[cryptography] Introducing SC4 -- feedback appreciated

Ron Garret ron at flownet.com
Fri Apr 17 15:04:25 EDT 2015


On Apr 17, 2015, at 11:26 AM, zaki at manian.org wrote:

> At some level, this is in the same conceptual space as Peerio / Minilock.

That’s right.

> The primary notable difference I see is you have used a binary format for keys and messages.

That’s not the main difference that I claim.  The message format is almost irrelevant (except insofar as SC4 messages are fairly compact and easy to parse).  The main advantage I claim for SC4 is the combination of reasonable security and low friction.

> Minilock uses a compressed curve25519 point without any metadata as public key. This is more compact than your format. It'sBase58 encoded it is tweetable which is very nice.

SC4 and Minilock use the same underlying crypto.  The reason SC4 keys look longer is that it gives you separate keys for signing and encryption.  But SC4 keys could be easily made tweetable if people cared about that.

> Minilock uses JSON for the message format rather than a binary format. I also really like using a protocol buffers for message formats which is what TextSecure does.

These are things that only technical people tend to care about.  I’m trying to optimize for low friction to encourage non-technical people to use it.

> It looks like your key portability strategy is for users to manage their keys directly as file they provide to instances. Peerio has switched to providing users with a wordlist from which the private key can be derived through a KDF for portability.

My intent is to build a key server that will make the key sharing process seamless.  But I wanted to start with a completely standalone version to make sure I didn’t have any obvious problems with the crypto first.

rg



More information about the cryptography mailing list