chie-crypto 0.2.0

Cryptographic primitives for CHIE Protocol
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413

//! Time-lock encryption for scheduled content release.
//!
//! This module provides time-lock encryption that allows encrypting content
//! that can only be decrypted after a certain time period. This is useful for:
//! - Scheduled content release in P2P networks
//! - Fair exchange protocols
//! - Delayed disclosure mechanisms
//!
//! # Example
//!
//! ```
//! use chie_crypto::timelock::{timelock_encrypt, timelock_decrypt, TimeParams};
//!
//! // Encrypt data that requires 100,000 sequential hash operations to decrypt
//! let data = b"Secret content to be released in the future";
//! let params = TimeParams::new(100_000);
//! let locked = timelock_encrypt(data, &params).unwrap();
//!
//! // Decrypt (requires performing the time-lock computation)
//! let decrypted = timelock_decrypt(&locked).unwrap();
//! assert_eq!(data, &decrypted[..]);
//! ```

use crate::encryption::{decrypt, encrypt};
use blake3;
use rand::Rng as _;
use serde::{Deserialize, Serialize};
use thiserror::Error;
use zeroize::ZeroizeOnDrop;

/// Error types for time-lock encryption operations.
#[derive(Debug, Error)]
pub enum TimeLockError {
    #[error("Invalid time parameter: must be > 0")]
    InvalidTimeParameter,

    #[error("Decryption failed")]
    DecryptionFailed,

    #[error("Serialization error: {0}")]
    SerializationError(String),

    #[error("Invalid ciphertext")]
    InvalidCiphertext,
}

pub type TimeLockResult<T> = Result<T, TimeLockError>;

/// Parameters for time-lock encryption.
///
/// The `iterations` parameter determines how many sequential hash operations
/// must be performed to decrypt the content. Each iteration takes approximately
/// a constant time, so this provides a time delay that cannot be parallelized.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TimeParams {
    /// Number of sequential hash iterations required
    pub iterations: u64,
}

impl TimeParams {
    /// Create new time parameters with specified number of iterations.
    ///
    /// # Example computation times (approximate)
    /// - 100,000 iterations: ~10ms on modern CPU
    /// - 1,000,000 iterations: ~100ms
    /// - 10,000,000 iterations: ~1 second
    /// - 100,000,000 iterations: ~10 seconds
    pub fn new(iterations: u64) -> Self {
        Self { iterations }
    }

    /// Create time parameters for approximately the given duration.
    ///
    /// This is an estimate based on ~10,000 iterations per millisecond
    /// on a typical modern CPU. Actual time will vary by hardware.
    pub fn from_duration_ms(duration_ms: u64) -> Self {
        Self {
            iterations: duration_ms * 10_000,
        }
    }

    /// Estimate the time delay in milliseconds.
    ///
    /// This is an approximation assuming ~10,000 iterations per millisecond.
    pub fn estimated_delay_ms(&self) -> u64 {
        self.iterations / 10_000
    }
}

/// A time-locked ciphertext that can only be decrypted after performing
/// the required number of hash iterations.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TimeLockCiphertext {
    /// The encrypted data
    ciphertext: Vec<u8>,
    /// Initial puzzle value
    puzzle_start: [u8; 32],
    /// Time parameters
    params: TimeParams,
    /// Nonce for encryption
    nonce: [u8; 12],
}

impl TimeLockCiphertext {
    /// Serialize to bytes.
    pub fn to_bytes(&self) -> TimeLockResult<Vec<u8>> {
        crate::codec::encode(self).map_err(|e| TimeLockError::SerializationError(e.to_string()))
    }

    /// Deserialize from bytes.
    pub fn from_bytes(bytes: &[u8]) -> TimeLockResult<Self> {
        crate::codec::decode(bytes).map_err(|e| TimeLockError::SerializationError(e.to_string()))
    }

    /// Get the number of iterations required to decrypt.
    pub fn iterations(&self) -> u64 {
        self.params.iterations
    }

    /// Get estimated time to decrypt in milliseconds.
    pub fn estimated_time_ms(&self) -> u64 {
        self.params.estimated_delay_ms()
    }
}

