integritee-network / worker

Integritee off-chain worker and sidechain validateer
Apache License 2.0
90 stars 47 forks source link

replace RSA shielding key with NaCl/salt/sodium asymmetric crypto #1597

Open brenzi opened 6 months ago

brenzi commented 6 months ago

Needs to first be researched in depth

RSA should be deprecated as it should no longer be considered secure

NaCl is scheme enabling asymmetric encryption and authentication at the same time, based on ed25519. We would still need a shared secret among all enclaves operating the same shard, but it could be an ed25519 secret key instead of an RSA one. We may even want to use that shared ed25519 key as a "per shard" account on Integritee Network.

Good docs come with the python lib: https://pynacl.readthedocs.io/en/latest/public/

The rust lib seems unmaintained: https://crates.io/crates/nacl

Kailai-Wang commented 5 months ago

That will be a great improvement.

Also Rsa3072KeyPair in rust-sdk doesn't seem that stable, sometimes it works with only certain Intel-SDK version (e.g. 2.19, but not 2.21+). In rust SDK 2.0.0 - the ucrypto feature doesn't work reliably either, see https://github.com/apache/incubator-teaclave-sgx-sdk/issues/456