CRYPTO UPGRADE IN PROGRESS

DO NOT RUN

Author: tomekmarchi

README.md

@@ -2,7 +2,7 @@
     <a href="uw://universalweb.io">UNIVERSAL WEB</a>
 </h1>
 <p align="center">
-| <a href="https://github.com/universalweb/Whitepaper">WHITEPAPER (OUTDATED)</a> |
+| <a href="https://github.com/universalweb/Whitepaper">WHITEPAPER (OUTDATED - OLD DESIGN)</a> |
 </p>
 <hr />
 <h1 align="center">UW://</h1>
@@ -46,7 +46,7 @@
     <li><a href="https://github.com/universalweb/Network/tree/master/udsp/server">UDSP MODULE (CONTAINS SERVER & CLIENT MODULE)</a></li>
     <li><a href="https://github.com/universalweb/Network/tree/master/udsp/server">SERVER MODULE (CHECK THE UDSP FOLDER & IMPORTS FOR FULL CODE)</a></li>
     <li><a href="https://github.com/universalweb/Network/tree/master/udsp/client">CLIENT MODULE (CHECK THE UDSP FOLDER & IMPORTS FOR FULL CODE)</a></li>
-    <li><a href="https://github.com/universalweb/Network/tree/master/browser">BROWSER (ourdated)</a></li>
+    <li><a href="https://github.com/universalweb/Network/tree/master/browser">BROWSER (outdated)</a></li>
     <li><a href="https://github.com/universalweb/Network/tree/master/serverApp">EXAMPLE APP (npm run server)</a></li>
     <li><a href="https://github.com/universalweb/Network/tree/master/scripts/certificates.js">BUILD DOMAIN & IDENTITY CERTIFICATES THAT ARE ALSO VIAT WALLETS (npm run certificates)</a></li>
     <li><a href="https://github.com/universalweb/Network/tree/master/scripts/simulateClient.js">SIMULATE CLIENT REQUEST (npm run simc) (ONLY RUN WHEN DEMO IN A STABLE COMMIT NOT LATEST UNLESS SPECIFIED)</a></li>

UWProfile/index.js

@@ -12,17 +12,17 @@ import {
 	getEd25519PrivateKey,
 	getEd25519PublicKey,
 	getEd5519Signature
-} from '../udsp/cryptoMiddleware/signature/dilithium_ed25519.js';
+} from '../cryptoMiddleware/signature/dilithium_ed25519.js';
 import { keychainGet, keychainSave } from '../udsp/certificate/keychain.js';
 import { read, readStructured, write } from '../utilities/file.js';
 import {
 	sign,
 	signatureKeypair,
 	verifySignature
-} from '../udsp/cryptoMiddleware/signature/dilithium44_ed25519.js';
-import { blake3 } from '@noble/hashes/blake3';
+} from '../cryptoMiddleware/signature/dilithium44_ed25519.js';
 import { currentCertificateVersion } from '../defaults.js';
-import { x25519_kyber768_xchacha20 } from '../udsp/cryptoMiddleware/cipherSuite/x25519_Kyber768_xChaCha.js';
+import { shake256 } from '@noble/hashes/sha3';
+import { x25519_kyber768_xchacha20 } from '../cryptoMiddleware/cipherSuite/x25519_Kyber768_xChaCha.js';
 const dirname = currentPath(import.meta);
 export class UWProfile {
 	constructor(config = {}, optionalArg) {
@@ -97,7 +97,7 @@ export class UWProfile {
 		return verifySignature(signature, message, this.publicKey);
 	}
 	async hash(message) {
-		const hashedMessage = blake3(message);
+		const hashedMessage = shake256(message);
 		return hashedMessage;
 	}
 	async importFromBinary(data, encryptionKey) {

udsp/cryptoMiddleware/cipherSuite/Kyber768_xChaCha.js renamed to cryptoMiddleware/cipherSuite/Kyber768_xChaCha.js

@@ -18,8 +18,8 @@ import {
 	kyber768
 } from '../keyExchange/kyber768.js';
 import { decrypt, encrypt, encryptionOverhead } from '../encryption/XChaCha.js';
-import { extendedHandshakeHeaderRPC, introHeaderRPC } from '../../protocolHeaderRPCs.js';
-import { extendedHandshakeRPC, introRPC } from '../../protocolFrameRPCs.js';
+import { extendedHandshakeHeaderRPC, introHeaderRPC } from '../../udsp/protocolHeaderRPCs.js';
+import { extendedHandshakeRPC, introRPC } from '../../udsp/protocolFrameRPCs.js';
 import { ml_kem768 } from '@noble/post-quantum/ml-kem';
 import { shake256 } from '@noble/hashes/sha3';
 const {

