[bisq-network/bisq] Bisq 2: Security Module Review (Discussion #5944)
Alva Swanson
notifications at github.com
Thu Dec 30 16:38:52 CET 2021
I spent the last couple of days reviewing the Misq crypto code in the security module. I didn't find anything serious. Some things like the `deriveKeyMaterial(...)` (HybridEncryption.java) looked weird, but the code is generally ok. But I have a couple of questions/discussion points.
1. Is there a specific reason why CBC was chosen as the block cipher mode? CBC encryption isn't parallelized. Why not use an ADEAD [1] (Authenticated encryption) cipher like AES-GCM. This would simplify the design by not explicitly dealing with authenticity while keeping the security. Galois/Counter Mode can be parallelized because it encrypts an incrementing counter (derived from IV).
2. @chimp1984 's proposal states that each trade should have its own onion/i2p address [2]. Why not allow a user to post the same offer to both networks? We can bind the offers to a static identity key (per offer/user id).
3. How do we want to track the reputation of a user? One approach would be to use a key pair per identity in addition to the ephemeral keys. When needed, the keys linked to an identity can authenticate oneself to the other peer. This would separate the identities from the network layer (One user can have multiple identities).
4. In the source code, I did find references to clearnet. I think it's mainly used to relay traffic, but is the traffic encrypted (transport encryption)?
5. A general question is why we're not building on top of the Noise Protocol Framework [3]? It's widely used (WhatsApp, WireGuard, Lightning, and I2P) and simple.
We get a lot for free:
- Static and ephemeral key pairs
- ADEAD (see 1.)
- Supports identity hiding
- Supports forward secrecy (using `REKEY`)
- We can add the PoW authentication scheme to the protocol using channel binding.
- Protocols build using Noise are easier to verify by researchers. The modeling and verification can be automated as well [4].
6. We should think about versioning the encryption ciphers to switch to another one later if needed. Who knows what happens in a couple of years.
I attacked, designed, and implemented security protocols before. I can help and work on this after completing the wallet integration if needed.
[1] Morris Dworkin. "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC". NIST Special Publication 800-38D
[2] @chimp1984 . "Bisq 2.0 - A multi-protocol DEX (working title Misq)". https://github.com/bisq-network/proposals/issues/330
[3] Trevor Perrin. "The Noise Protocol Framework". http://www.noiseprotocol.org/noise.pdf
[4] Kobeissi, Nadim, Georgio Nicolas, and Karthikeyan Bhargavan. "Noise Explorer: Fully automated modeling and verification for arbitrary Noise protocols." 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2019.
--
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/discussions/5944
You are receiving this because you are subscribed to this thread.
Message ID: <bisq-network/bisq/repo-discussions/5944 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20211230/4eefd2e6/attachment.htm>
More information about the bisq-github
mailing list