Crate p2panda_encryption

Source
Expand description

p2panda-encryption provides decentralized, secure data- and message encryption for groups with post-compromise security and optional forward secrecy.

The crate implements two different group key-agreement and encryption schemes for a whole range of use cases for applications which can’t rely on a stable network connection or centralised coordination.

The first scheme we simply call “Data Encryption”, allowing peers to encrypt any data with a secret, symmetric key for a group (using XChaCha20-Poly1305). This will be useful for building applications where users who enter a group late will still have access to previously-created content, for example knowledge databases, wiki applications or a booking tool for rehearsal rooms.

A member will not learn about any newly-created data after they are removed from the group, since the key gets rotated on member removal. This should accommodate for many use-cases in p2p applications which rely on basic group encryption with post-compromise security (PCS) and forward secrecy (FS) during key agreement. Applications can optionally choose to remove encryption keys for forward secrecy if they so desire.

The second scheme is “Message Encryption”, offering a forward secure (FS) messaging ratchet, similar to Signal’s Double Ratchet algorithm. Since secret keys are always generated for each message, a user can not easily learn about previously-created messages when getting hold of such a key. We believe that the latter scheme will be used in more specialised applications, for example p2p group chats, as strong forward secrecy comes with it’s own UX requirements. We are nonetheless excited to offer a solution for both worlds, depending on the application’s needs.

More detail about the particular implementation and design choices of p2panda-encryption can be found in our in-depth blog post and README.

Re-exports§

pub use crypto::Rng;
pub use crypto::RngError;

Modules§

crypto
Core cryptographic algorithms and random number generator.
data_scheme
Data encryption for groups with post-compromise security and optional forward secrecy.
key_bundle
Key bundles to asynchronously receive encrypted data from others.
key_manager
Manager for our own secret key material.
key_registry
Manager for public key material of other members.
message_scheme
Message Encryption for groups offering a forward secure (FS) messaging ratchet, similar to Signal’s Double Ratchet algorithm.
test_utils
Internal helpers for writing (fuzz-) tests against p2panda-encryption.
traits
Interfaces to integrate p2panda-encryption into custom data- and messaging types, group management- and ordering strategies.
two_party
Protocols for secure key-agreement between two members (“two party”).