Éloïs · f69b3823 · 83586a16 · fc7aab83 · b4d76265 · f9280d6c
--- a/rfc/0017_transaction_comment_encryption.md 0 → 100644

+ 83

− 0
+++ b/rfc/0017_transaction_comment_encryption.md 0 → 100644

+ 83

− 0
+# RFC 17: Transaction Comment Encryption
+
+Alice wants to send a transaction to bob with an encrypted comment.
+
+Let `Sa` the private key of Alice and `Pa` its associated public key.
+Let `Sb` the private key of Bob and `Pb` its associated public key.
+
+## Generate symetric encryption key
+
+We use nacl function [crypto_box_beforenm]. Then use scrypt with a random nonce.
+
+Let `R = crypto_box_beforenm(Sa, Pb) = crypto_box_beforenm(Sb, Pa)`.
+
+Let `s` be a random salt of 16 bytes.
+
+The symmetric encryption key `k` is obtained as follows:
+
+`k = scrypt(R, s)`
+
+With following parameters for scrypt:
+
+```txt
+password = R
+Salt = s
+N = 1024
+r = 12
+p = 1
+dkLen = message length
+```
+
+## Encrypt with XOR cipher
+
+Encrypt bit per bit with XOR cipher.
+
+## Serialize encrypted message with meta data
+
+| Prefix  | Message type | Message length | Salt     | Encrypted UTF8 message  |
+|:-------:|:------------:|:--------------:|:--------:|:-----------------------:|
+| 2 bytes | 1 byte       | 1 byte         | 16 bytes | Any bytes               |
+
+The maximum length of a message is 169 bytes.
+
+The message must be encoded in UTF8.
+
+### Prefix
+
+A constant value that indicates the type of format. For the present format defined in this RFC, the prefix is `0x0100`.
+
+Future version of the present format must increment second byte (next version use prefix `0x0101`).
+
+A possible future format should increment the first byte of the prefix.
+
+### Message type
+
+| Code | Significance                     |
+|:----:|:--------------------------------:|
+| 0x00 | Write by a human for a human     |
+| 0x01 | Write by a human for a machine   |
+| 0x10 | Write by a machine for a human   |
+| 0x11 | Write by a machine for a machine |
+
+## Encoding in transaction document
+
+Encrypted message in encoded in base 64 in transaction comment directly (DUBP protocol already accept all base 64 characters).
+
+## Decrypt transaction comment (Bob side)
+
+1. Compute `R = crypto_box_beforenm(Sb, Pa)`
+2. Read meta data `l = Message length`
+3. Read meta data `s = Salt`
+4. Generate symetric encryption key `k = scrypt(R, s, N: 1024, r: 12, p: 1, dkLen: l)`
+5. compute `m = encryptedMessage ^ k`
+6. Interpret `m` as an UTF8 string
+
+## Hide the real length of the message
+
+It is possible to encode a message that is intentionally longer than the real message in order to not reveal the size of the message.  
+In this case, it is usual to put a [Null character] at the end of the message to know where the real end of the message is.  
+The characters after the [Null character] should not be displayed, but they should remain valid UTF8 characters.
+
+[crypto_box_beforenm]: https://nacl.cr.yp.to/box.html
+[Null character]: https://en.wikipedia.org/wiki/Null_character
+[XOR cipher]: https://en.wikipedia.org/wiki/XOR_cipher