To implement a decentralized database named CovenantSQL <https://github.com/CovenantSQL/CovenantSQL>, I wrote a TLS like P2P net stack. The main idea is removing CA Cert from the whole system by using a DHT for Naming and Key Exchange.* I am not a crypto expert, so if there's any flaw please point it out for me here or Github*
First, I use an Elliptic Curve for asymmetric encryption and AES-256-CBC for symmetric encryption. NodeID is generated by the hash of Node PublicKey and an Uint256 Nonce: NodeID := sha256(blake2b-512(NodePublicKey + Uint256Nonce)) I refer to the S/Kademlia paper's idea to define the number of consecutive 0s in front of the NodeID as difficulty and to impose a minimum limit on the difficulty of the NodeID allowed to be stored on the DHT. DHT is used to hold the NodeID:PublicKey NodeID:Addr map. NodeID and Nonce are sent to do ECDH getting shared secret after TCP connection established. GenECDHSharedSecret(APub, BPriv) == GenECDHSharedSecret(BPub, APriv) The main procedure is described as a sequence chart here <https://github.com/CovenantSQL/CovenantSQL/blob/develop/logo/rpc.png> Because in the decentralized system NodeID is the URI, not "Bob/Alice.com". So anyone tries to fake NodeB by overwriting the address or public key on DHT without the private key of NodeB will be failed to get the correct shared secret. Github: https://github.com/CovenantSQL/CovenantSQL/tree/develop/rpc -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
