architecture.tex | 69 ++++++++++++++++++++++++++------------
 1 file changed, 48 insertions(+), 21 deletions(-)

diff --git a/doc/thesis/client_architecture.tex 
b/doc/thesis/client_architecture.tex
index 9c6e1e1..d6894eb 100644
--- a/doc/thesis/client_architecture.tex
+++ b/doc/thesis/client_architecture.tex
@@ -24,10 +24,9 @@ The most important data structures in the crypto API are the 
following:
 
 \begin{itemize}
   \item
-The kdf\_id is a hash code which was generated with Argon2. The
-entropy source is the user's unforgettable secret. The kdf\_id is used
+The kdf id is a hash code which was generated with Argon2. The
+entropy source is the user's unforgettable secret. The kdf id is used
 to create various key's, for more details see Chapter~\ref{chap:design}.
-
 \begin{lstlisting}
 struct kdf_id
 {
@@ -36,29 +35,57 @@ struct kdf_id
 \end{lstlisting}
 
 \item
-The private key is used to sign the data and check the signature later. It is 
a 256-bit eddsa private key. It is generated with the kdf\_id as entropy source.
+The account private key is used to sign the encrypted recovery document. It is 
a 256-bit eddsa private key. It is generated with the kdf id as entropy source.
+\begin{lstlisting}
+struct account_private_key
+{
+  eddsa_private_key;
+}
+\end{lstlisting}
+
+\item
+The account public key is used as the user identification on the different 
providers in case of uploaded encrypted recovery documents and is also used for 
verification of the signature of the encrypted recovery document. It is 
generated from the account private key.
+\begin{lstlisting}
+struct account_public_key
+{
+  eddsa_public_key;
+}
+\end{lstlisting}
+
+\item
+The truth seed is a randomly generated nonce with a size of 32 Bytes. It is 
used to derive a truth private key
+and is stored within an encrypted recovery document.
 \begin{lstlisting}
-struct private_key
+struct truth_seed
+{
+  nonce; //256Bit
+}
+\end{lstlisting}
+
+\item
+The truth private key is used to sign the encrypted key share and the 
encrypted authentication data. It is a 256-bit eddsa private key. It is 
generated with the truth seed as entropy source.
+\begin{lstlisting}
+struct truth_private_key
 {
   eddsa_private_key;
 }
 \end{lstlisting}
 
 \item
-The public key is used as the user identification on the different providers. 
It is generated from the private\_key.
+The truth public key is used as the user identification on the different 
providers in case of uploaded truths. It is generated from the truth private 
key.
 \begin{lstlisting}
-struct public_key
+struct truth_public_key
 {
   eddsa_public_key;
 }
 \end{lstlisting}
 
 \item
-The truth\_key is a randomly generated AES-256 GCM key. It is used to encrypt 
the user specifiy data in the truth object.
+The truth key is a randomly generated AES-256 GCM key. It is used to encrypt 
the user specifiy data in the truth object.
 \begin{lstlisting}
 struct truth_key
 {
-  key; //256-bit
+  key; //256Bit
 }
 \end{lstlisting}
 
@@ -67,26 +94,26 @@ Anastasis needs different symmetric keys to encrypt data 
for example, the recove
 \begin{lstlisting}
 struct symmetric_key
 {
-  hashcode; //256-bit
+  hashcode; //256Bit
 }
 \end{lstlisting}
 
 \item
-Each policy has a separate policy\_key. The key is used to encrypt the 
master\_key.
-The policy\_key is also a AES-256 GCM key. It is generated through the 
combination of a set of key\_shares.
+Each policy has a separate policy\_key. The key is used to encrypt the master 
key.
+The policy key is also a AES-256 GCM key. It is generated through the 
combination of a set of key shares.
 \begin{lstlisting}
 struct policy_key
 {
-  hashcode; //256-bit
+  hashcode; //256Bit
 }
 \end{lstlisting}
 
 \item
-Every truth object contains a key\_share. A key\_share is a 256-bit random 
generated bit sequence.
+Every truth object contains a key share. A key share is a 256-bit random 
generated bit sequence.
 \begin{lstlisting}
 struct key_share
 {
-  hashcode; //256-bit
+  hashcode; //256Bit
 }
 \end{lstlisting}
 
@@ -95,25 +122,25 @@ Before every encryption a random 256-bit large nonce is 
generated. This gives th
 \begin{lstlisting}
 struct nonce
 {
-  hashcode; //256-bit
+  hashcode; //256Bit
 }
 \end{lstlisting}
 
 \item
-To use AES-256 GCM an IV must be generated. It is generated with an HKDF over 
a salt the kdf\_id and a symmetric key.
+To use AES-256 GCM an IV must be generated. It is generated with an HKDF over 
a salt the kdf id and a symmetric key.
 \begin{lstlisting}
 struct iv
 {
-  hashcode; //128 bit
+  hashcode; //128Bit
 }
 \end{lstlisting}
 
 \item
-The aes\_tag is generated after each encryption, it is later used to check the 
integrity of the data.
+The aes tag is generated after each encryption, it is later used to check the 
integrity of the data.
 \begin{lstlisting}
 struct aes_tag
 {
-  hashcode; //128 bit
+  hashcode; //128Bit
 }
 \end{lstlisting}
 \end{itemize}
@@ -128,7 +155,7 @@ basic data structures.
 The most important data structures in the client API are the following:
 
 \begin{itemize}
-  \item
+ \item
 The secret share data structure is used to upload a new recovery document.
 \begin{lstlisting}
 struct secret_share

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.