/// Encrypt data with time-lock encryption.
///
/// The data will be encrypted using a key derived from a time-lock puzzle.
/// To decrypt, the recipient must perform `params.iterations` sequential
/// hash operations to recover the encryption key.
pub fn timelock_encrypt(data: &[u8], params: &TimeParams) -> TimeLockResult<TimeLockCiphertext> {
    if params.iterations == 0 {
        return Err(TimeLockError::InvalidTimeParameter);
    }

    // Generate random puzzle start value
    let mut puzzle_start = [0u8; 32];
    rand::rng().fill_bytes(&mut puzzle_start);

    // Solve the puzzle to get the encryption key
    let key = solve_time_lock_puzzle(&puzzle_start, params.iterations);

    // Generate random nonce
    let mut nonce = [0u8; 12];
    rand::rng().fill_bytes(&mut nonce);

    // Encrypt the data
    let ciphertext = encrypt(data, &key, &nonce).map_err(|_| TimeLockError::DecryptionFailed)?;

    Ok(TimeLockCiphertext {
        ciphertext,
        puzzle_start,
        params: params.clone(),
        nonce,
    })
}

/// Decrypt time-locked data.
///
/// This requires performing `ciphertext.iterations()` sequential hash operations
/// to recover the encryption key before decrypting the data.
pub fn timelock_decrypt(ciphertext: &TimeLockCiphertext) -> TimeLockResult<Vec<u8>> {
    // Solve the time-lock puzzle to get the key
    let key = solve_time_lock_puzzle(&ciphertext.puzzle_start, ciphertext.params.iterations);

    // Decrypt the data
    decrypt(&ciphertext.ciphertext, &key, &ciphertext.nonce)
        .map_err(|_| TimeLockError::DecryptionFailed)
}

/// Solve a time-lock puzzle by performing sequential hash iterations.
///
/// This is intentionally sequential and cannot be parallelized significantly.
/// Each iteration depends on the previous one.
fn solve_time_lock_puzzle(start: &[u8; 32], iterations: u64) -> [u8; 32] {
    let mut current = *start;

    for _ in 0..iterations {
        current = *blake3::hash(&current).as_bytes();
    }

    current
}

/// A time-lock puzzle that can be used for timed release of secrets.
///
/// This is a more general interface that allows creating puzzles separately
/// from encryption.
#[derive(Debug, Clone, ZeroizeOnDrop)]
pub struct TimeLockPuzzle {
    /// The puzzle starting point
    start: [u8; 32],
    /// Number of iterations
    iterations: u64,
    /// The solution (only known after solving)
    #[zeroize(skip)]
    solution: Option<[u8; 32]>,
}

impl TimeLockPuzzle {
    /// Create a new time-lock puzzle with random starting point.
    pub fn new(params: &TimeParams) -> TimeLockResult<Self> {
        if params.iterations == 0 {
            return Err(TimeLockError::InvalidTimeParameter);
        }

        let mut start = [0u8; 32];
        rand::rng().fill_bytes(&mut start);

        Ok(Self {
            start,
            iterations: params.iterations,
            solution: None,
        })
    }

    /// Create a puzzle from a specific starting point.
    pub fn from_start(start: [u8; 32], iterations: u64) -> TimeLockResult<Self> {
        if iterations == 0 {
            return Err(TimeLockError::InvalidTimeParameter);
        }

        Ok(Self {
            start,
            iterations,
            solution: None,
        })
    }

    /// Solve the puzzle (performs the time-lock computation).
    pub fn solve(&mut self) -> [u8; 32] {
        if let Some(solution) = self.solution {
            return solution;
        }

        let solution = solve_time_lock_puzzle(&self.start, self.iterations);
        self.solution = Some(solution);
        solution
    }

    /// Get the puzzle starting point.
    pub fn start(&self) -> &[u8; 32] {
        &self.start
    }

    /// Get the number of iterations.
    pub fn iterations(&self) -> u64 {
        self.iterations
    }

    /// Check if the puzzle has been solved.
    pub fn is_solved(&self) -> bool {
        self.solution.is_some()
    }

    /// Get the solution if it has been solved.
    pub fn solution(&self) -> Option<[u8; 32]> {
        self.solution
    }
}

/// Encrypt data using a pre-created time-lock puzzle.
pub fn timelock_encrypt_with_puzzle(
    data: &[u8],
    puzzle: &TimeLockPuzzle,
) -> TimeLockResult<TimeLockCiphertext> {
    // Solve the puzzle to get the key
    let key = solve_time_lock_puzzle(puzzle.start(), puzzle.iterations());

