End-To-End Encryption: Custom Encryption Library

[robertjchen]

cc: Margelo

Please implement a custom encryption library to be used as part of the new End to End Encryption feature in the App.

Namely, it will provide symmetric (AES) and asymmetric (RSA4096 + Kyber1024) encryption functions to be used by the App as well as in the backend.

Please refer to the planning doc for additional context!

Considerations

• The native (TurboModule?) part should be portable enough (C/C++) such that we can use the encryption library/functionality internally for backend purposes at Expensify.
• For Web, it should also cleanly compile to a wasm binary for direct use in the Web client.
• The repository will be hosted under the Expensify org as we'll be using the functionality internally ✨

Proposed Interface

// synchronous mockup, but final solution may be asynchronous as well 👍

• KEMGenKeys() - return a JSON object in the format of:

        {
      "kyber1024": {
          "pubkey": "<base64 public key>",
          "privkey": "<base64 private key>"
       },
      "rsa4096": {
          "pubkey": "<base64 public key>",
          "privkey": "<base64 private key>"
       },

For the following functions, the pubKeys and privKeys arguments should be provided in JSON format:

    privKeys : {
        "kyber1024" : {
            "privkey": "<base64 private key>",
         },
        "rsa4096" : {
            "privkey": "<base64 private key>",
        },
    }

// ---

    privKeys : {
        "kyber1024" : {
            "pubkey": "<base64 public key>",
         },
        "rsa4096" : {
            "pubkey": "<base64 public key>",
        },
    }

• KEMEncrypt(pubKeys, dataString) - encrypts a given string RSA4096_Encrypt(Kyber1024_Encrypt(dataString)) given the pubKey set (input string should be padded behind the scenes if necessary, etc.). The pubKeyHash should be a hash of the two public keys combined. The result is the raw encrypted string in base64 format (note that this is directly encrypted by RSA4096 + Kyber1024, not AES!)

   <base64 data>

• KEMDecrypt(privKeys, dataString) - decrypts a given string given the privKey set (input string should be padded behind the scenes if necessary, etc.)

  <base64 data>

• KEMSign(privKeys, dataString) - signs a given string given the privKey set (see doc for additional implementation notes)

  <base64 data>

• KEMVerify(pubKeys, dataString) - verifies the signature of a given data string given the pubKey set

  <base64 data>

• AESDecrypt(iv, key, data) // simple symmetric encryption w/ AES-GCM

  <base64 data> // contains iv + encrypted data + etc.

• AESEncrypt(iv, key, data) // simple symmetric encryption w/ AES-GCM

  <base64 data> // contains iv + encrypted data + etc.

[chrispader]

Thanks and wuhuu! 🚀🎉

[chrispader]

Are we still thinking about adding signing and verifying functionality with Dillithium?

[robertjchen]

Great q, I think we'll still need it down the line 🤔 We'll see how things pan out in planning now that the priorities are clear