3.7.2 Base Cryptography
Cryptographic algorithms play an important role in ensuring data integrity and protecting the system from various types of attacks. The basic cryptography used in DGT is built on standardized libraries, incorporating cryptographic primitives such as hashing, digital signatures, and data storage. It is essential to specify the cryptographic toolkit during network deployment to ensure consistency across all nodes and network clients.
Currently, DGT employs the ECDSA (Elliptic Curve Digital Signature Algorithm) family of cryptographic methods. In earlier versions, a Bitcoin-compatible library was utilized for the secp256k1 curve. However, since the Matagami version, DGT has transitioned to using OpenSSL. When deploying the DGT network, the appropriate library must be specified to ensure compatibility across all networks and clients. Presently, DGT supports the OpenSSL and Bitcoin (secp256k1) libraries. Signatures on the platform, including customer-signed transactions and packages, utilize the ECDSA secp256k1 curve.
Data exchanged between nodes and services within a node, such as the Validator, REST API, and Transaction Processor, are encrypted using CurveZMQ, which employs a 256-bit ECC (Elliptic Curve Cryptography) key with the elliptic Curve25519. This encryption mechanism helps ensure the confidentiality and security of the exchanged data.
Regarding the challenges of elliptic cryptography in the face of quantum attacks, elliptic curve algorithms, including ECDSA, are vulnerable to attacks by quantum computers. As a result, there is a prospective transition towards post-quantum cryptography, specifically lattice-based cryptography such as NTRU. The transition to NTRU cryptography may involve utilizing the WolfSSL library, which provides support for various cryptographic algorithms, including NTRU. This shift aims to enhance the resistance of DGT's cryptographic mechanisms against potential future quantum attacks.
In DGT, various cryptographic primitives are employed to ensure the security and integrity of the network. These primitives serve as the building blocks for cryptographic operations within the system. The basic cryptographic primitives used in DGT include:
Hash Functions: Hash functions are fundamental cryptographic primitives used to generate a fixed-size output (hash) from input data of any size. DGT utilizes hash functions, such as SHA-256 (Secure Hash Algorithm 256-bit) or SHA-512, for various purposes, including data integrity verification and creating unique identifiers for transactions and blocks.
Digital Signatures: Digital signatures are crucial for verifying the authenticity and integrity of data and ensuring non-repudiation. DGT utilizes digital signature schemes, such as ECDSA (Elliptic Curve Digital Signature Algorithm) with the secp256k1 curve, to generate and verify digital signatures. Digital signatures are employed in transaction validation, authentication, and proof of ownership.
Key Generation: Cryptographic key generation is essential for generating symmetric and asymmetric keys used for encryption, decryption, and digital signatures. DGT employs key generation algorithms to create cryptographic keys, such as ECC (Elliptic Curve Cryptography) keys based on elliptic curves like Curve25519, for secure communication and data protection.
Encryption/Decryption: Encryption is utilized in DGT to secure data transmission and protect sensitive information. Symmetric and asymmetric encryption algorithms, such as AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman), may be used within the network to ensure confidentiality and prevent unauthorized access to data.
Secure Communication Protocols: DGT employs secure communication protocols to protect the exchange of data between nodes and services. These protocols, such as TLS (Transport Layer Security) or its predecessor SSL (Secure Sockets Layer), enable encrypted communication channels, preventing eavesdropping and ensuring the confidentiality and integrity of data transmitted over the network.
Random Number Generation: Randomness is crucial in cryptographic operations, including key generation and nonce generation. DGT utilizes secure random number generation techniques to ensure the unpredictability and cryptographic strength of generated values, preventing predictability and potential vulnerabilities.
Last updated
