Closed jplomas closed 2 years ago
✔️ Deploy Preview for jolly-meninsky-145e4d ready!
🔨 Explore the source changes: 6c68e17ef1d05753effc32ea7754cdaa9ef9086e
🔍 Inspect the deploy log: https://app.netlify.com/sites/jolly-meninsky-145e4d/deploys/61bcc29f38b34800081fa10d
😎 Browse the preview: https://deploy-preview-37--jolly-meninsky-145e4d.netlify.app
A Proposed v3 Wallet Format & Use of scrypt/AES-256-GCM
Abstract
This QIP proposes a 'version 3' wallet file format with enhancements to the encryption to reduce the risk of funds loss when an encrypted wallet file is publicly exposed.
Motivation
Encrypted wallet files exfiltrated from a target system are at risk of (a) brute force/dictionary attacks and (b) theoretical man-in-the-middle / tampering attacks.
The risk can be reduced by using scrypt in conjunction with the existing aes256 encryption, and by swapped the aes256 mode from CTR to GCM.
Additionally, there has been no formal specification of the QRL wallet format.
Specification
1. Wallet format
Extraneous public data which can be derived from other elements, for example tree height/PK, is excluded.
Plain ASCII text file containing valid JSON detailing the version number, whether the elements are encrypted and with an array of 1 or more wallets in the format:
Retention of unencrypted wallet file support is retained for use where the environment is secured by another means (e.g. encrypted volume) but is not recommended for standard use cases.
2. Encryption
Within the addresses array, the elements are encrypted using scrypt and aes-256-gcm as per the reference implementation and presented as a string with elements separated by a colon, formatted as:
Eg:
The plain text address:
When encrypted with AES-256-GCM with scrypt, the password
My Secret Password
and formatted as per above results in the following:Backward compatibility
Existing wallet implementations should retain backwards compatibility for legacy wallet formats. It is preferable to offer the user the option to upgrade to a version 3 wallet file.
Reference Implementation
A worked example (with code peer review by @leongb - thank you Leon) is at https://runkit.com/jplomas/aes-256-gcm-with-scrypt/6.0.0
Additionally some work has been commenced in implementing this in @theqrl/wallet-helpers NPM module
A Python reference implementation is underway.
Security Considerations
Implementation recommended by x41-D-sec; rationale, cryptography and reference code peer reviewed by @leongb. Both the existing and this use of AES256 is considered post-quantum secure.
Clearly the most secure means of protecting funds are that wallet files remain solely in the possession of their owners. This implementation reduces to some degree the risk of loss should this principle be compromised.