    // Generate random nonce
    let mut nonce = [0u8; 12];
    rand::rng().fill_bytes(&mut nonce);

    // Encrypt the data
    let ciphertext = encrypt(data, &key, &nonce).map_err(|_| TimeLockError::DecryptionFailed)?;

    Ok(TimeLockCiphertext {
        ciphertext,
        puzzle_start: *puzzle.start(),
        params: TimeParams::new(puzzle.iterations()),
        nonce,
    })
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_timelock_basic() {
        let data = b"Time-locked secret message";
        let params = TimeParams::new(1000);

        let locked = timelock_encrypt(data, &params).unwrap();
        let decrypted = timelock_decrypt(&locked).unwrap();

        assert_eq!(data, &decrypted[..]);
    }

    #[test]
    fn test_timelock_different_iterations() {
        let data = b"Secret";

        for iterations in [100, 1_000, 10_000] {
            let params = TimeParams::new(iterations);
            let locked = timelock_encrypt(data, &params).unwrap();

            assert_eq!(locked.iterations(), iterations);

            let decrypted = timelock_decrypt(&locked).unwrap();
            assert_eq!(data, &decrypted[..]);
        }
    }

    #[test]
    fn test_timelock_serialization() {
        let data = b"Serialization test";
        let params = TimeParams::new(500);

        let locked = timelock_encrypt(data, &params).unwrap();

        // Serialize and deserialize
        let bytes = locked.to_bytes().unwrap();
        let deserialized = TimeLockCiphertext::from_bytes(&bytes).unwrap();

        // Decrypt deserialized ciphertext
        let decrypted = timelock_decrypt(&deserialized).unwrap();
        assert_eq!(data, &decrypted[..]);
    }

    #[test]
    fn test_invalid_time_parameter() {
        let data = b"Test";
        let params = TimeParams::new(0);

        let result = timelock_encrypt(data, &params);
        assert!(matches!(result, Err(TimeLockError::InvalidTimeParameter)));
    }

    #[test]
    fn test_time_params_from_duration() {
        let params = TimeParams::from_duration_ms(100);
        assert_eq!(params.iterations, 1_000_000);
        assert_eq!(params.estimated_delay_ms(), 100);
    }

    #[test]
    fn test_puzzle_basic() {
        let params = TimeParams::new(1000);
        let mut puzzle = TimeLockPuzzle::new(&params).unwrap();

        assert!(!puzzle.is_solved());
        assert_eq!(puzzle.solution(), None);

        let solution1 = puzzle.solve();
        assert!(puzzle.is_solved());
        assert_eq!(puzzle.solution(), Some(solution1));

        // Solving again should return the same solution
        let solution2 = puzzle.solve();
        assert_eq!(solution1, solution2);
    }

    #[test]
    fn test_puzzle_deterministic() {
        let start = [42u8; 32];
        let iterations = 1000;

        let mut puzzle1 = TimeLockPuzzle::from_start(start, iterations).unwrap();
        let mut puzzle2 = TimeLockPuzzle::from_start(start, iterations).unwrap();

        let solution1 = puzzle1.solve();
        let solution2 = puzzle2.solve();

        assert_eq!(solution1, solution2);
    }

    #[test]
    fn test_timelock_with_puzzle() {
        let data = b"Test data";
        let params = TimeParams::new(500);
        let puzzle = TimeLockPuzzle::new(&params).unwrap();

        let locked = timelock_encrypt_with_puzzle(data, &puzzle).unwrap();
        let decrypted = timelock_decrypt(&locked).unwrap();

        assert_eq!(data, &decrypted[..]);
    }

    #[test]
    fn test_large_data() {
        let data = vec![0x42u8; 10_000]; // 10KB of data
        let params = TimeParams::new(1000);

        let locked = timelock_encrypt(&data, &params).unwrap();
        let decrypted = timelock_decrypt(&locked).unwrap();

        assert_eq!(data, decrypted);
    }

    #[test]
    fn test_puzzle_different_iterations_different_solutions() {
        let start = [1u8; 32];

        let mut puzzle1 = TimeLockPuzzle::from_start(start, 100).unwrap();
        let mut puzzle2 = TimeLockPuzzle::from_start(start, 200).unwrap();

        let solution1 = puzzle1.solve();
        let solution2 = puzzle2.solve();

        assert_ne!(solution1, solution2);
    }
}