Strong, appropriate, cryptography choices are essential to the functioning of Veilid.
Veilid provides applications guarantees about how data is handled on the wire and at rest.
Cryptosystems were chosen that work well together and provide a balance of speed and cryptographic hardness.
Current Cryptography Systems
Authentication is Ed25519Elliptic curve25519 was chosen to provide public/private key authentication and signing capabilities
Key Exchange is x25519Curve25519 has a DH function that allows nodes to generate a symmetric key to communicate privately.
Encryption is XChaCha20-Poly1305ChaCha20 with a 192-bit extended nonce is a fast authenticated stream cipher with associated data (AEAD).
Message Digest is BLAKE3BLAKE3 is a extremely fast cryptographic hash that is highly parallelizable and as strong as SHA3-256 and over 17 times faster.
Key Derivation is Argon2Password hash generation should be slow and resistant to GPU attacks Argon2 was the winner of the 2015 Password Hashing Competition.
Upgrading Cryptography Systems
Nothing lasts forever and cryptography is no exception. As computing power improves and cryptographic attacks evolve, weaknesses in cryptosystems are inevitable.
Veilid has ensured that upgrading to newer cryptosystems is streamlined and minimally invasive to app developers, and handled transparently at the node level.
Multiple Routing TablesBecause changing cryptosystems changes node ids, there will be different distance measurements between nodes, necessitating a separate routing table per cryptosystem. We support this today.
Typed KeysCryptographic keys, signatures, and hashes are all tagged with their cryptosystem to ensure that we know exactly how they were generated and how they should be used and persisted.
Migration SupportReading persisted data will automatically use the correct cryptosystem and will default to always writing it back using the newest/best cryptosystem. This allows for data to be easily migrated just by reading it and writing it back to storage.
Simultaneous CryptosystemsWhile transitioning cryptosystems, nodes can respond to other nodes using either the old system or the new one, or both.
- Device-level secret storage APIs are available for all platforms
- Encrypted table store APIs are exposed to applications to make safe data storage easy
- Device data keys can also be password protected
- Apps never need to write anything to disk unencrypted
Device-level Secret Storage
- MacOS / iOS Keychain
- Android Keystore
- Windows Protected Storage
- Linux Secret Service
Encrypted Key-Value Database
- SQLITE on Native
- IndexedDB in Browser
- Device Key can be protected from backup dumping attacks
Distributed Hash Table Storage
- Encrypted + Authenticated
- Subkey support
- LRU distributed cache
- Per-key multi-writer schemas
Content-addressable Data Distribution
- Take What You Give model
- Connect and share cloud storage
- Bittorrent-like sharding
On The Wire
Everything is end-to-end encrypted
Data is encrypted at rest and on the wire
Your data is protected even if you lose your device
All Protocols Same EncryptionEach low-level protocol uses the same message and receipt encapsulation. No protocol is special and all protocols offer the same safety guarantees.
Encrypted And SignedMessages between nodes are signed by the sender and encrypted for only the receiver. Messages can be relayed without decryption and authentication covers the entire contents including headers.
Everything Is TimestampedEnvelopes include timestamps and unique nonces and reject old or replayed messages.
Node Information Is SignedWhen a node publishes routing table entries they are signed. No node can lie about another node's dial info, capabilities, availability, or replay old node info when newer info is available.