cryptoMiddleware/cipherSuite/viat.js

@@ -0,0 +1,16 @@
+import { decrypt, encrypt, encryptionOverhead } from '../encryption/XChaCha.js';
+import { dilithium65 } from '../signature/dilithium65.js';
+import { kyber768_x25519 } from '../keyExchange/kyber768_x25519.js';
+import { shake256 } from '@noble/hashes/sha3';
+import { x25519_kyber768Half_xchacha20 } from './x25519_Kyber768Half_xChaCha.js';
+// Kyber-768+x25519 dilithium65+ed25519+ xchacha20 shake256
+export const viatCipherSuite = {
+	name: 'viatCipherSuite',
+	alias: 'x25519_kyber768_xchacha20_dilithium65_sphincs+',
+	description: 'Crystals-Kyber768 with XChaCha20 and SHAKE256.',
+	id: 2,
+	preferred: true,
+	speed: 0,
+	security: 1,
+	extendedHandshake: true,
+};

cryptoMiddleware/cipherSuite/x25519_Kyber768Half_xChaCha.js

@@ -0,0 +1,58 @@
+// Closed source not for private and or corporate use.
+import * as defaultCrypto from '#crypto';
+import { assign, clear, isBuffer } from '@universalweb/acid';
+import {
+	clientSetSession,
+	encryptionKeypair as encryptionKeypairX25519,
+	get25519KeyCopy,
+	getX25519Key,
+	serverSetSession,
+	serverSetSessionAttach,
+} from '../keyExchange/x25519_blake3.js';
+import { decapsulate, encapsulate } from '../keyExchange/kyber768.js';
+import { decrypt, encrypt, encryptionOverhead } from '../encryption/XChaCha.js';
+import { kyber768Half_x25519 } from '../keyExchange/kyber768Half_x25519.js';
+const {
+	randomBuffer,
+	toBase64,
+	toHex,
+	combineKeysSHAKE256,
+	clearBuffers,
+	clearBuffer,
+	clearSessionKeys,
+	clearSessionWithSharedSecret,
+} = defaultCrypto;
+const {
+	generateSeed,
+	keypair,
+	clientEphemeralKeypair,
+	serverEphemeralKeypair,
+	certificateEncryptionKeypair,
+	ml_kem768,
+	hash,
+	getKyberKey
+} = kyber768Half_x25519;
+export const x25519_kyber768Half_xchacha20 = {
+	name: 'x25519_kyber768Half_xchacha20',
+	alias: 'hpqthalf',
+	description: 'Hybrid Post Quantum Key Exchange using both Crystals-Kyber768 and X25519 with XChaCha20 and SHAKE256 but certification verification only occurs with x25519.',
+	id: 1,
+	ml_kem768,
+	preferred: true,
+	speed: 0,
+	security: 1,
+	compatibility: {
+		0: true,
+		1: true
+	},
+	clientEphemeralKeypair,
+	generateSeed,
+	keypair,
+	serverEphemeralKeypair,
+	certificateEncryptionKeypair,
+	hash,
+	decrypt,
+	encrypt,
+	encryptionOverhead
+};
+// copyright © Thomas Marchi

udsp/cryptoMiddleware/cipherSuite/x25519_Kyber768_xChaCha.js renamed to cryptoMiddleware/cipherSuite/x25519_Kyber768_xChaCha.js

@@ -22,9 +22,9 @@
 import * as defaultCrypto from '#crypto';
 import { assign, clearBuffer, isBuffer } from '@universalweb/acid';
 import { decrypt, encrypt, encryptionOverhead } from '../encryption/XChaCha.js';
-import { get25519KeyCopy, x25519 } from '../keyExchange/x25519.js';
+import { get25519KeyCopy, x25519 } from '../keyExchange/x25519_blake3.js';
 import { encapsulate } from '../keyExchange/kyber768.js';
-import { extendedHandshakeRPC } from '../../protocolFrameRPCs.js';
+import { extendedHandshakeRPC } from '../../udsp/protocolFrameRPCs.js';
 import { kyber768_x25519 } from '../keyExchange/kyber768_x25519.js';
 import { shake256 } from '@noble/hashes/sha3';
 import { x25519_kyber768Half_xchacha20 } from './x25519_Kyber768Half_xChaCha.js';

udsp/cryptoMiddleware/cipherSuite/x25519_xChaCha.js renamed to cryptoMiddleware/cipherSuite/x25519_xChaCha.js

@@ -6,7 +6,7 @@ import {
 	encryptionKeypair,
 	serverSetSessionAttach,
 	x25519
-} from '../keyExchange/x25519.js';
+} from '../keyExchange/x25519_blake3.js';
 import {
 	createSessionKey,
 	decrypt,

udsp/cryptoMiddleware/encryption/XChaCha.js renamed to cryptoMiddleware/encryption/XChaCha.js

@@ -0,0 +1,11 @@
+import { blake3 as hash } from '@noble/hashes/blake3';
+export const blake3 = {
+	name: 'blake3',
+	alias: 'fast',
+	id: 1,
+	async hash(source) {
+		return hash(source);
+	},
+	security: 0,
+	preferred: false
+};

cryptoMiddleware/hash/blake3.js

@@ -0,0 +1,11 @@
+import { shake256 as hash } from '@noble/hashes/sha3';
+export const shake256 = {
+	name: 'shake256',
+	alias: 'default',
+	id: 0,
+	async hash(source) {
+		return hash(source);
+	},
+	security: 1,
+	preferred: true
+};