Commit 11691726 authored by Éloïs's avatar Éloïs
Browse files

[DEWIF] replace AES256 by XOR cipher

parent 12063cdc
......@@ -75,17 +75,20 @@ The 4 bytes of the version field must be interpreted as an unsigned integer enco
#### Encrypted data
**Symmetric encryption algorithm:** aes256
**Symmetric encryption algorithm:** [XOR cipher]
**AES256 key** = scrypt of user passphrase with the following parameters:
[XOR cipher] is the fastest symmetric encryption algorithm in the world, the only limitation is that the encryption key must be at least as long as the encrypted data.
| Parameter | Value |
|:--------------:|:----------------------------:|
|**Password:** | passphrase |
|**Salt** |sha256("dewif" ++ passphrase) |
|**N** |`2^(log N)` |
|**r** |16 |
|**p** |1 |
**XOR key** = scrypt of user passphrase with the following parameters:
| Parameter | Value |
|:--------------:|:-----------------------------:|
|**Password:** | passphrase |
|**Salt** | sha256("dewif" ++ passphrase) |
|**N** | `2^(log N)` |
|**r** | 16 |
|**p** | 1 |
|**dkLen** | Encrypted data length |
##### Algorithm Ed25519
......@@ -112,25 +115,24 @@ The public key serves as a checksum. To check that the DEWIF base64 string is no
0x17df9d2b059cdd2825955691e3a783e6da403148ddebb1144d1a9b9e545f2371 # public key
```
**AES256 key generated from scrypt with the following parameters:**
**XOR key generated from scrypt with the following parameters:**
| Parameter | Value |
|:-----------------:|:-------------:|
| **N** | `2^12 = 4096` |
| **r** | 16 |
| **p** | 1 |
| **dkLen** | 64 |
DEWIF base 64 string (with aes key `"toto titi tata"`):
DEWIF base 64 string (with xor key `"toto titi tata"`):
`AAAAARAAAAEMAJ8UMCz6NVliR+EGUdlnZ8RAi8GqcbXqDn7TZxjXzBI6NbRxSDYlXdJRMlg3YKttB5EPAZrNafNIUGmFyEyaIvQ=`
`???`
##### Algorithm Bip32-Ed25519
| Language code | Entropy length | Mnemonic entropy | Checksum | padding |
|:--------------:|:--------------:|:----------------:|:--------:|:------------:|
| Uint8 (1 byte) | Uint8 (1 byte) | Any bytes | 8 bytes | Zeroed bytes |
The padding is used so that the size of the encrypted data is a multiple of 16 (necessary for aes256).
| Language code | Entropy length | Mnemonic entropy | Checksum |
|:--------------:|:--------------:|:----------------:|:--------:|
| Uint8 (1 byte) | Uint8 (1 byte) | 32 bytes | 8 bytes |
Language code:
......@@ -145,7 +147,9 @@ Language code:
| 6 | Korean |
| 7 | Spanish |
Mnemonic entropy is defined on [BIP39]
Mnemonic entropy is defined on [BIP39].
The entropy is stored in 32 bytes to avoid revealing the size of the stored mnemonic.
If the entropy of the mnemonic is less than 32 bytes, the extra bytes are ignored (they can have any value).
To check that the DEWIF base64 string is not corrupted, compute the hash sha256 of `Language code || Entropy length || Mnemonic entropy`. The first eight bytes of the sha256 hash constitute the checksum.
......@@ -164,23 +168,25 @@ To check that the DEWIF base64 string is not corrupted, compute the hash sha256
0x01 # Algorithm Bip32-Ed25519
0x00 # Language english
0x10 # Entropy length
0x33E46BB13A746EA41CDDE45C90846A79 # Mnemonic entropy
0x33E46BB13A746EA41CDDE45C90846A7900000000000000000000000000000000 # Mnemonic entropy
0x???? # checksum
```
**AES256 key generated from scrypt with the following parameters:**
**XOR key generated from scrypt with the following parameters:**
| Parameter | Value |
|:--------------:|:--------------:|
| **N** | `2^14 = 16384` |
| **r** | 16 |
| **p** | 1 |
| **dkLen** | 64 |
DEWIF base 64 string (with aes key `"toto titi tata"`):
DEWIF base 64 string (with xor key `"toto titi tata"`):
`???`
[BIP32-Ed25519]: https://drive.google.com/file/d/0ByMtMw2hul0EMFJuNnZORDR2NDA/view
[Ed25519]: https://tools.ietf.org/html/rfc8032
[BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic
[DUBP]: https://git.duniter.org/nodes/common/doc/blob/master/rfc/0010_Duniter_Blockchain_Protocol_V12.md
[Ed25519]: https://tools.ietf.org/html/rfc8032
[XOR cipher]: https://en.wikipedia.org/wiki/XOR_cipher
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment