-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathfuture.html
More file actions
421 lines (385 loc) · 21.8 KB
/
future.html
File metadata and controls
421 lines (385 loc) · 21.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
<!doctype html>
<html class="no-js" lang="en">
<head><meta charset="utf-8"/>
<meta name="viewport" content="width=device-width,initial-scale=1"/>
<meta name="color-scheme" content="light dark"><meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />
<link rel="index" title="Index" href="genindex.html" /><link rel="search" title="Search" href="search.html" /><link rel="next" title="References / Further Reading" href="references.html" /><link rel="prev" title="Glossary" href="glossary.html" />
<!-- Generated with Sphinx 5.3.0 and Furo 2023.03.27 -->
<title>Future Work - snackabra 1.0 documentation</title>
<link rel="stylesheet" type="text/css" href="_static/pygments.css" />
<link rel="stylesheet" type="text/css" href="_static/styles/furo.css?digest=fad236701ea90a88636c2a8c73b44ae642ed2a53" />
<link rel="stylesheet" type="text/css" href="_static/graphviz.css" />
<link rel="stylesheet" type="text/css" href="_static/styles/furo-extensions.css?digest=30d1aed668e5c3a91c3e3bf6a60b675221979f0e" />
<link rel="stylesheet" type="text/css" href="_static/css/custom.css" />
<style>
body {
--color-code-background: #f8f8f8;
--color-code-foreground: black;
}
@media not print {
body[data-theme="dark"] {
--color-code-background: #202020;
--color-code-foreground: #d0d0d0;
}
@media (prefers-color-scheme: dark) {
body:not([data-theme="light"]) {
--color-code-background: #202020;
--color-code-foreground: #d0d0d0;
}
}
}
</style></head>
<body>
<script>
document.body.dataset.theme = localStorage.getItem("theme") || "auto";
</script>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
<symbol id="svg-toc" viewBox="0 0 24 24">
<title>Contents</title>
<svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024">
<path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/>
</svg>
</symbol>
<symbol id="svg-menu" viewBox="0 0 24 24">
<title>Menu</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu">
<line x1="3" y1="12" x2="21" y2="12"></line>
<line x1="3" y1="6" x2="21" y2="6"></line>
<line x1="3" y1="18" x2="21" y2="18"></line>
</svg>
</symbol>
<symbol id="svg-arrow-right" viewBox="0 0 24 24">
<title>Expand</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right">
<polyline points="9 18 15 12 9 6"></polyline>
</svg>
</symbol>
<symbol id="svg-sun" viewBox="0 0 24 24">
<title>Light mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather-sun">
<circle cx="12" cy="12" r="5"></circle>
<line x1="12" y1="1" x2="12" y2="3"></line>
<line x1="12" y1="21" x2="12" y2="23"></line>
<line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
<line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
<line x1="1" y1="12" x2="3" y2="12"></line>
<line x1="21" y1="12" x2="23" y2="12"></line>
<line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
<line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
</svg>
</symbol>
<symbol id="svg-moon" viewBox="0 0 24 24">
<title>Dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon">
<path stroke="none" d="M0 0h24v24H0z" fill="none" />
<path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" />
</svg>
</symbol>
<symbol id="svg-sun-half" viewBox="0 0 24 24">
<title>Auto light/dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-shadow">
<path stroke="none" d="M0 0h24v24H0z" fill="none"/>
<circle cx="12" cy="12" r="9" />
<path d="M13 12h5" />
<path d="M13 15h4" />
<path d="M13 18h1" />
<path d="M13 9h4" />
<path d="M13 6h1" />
</svg>
</symbol>
</svg>
<input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation">
<input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc">
<label class="overlay sidebar-overlay" for="__navigation">
<div class="visually-hidden">Hide navigation sidebar</div>
</label>
<label class="overlay toc-overlay" for="__toc">
<div class="visually-hidden">Hide table of contents sidebar</div>
</label>
<div class="page">
<header class="mobile-header">
<div class="header-left">
<label class="nav-overlay-icon" for="__navigation">
<div class="visually-hidden">Toggle site navigation sidebar</div>
<i class="icon"><svg><use href="#svg-menu"></use></svg></i>
</label>
</div>
<div class="header-center">
<a href="index.html"><div class="brand">snackabra 1.0 documentation</div></a>
</div>
<div class="header-right">
<div class="theme-toggle-container theme-toggle-header">
<button class="theme-toggle">
<div class="visually-hidden">Toggle Light / Dark / Auto color theme</div>
<svg class="theme-icon-when-auto"><use href="#svg-sun-half"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-header-icon" for="__toc">
<div class="visually-hidden">Toggle table of contents sidebar</div>
<i class="icon"><svg><use href="#svg-toc"></use></svg></i>
</label>
</div>
</header>
<aside class="sidebar-drawer">
<div class="sidebar-container">
<div class="sidebar-sticky"><a class="sidebar-brand" href="index.html">
<span class="sidebar-brand-text">snackabra 1.0 documentation</span>
</a><form class="sidebar-search-container" method="get" action="search.html" role="search">
<input class="sidebar-search" placeholder="Search" name="q" aria-label="Search">
<input type="hidden" name="check_keywords" value="yes">
<input type="hidden" name="area" value="default">
</form>
<div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="introduction.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="overview.html">Technical Overview</a></li>
<li class="toctree-l1"><a class="reference internal" href="system-architecture.html">System Architecture</a></li>
<li class="toctree-l1"><a class="reference internal" href="discussion.html">Background and Discussion</a></li>
<li class="toctree-l1"><a class="reference internal" href="formal.html">Formal Treatment</a></li>
<li class="toctree-l1"><a class="reference internal" href="install.html">Installation</a></li>
<li class="toctree-l1"><a class="reference internal" href="contact.html">Contact and Feedback</a></li>
<li class="toctree-l1"><a class="reference internal" href="glossary.html">Glossary</a></li>
<li class="toctree-l1 current current-page"><a class="current reference internal" href="#">Future Work</a></li>
<li class="toctree-l1"><a class="reference internal" href="references.html">References / Further Reading</a></li>
<li class="toctree-l1"><a class="reference internal" href="license.html">LICENSE</a></li>
<li class="toctree-l1"><a class="reference internal" href="jslib.html">JSLib User Manual</a></li>
<li class="toctree-l1"><a class="reference internal" href="modules.html">JSLib Reference Manual</a></li>
<li class="toctree-l1"><a class="reference internal" href="server.html">Snackabra Server</a></li>
<li class="toctree-l1"><a class="reference internal" href="pylib.html">Python Library</a></li>
<li class="toctree-l1"><a class="reference internal" href="appendix-a-crypto.html">Appendix A: Cryptography</a></li>
<li class="toctree-l1"><a class="reference internal" href="user-guide.html">Appendix B: Privacy.App Chat Room User Guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="diag-sample.html">(ignore)</a></li>
<li class="toctree-l1"><a class="reference internal" href="motivation.html">Motivation</a></li>
</ul>
</div>
</div>
</div>
</div>
</aside>
<div class="main">
<div class="content">
<div class="article-container">
<a href="#" class="back-to-top muted-link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path>
</svg>
<span>Back to top</span>
</a>
<div class="content-icon-container">
<div class="theme-toggle-container theme-toggle-content">
<button class="theme-toggle">
<div class="visually-hidden">Toggle Light / Dark / Auto color theme</div>
<svg class="theme-icon-when-auto"><use href="#svg-sun-half"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-content-icon" for="__toc">
<div class="visually-hidden">Toggle table of contents sidebar</div>
<i class="icon"><svg><use href="#svg-toc"></use></svg></i>
</label>
</div>
<article role="main">
<section id="future-work">
<h1>Future Work<a class="headerlink" href="#future-work" title="Permalink to this heading">#</a></h1>
<p>In this section we cover topics that are well progressed in terms
of design thinking, but not finalize (or implemented) yet.</p>
<section id="curve25519-support">
<h2>Curve25519 Support<a class="headerlink" href="#curve25519-support" title="Permalink to this heading">#</a></h2>
<p>We currently use ECDSA (Elliptic Curve Digital Signature Algorithm)
to generate channel names. There are some concerns with this curve,
however, we consider the support of it by major browser vendors as
preferable over the possible improvement from using another curve,
which would require significant custom code. Recall that one of
our design principles is that core of SB should all fit into a
single typescript library with no external dependencies, and one
that is as simple to read and understand by humans as possible.</p>
<p>One candidate replacement is Ed25519 (which for example was chosen
for recent revisions of Onion and IPFS) and Curve448. NIST has
announced that both will be included in FIPS-186-5.</p>
<p>It seems likely that support for both of these will be added to
the standard web crypto api, and we plan to simply follow that
development. In the SB protocol, we will be adding meta data on
what algorithm was used to generate the channel name. (For
backwards compatibility, if no such information exists, default
assumption is that ECDSA P-384 was used).</p>
<ul class="simple">
<li><p><a class="reference external" href="https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa">https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa</a></p></li>
<li><p><a class="reference external" href="https://datatracker.ietf.org/doc/html/rfc7748">https://datatracker.ietf.org/doc/html/rfc7748</a></p></li>
<li><p><a class="reference external" href="https://datatracker.ietf.org/doc/html/rfc6090">https://datatracker.ietf.org/doc/html/rfc6090</a></p></li>
<li><p><a class="reference external" href="https://chromestatus.com/feature/4913922408710144">https://chromestatus.com/feature/4913922408710144</a></p></li>
<li><p><a class="reference external" href="https://docs.google.com/document/d/1fDTUY3HVAXehi-eSfbi7nxh8ZPw4MpSKM8U1fMdqJlU">https://docs.google.com/document/d/1fDTUY3HVAXehi-eSfbi7nxh8ZPw4MpSKM8U1fMdqJlU</a></p></li>
<li><p><a class="reference external" href="https://csrc.nist.gov/publications/detail/fips/186/5/draft">https://csrc.nist.gov/publications/detail/fips/186/5/draft</a></p></li>
<li><p><a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8032#section-5.1">https://www.rfc-editor.org/rfc/rfc8032#section-5.1</a></p></li>
<li><p><a class="reference external" href="http://safecurves.cr.yp.to/">http://safecurves.cr.yp.to/</a></p></li>
<li><p><a class="reference external" href="http://ed25519.cr.yp.to/ed25519-20110926.pdf">http://ed25519.cr.yp.to/ed25519-20110926.pdf</a></p></li>
<li><p><a class="reference external" href="https://github.com/libp2p/specs/blob/master/peer-ids/peer-ids.md">https://github.com/libp2p/specs/blob/master/peer-ids/peer-ids.md</a></p></li>
</ul>
<p>Not directly relevant, but there is some interesting discussion of the
issues with the Onion v3 privacy improvements:</p>
<p><a class="reference external" href="https://blog.torproject.org/v3-onion-services-usage/">https://blog.torproject.org/v3-onion-services-usage/</a></p>
<p>Similar issues in the area of brute-forcing a global identifier. In the
case of SB, we don’t have an opinion on directory services (e.g. discovery
of where a channel is being served from), but we do want to take into
consideration issues any directory service somebody else builds for SB
channels will run into. We were not aware of the Onion V3 address format
when we first designed SB channel names, but we did design it to be a
64-byte name (currently an iterated hash of the 64-byte public key)
compared to 16 characters for Onion V2 and 56 for V3.</p>
</section>
<section id="verifying-room-integrity">
<h2>Verifying Room Integrity<a class="headerlink" href="#verifying-room-integrity" title="Permalink to this heading">#</a></h2>
<p>This needs to be thought through more, consider the below as
tentative: the whole process of how to securely “disconnect” from a
server, in what steps exactly, is a bit unclear.</p>
<p>A room that is both ‘restricted’ and where the Owner has taken control
(‘rotated’) their ownership keys, is loosely referred to as a
‘locked-down’ room. The objective is that a locked-down room is
entirely under the control of the Owner in a manner where no other
party can impersonate the Owner (without having access to their
private owner keys).</p>
<p>The idea is that if you are setting up a group discussion, you may be
using the SSO and other services to initiate the composition of
participants. Then, once that’s accomplished, the concept of ‘locking’
is to eliminate the ability of the SSO to override (impersonate) Owner
identity, whether that may happen through action by an entity
controlling the SSO, or a sufficient subset of underlying
infrastructure providers. <a class="footnote-reference brackets" href="#f028" id="id1" role="doc-noteref"><span class="fn-bracket">[</span>1<span class="fn-bracket">]</span></a></p>
<p>This raises a well-known challenge: how do you, as a user, ascertain
that there was no manipulation of any part of the setup leading up to
this final state?</p>
<p>The short answer is that there isn’t really a way to accomplish
that. Instead, our solution is to make it simple for participants to
pairwise verify the integrity of the final result. Said final
result from every participants’ point of view is simply the room name
and the set of all participants’ public keys. If all participants have
the exact same final result, then there could not have been
manipulation. <a class="footnote-reference brackets" href="#f029" id="id2" role="doc-noteref"><span class="fn-bracket">[</span>2<span class="fn-bracket">]</span></a></p>
<p>When a room is locked down (both verified and the owner has rotated
keys), for users who are verified a new “lock” icon appears next to
the room name. Pressing that lock will produce the verification image:</p>
<a class="reference internal image-reference" href="_images/verify_example.png"><img alt="_images/verify_example.png" class="align-center" src="_images/verify_example.png" style="height: 140px;" /></a>
<p>The above image is generated as follows:</p>
<p>A string is generated by concatenating the <roomId> with every
participants’ public keys, the latter in alphanumeric order. The
<em>number</em> of participants seen by the client is noted (‘N’)</p>
<p>This string is then hashed (SHA-256) and the result is folded (x-or’d)
once upon itself, and the last 8 bits dropped, to generate a 120-bit
‘signature’ of the room’s ‘final state.’ This signature should be
<em>identical</em> for all participants.</p>
<p>The presentation is done by translating in chunks of 12 bits to a
passphrase dictionary (4096-word list). This results in 10 words in
two columns of 5. The participant count is displayed prominently as
well.</p>
<p>This signature would then obey the transitive property: all
participants can pairwise confirm that they have the same
signature. Words are superior to QR codes or fancy images - they can
be written down, they can be read over the phone, they are (much)
easier for the human mind to “match”, and they involve a minimum of
additional risk (e.g. malicious QR codes etc).</p>
<p>An alternative approach to showing images is to pairwise challenge
(automatically) through the room. Since the ‘room signature’ can be
viewed as a shared secret that all participants have (and that should
be identical to everybody), a simply pairwise execution of the
<em>socialist millionaires’ problem</em>, for example the algorithm proposed
by Boudt, Schoenmakerrs, and Traore
(<a class="reference external" href="https://www.win.tue.nl/~berry/papers/dam.pdf">https://www.win.tue.nl/~berry/papers/dam.pdf</a>).</p>
<div class="line-block">
<div class="line"><br /></div>
</div>
<p class="rubric">Footnotes</p>
<aside class="footnote-list brackets">
<aside class="footnote brackets" id="f028" role="note">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id1">1</a><span class="fn-bracket">]</span></span>
<p>Whether or not the entity controlling the SSO is aware of
such interference.</p>
</aside>
<aside class="footnote brackets" id="f029" role="note">
<span class="label"><span class="fn-bracket">[</span><a role="doc-backlink" href="#id2">2</a><span class="fn-bracket">]</span></span>
<p>Here is why: all individual participants’ keys are
generated locally to their client and the private half is
never on the network. So from the perspective of each
participant, if every other participant has the same view
of their public key, then it wasn’t tampered with. The
verification then applies this to all participants. This
leaves open the possibility of one or more clients having
been tampered with at some point in the process; this
security risk is discussed below in the ‘Static Client’
section.</p>
</aside>
</aside>
</section>
</section>
</article>
</div>
<footer>
<div class="related-pages">
<a class="next-page" href="references.html">
<div class="page-info">
<div class="context">
<span>Next</span>
</div>
<div class="title">References / Further Reading</div>
</div>
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
</a>
<a class="prev-page" href="glossary.html">
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
<div class="page-info">
<div class="context">
<span>Previous</span>
</div>
<div class="title">Glossary</div>
</div>
</a>
</div>
<div class="bottom-of-page">
<div class="left-details">
<div class="copyright">
Copyright © 2019-2023, Magnusson Institute
</div>
Made with <a href="https://www.sphinx-doc.org/">Sphinx</a> and <a class="muted-link" href="https://pradyunsg.me">@pradyunsg</a>'s
<a href="https://github.com/pradyunsg/furo">Furo</a>
</div>
<div class="right-details">
</div>
</div>
</footer>
</div>
<aside class="toc-drawer">
<div class="toc-sticky toc-scroll">
<div class="toc-title-container">
<span class="toc-title">
On this page
</span>
</div>
<div class="toc-tree-container">
<div class="toc-tree">
<ul>
<li><a class="reference internal" href="#">Future Work</a><ul>
<li><a class="reference internal" href="#curve25519-support">Curve25519 Support</a></li>
<li><a class="reference internal" href="#verifying-room-integrity">Verifying Room Integrity</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
</aside>
</div>
</div><script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/_sphinx_javascript_frameworks_compat.js"></script>
<script src="_static/doctools.js"></script>
<script src="_static/sphinx_highlight.js"></script>
<script src="_static/scripts/furo.js"></script>
</body>
</html>