robbiehanson
commented
3 years ago Implementation Notes:
Cloud encryption key
In Wallet.kt there is a new function cloudKeyAndEncryptionNodeId(). It derives a "cloudKey" for the wallet, which is then used to encrypt/decrypt the content that's synced to iCloud.
It also returns an "encrypted nodeID", which is just some string that is derived from the wallet, but which doesn't leak identifying information. We use this to segregate wallets within iCloud. (Each wallet gets its own cloud "container", which is essentially a separate database.)
These values are ultimately returned to the Swift layer via PhoenixBusiness.loadWallet()
CloudKitPayments.sq
There's a new SQLDelight file. The design is specific to Apple's CloudKit syncing requirements, so it's named accordingly. There's also a migrations file.
Note that this is shared between iOS & Android. Which means Android will create these tables too, even though it won't ever use them. I don't know if there's an easy way around this. More drastic measures might not be worth the risk. I assume that Android will eventually get its own dedicated tables too, and iOS will quietly create them, even though they're not needed. But it's a one-time operation.
Encryption routine
In SyncManager.swift, there's a function serializeAndEncryptRow which performs the encryption routine:
- It invokes
cborSerialize()to get a blob for the incoming/outgoing payment - Then adds random padding to the CloudData container
- Then encrypts the CloudData container using ChaChaPoly, and returns the ciphertext
dpad85
Phoenix iOS can now optionally backup transactions in iCloud:
(This is a huge PR, so I'll be splitting this into multiple smaller PR's in the next few days.)
Overview:
We upload completed transactions to the user's iCloud.
More specifically, we use Apple's CloudKit, which provides us with a database-like API. The API is limited to {iCloud-user, application}. Which means only the logged-in iCloud user can access the database. And only our app can access our database(s).
We create a different "container" for each wallet. So each wallet is properly segregated. And mainnet/testnet segregation is handled too.
Security considerations:
1) The data stored in the cloud is encrypted, and can only be decrypted with the seed. We serialize each payment into a blob, and then we encrypt the blob before uploading it. The
cloudKeyused for encryption/decryption is derived from the seed using a derivation path. (The derivation path is different for mainnet vs testnet.)2) Each wallet gets its own segregated "cloud container". The name of the container is
Hash(cloudKey + nodeID). This prevents leakage of the user's nodeID.3) The size of a serialized
IncomingPaymentis generally smaller than anOutgoingPayment. In order to obfuscate the payment type, we add padding to the serialized cleartext prior to encryption. The current algorithm is:4) The other known attack uses metadata & timestamps. By default, Alice's wallet syncs a payment to the cloud as soon as it completes. However, this associates Alice with a completed Lightning payment made at that time. Thus, Alice can opt-into "randomized upload delays", where the
SyncManagerinjects a random delay automatically. In addition, this dely is exposed to Alice within the UI, and she can manually skip it if needed.Changes in the Kotlin layer:
expect), and currently does nothing on Android.cloudkit_payments_queuetable in the database.WalletPayment<->ByteArrayis done in Kotlin. And I've done a bunch of optimization here to minimize the size.Changes in iOS UI:
New options in the settings to control cloud backup:
The "cloud sync status" has been integrated into the AppStatusButton on the HomeScreen (upper left corner), as well as the AppStatusPopover:
The status is dynamic & interactive: