Updating Crypto to use WebCrypto API and to replace RSA with ECC by CMCDragonkai · Pull Request #446 · MatrixAI/Polykey

CMCDragonkai · 2022-09-13T09:00:02Z

Description

This PR focuses on updating the crypto utilities used by PK. We've been hitting problems using RSA and node-forge utilities, and we should start using the standardised WebCrypto API. This won't fully solve cross platform cryptography because that will need to wait until we hit mobile platforms and deal with it by using WASM or other utilities.

There are some new features coming into this PR:

Public key encryption now allows arbitrary message size. There is no longer a limit on large the data to be encrypted is. The existing limit is only 446 bytes.
Public key encryption supports static-static, ephemeral-static, and ephemeral-ephemeral.
Because Ed25519 public keys are 32 bytes, NodeId is now finally the public key. This means you no longer have to acquire the public key separately from the NodeId. Once you have the NodeId you can use it for public key verification, and for encryption.
The @peculiar/webcrypto is being monkey patched to globalThis.crypto. This ensures that every library is using the same webcrypto backend and this includes CSPRNG and encryption/decryption facilities.

Massive performance improvements in all areas:

Details

Old performance (node-forge):

# TYPE keys.asymmetric_crypto_ops gauge
keys.asymmetric_crypto_ops{name="encrypt 446 B of data"} 418.07
keys.asymmetric_crypto_ops{name="decrypt 446 B of data"} 6.49
keys.asymmetric_crypto_ops{name="sign 446 B of data"} 6.53
keys.asymmetric_crypto_ops{name="sign 1 KiB of data"} 6.57
keys.asymmetric_crypto_ops{name="sign 10 KiB of data"} 6.61
keys.asymmetric_crypto_ops{name="verify 446 B of data"} 449.55
keys.asymmetric_crypto_ops{name="verify 1 KiB of data"} 445.57
keys.asymmetric_crypto_ops{name="verify 10 KiB of data"} 428

# TYPE keys.asymmetric_crypto_margin gauge
keys.asymmetric_crypto_margin{name="encrypt 446 B of data"} 0.39
keys.asymmetric_crypto_margin{name="decrypt 446 B of data"} 0.37
keys.asymmetric_crypto_margin{name="sign 446 B of data"} 0.48
keys.asymmetric_crypto_margin{name="sign 1 KiB of data"} 0.45
keys.asymmetric_crypto_margin{name="sign 10 KiB of data"} 0.25
keys.asymmetric_crypto_margin{name="verify 446 B of data"} 0.74
keys.asymmetric_crypto_margin{name="verify 1 KiB of data"} 0.99
keys.asymmetric_crypto_margin{name="verify 10 KiB of data"} 0.28

# TYPE keys.asymmetric_crypto_samples counter
keys.asymmetric_crypto_samples{name="encrypt 446 B of data"} 88
keys.asymmetric_crypto_samples{name="decrypt 446 B of data"} 36
keys.asymmetric_crypto_samples{name="sign 446 B of data"} 36
keys.asymmetric_crypto_samples{name="sign 1 KiB of data"} 36
keys.asymmetric_crypto_samples{name="sign 10 KiB of data"} 36
keys.asymmetric_crypto_samples{name="verify 446 B of data"} 87
keys.asymmetric_crypto_samples{name="verify 1 KiB of data"} 87
keys.asymmetric_crypto_samples{name="verify 10 KiB of data"} 90

# TYPE keys.key_generation_ops gauge
keys.key_generation_ops{name="generate root asymmetric keypair"} 1
keys.key_generation_ops{name="generate deterministic root keypair"} 0
keys.key_generation_ops{name="generate 256 bit symmetric key"} 6204

# TYPE keys.key_generation_margin gauge
keys.key_generation_margin{name="generate root asymmetric keypair"} 29.86
keys.key_generation_margin{name="generate deterministic root keypair"} 0.33
keys.key_generation_margin{name="generate 256 bit symmetric key"} 1.72

# TYPE keys.key_generation_samples counter
keys.key_generation_samples{name="generate root asymmetric keypair"} 9
keys.key_generation_samples{name="generate deterministic root keypair"} 5
keys.key_generation_samples{name="generate 256 bit symmetric key"} 81

# TYPE keys.random_bytes_ops gauge
keys.random_bytes_ops{name="generate 512 B of random bytes"} 5346
keys.random_bytes_ops{name="random 1 KiB of data"} 4164
keys.random_bytes_ops{name="random 10 KiB of data"} 784

# TYPE keys.random_bytes_margin gauge
keys.random_bytes_margin{name="generate 512 B of random bytes"} 0.5
keys.random_bytes_margin{name="random 1 KiB of data"} 0.56
keys.random_bytes_margin{name="random 10 KiB of data"} 0.61

# TYPE keys.random_bytes_samples counter
keys.random_bytes_samples{name="generate 512 B of random bytes"} 94
keys.random_bytes_samples{name="random 1 KiB of data"} 93
keys.random_bytes_samples{name="random 10 KiB of data"} 93

# TYPE keys.recovery_code_ops gauge
keys.recovery_code_ops{name="generate 24 word recovery code"} 6419
keys.recovery_code_ops{name="generate 12 word recovery code"} 6704

# TYPE keys.recovery_code_margin gauge
keys.recovery_code_margin{name="generate 24 word recovery code"} 0.89
keys.recovery_code_margin{name="generate 12 word recovery code"} 0.63

# TYPE keys.recovery_code_samples counter
keys.recovery_code_samples{name="generate 24 word recovery code"} 85
keys.recovery_code_samples{name="generate 12 word recovery code"} 87

# TYPE keys.symmetric_crypto_ops gauge
keys.symmetric_crypto_ops{name="encrypt 512 B of data"} 4332
keys.symmetric_crypto_ops{name="encrypt 1 KiB of data"} 3838
keys.symmetric_crypto_ops{name="encrypt 10 KiB of data"} 1327
keys.symmetric_crypto_ops{name="decrypt 512 B of data"} 10484
keys.symmetric_crypto_ops{name="decrypt 1 KiB of data"} 8120
keys.symmetric_crypto_ops{name="decrypt 10 KiB of data"} 1600

# TYPE keys.symmetric_crypto_margin gauge
keys.symmetric_crypto_margin{name="encrypt 512 B of data"} 1.73
keys.symmetric_crypto_margin{name="encrypt 1 KiB of data"} 0.8
keys.symmetric_crypto_margin{name="encrypt 10 KiB of data"} 1.27
keys.symmetric_crypto_margin{name="decrypt 512 B of data"} 1.27
keys.symmetric_crypto_margin{name="decrypt 1 KiB of data"} 1.39
keys.symmetric_crypto_margin{name="decrypt 10 KiB of data"} 1.66

# TYPE keys.symmetric_crypto_samples counter
keys.symmetric_crypto_samples{name="encrypt 512 B of data"} 86
keys.symmetric_crypto_samples{name="encrypt 1 KiB of data"} 88
keys.symmetric_crypto_samples{name="encrypt 10 KiB of data"} 87
keys.symmetric_crypto_samples{name="decrypt 512 B of data"} 86
keys.symmetric_crypto_samples{name="decrypt 1 KiB of data"} 85
keys.symmetric_crypto_samples{name="decrypt 10 KiB of data"} 84

New performance (web crypto):

# TYPE keys.asymmetric_crypto_ops gauge
keys.asymmetric_crypto_ops{name="encrypt 512 B of data"} 357
keys.asymmetric_crypto_ops{name="encrypt 1 KiB of data"} 366
keys.asymmetric_crypto_ops{name="encrypt 10 KiB of data"} 368
keys.asymmetric_crypto_ops{name="decrypt 512 B of data"} 411
keys.asymmetric_crypto_ops{name="decrypt 1 KiB of data"} 414
keys.asymmetric_crypto_ops{name="decrypt 10 KiB of data"} 417
keys.asymmetric_crypto_ops{name="sign 512 B of data"} 1802
keys.asymmetric_crypto_ops{name="sign 1 KiB of data"} 1778
keys.asymmetric_crypto_ops{name="sign 10 KiB of data"} 1684
keys.asymmetric_crypto_ops{name="verify 512 B of data"} 393
keys.asymmetric_crypto_ops{name="verify 1 KiB of data"} 398
keys.asymmetric_crypto_ops{name="verify 10 KiB of data"} 386

# TYPE keys.asymmetric_crypto_margin gauge
keys.asymmetric_crypto_margin{name="encrypt 512 B of data"} 0.61
keys.asymmetric_crypto_margin{name="encrypt 1 KiB of data"} 0.64
keys.asymmetric_crypto_margin{name="encrypt 10 KiB of data"} 0.3
keys.asymmetric_crypto_margin{name="decrypt 512 B of data"} 0.48
keys.asymmetric_crypto_margin{name="decrypt 1 KiB of data"} 0.68
keys.asymmetric_crypto_margin{name="decrypt 10 KiB of data"} 0.57
keys.asymmetric_crypto_margin{name="sign 512 B of data"} 0.8
keys.asymmetric_crypto_margin{name="sign 1 KiB of data"} 0.92
keys.asymmetric_crypto_margin{name="sign 10 KiB of data"} 0.72
keys.asymmetric_crypto_margin{name="verify 512 B of data"} 0.57
keys.asymmetric_crypto_margin{name="verify 1 KiB of data"} 0.42
keys.asymmetric_crypto_margin{name="verify 10 KiB of data"} 0.31

# TYPE keys.asymmetric_crypto_samples counter
keys.asymmetric_crypto_samples{name="encrypt 512 B of data"} 87
keys.asymmetric_crypto_samples{name="encrypt 1 KiB of data"} 89
keys.asymmetric_crypto_samples{name="encrypt 10 KiB of data"} 90
keys.asymmetric_crypto_samples{name="decrypt 512 B of data"} 86
keys.asymmetric_crypto_samples{name="decrypt 1 KiB of data"} 87
keys.asymmetric_crypto_samples{name="decrypt 10 KiB of data"} 88
keys.asymmetric_crypto_samples{name="sign 512 B of data"} 87
keys.asymmetric_crypto_samples{name="sign 1 KiB of data"} 86
keys.asymmetric_crypto_samples{name="sign 10 KiB of data"} 88
keys.asymmetric_crypto_samples{name="verify 512 B of data"} 87
keys.asymmetric_crypto_samples{name="verify 1 KiB of data"} 88
keys.asymmetric_crypto_samples{name="verify 10 KiB of data"} 89

# TYPE keys.key_generation_ops gauge
keys.key_generation_ops{name="generate root asymmetric keypair"} 3563
keys.key_generation_ops{name="generate deterministic root keypair"} 107
keys.key_generation_ops{name="generate 256 bit symmetric key"} 319065

# TYPE keys.key_generation_margin gauge
keys.key_generation_margin{name="generate root asymmetric keypair"} 0.6
keys.key_generation_margin{name="generate deterministic root keypair"} 1.74
keys.key_generation_margin{name="generate 256 bit symmetric key"} 0.6

# TYPE keys.key_generation_samples counter
keys.key_generation_samples{name="generate root asymmetric keypair"} 85
keys.key_generation_samples{name="generate deterministic root keypair"} 83
keys.key_generation_samples{name="generate 256 bit symmetric key"} 89

# TYPE keys.random_bytes_ops gauge
keys.random_bytes_ops{name="random 512 B of data"} 332050
keys.random_bytes_ops{name="random 1 KiB of data"} 294369
keys.random_bytes_ops{name="random 10 KiB of data"} 134212

# TYPE keys.random_bytes_margin gauge
keys.random_bytes_margin{name="random 512 B of data"} 1.95
keys.random_bytes_margin{name="random 1 KiB of data"} 3.01
keys.random_bytes_margin{name="random 10 KiB of data"} 0.88

# TYPE keys.random_bytes_samples counter
keys.random_bytes_samples{name="random 512 B of data"} 85
keys.random_bytes_samples{name="random 1 KiB of data"} 76
keys.random_bytes_samples{name="random 10 KiB of data"} 85

# TYPE keys.recovery_code_ops gauge
keys.recovery_code_ops{name="generate 24 word recovery code"} 68387
keys.recovery_code_ops{name="generate 12 word recovery code"} 80916

# TYPE keys.recovery_code_margin gauge
keys.recovery_code_margin{name="generate 24 word recovery code"} 1.44
keys.recovery_code_margin{name="generate 12 word recovery code"} 1.58

# TYPE keys.recovery_code_samples counter
keys.recovery_code_samples{name="generate 24 word recovery code"} 80
keys.recovery_code_samples{name="generate 12 word recovery code"} 85

# TYPE keys.symmetric_crypto_ops gauge
keys.symmetric_crypto_ops{name="encrypt 512 B of data"} 38859
keys.symmetric_crypto_ops{name="encrypt 1 KiB of data"} 34177
keys.symmetric_crypto_ops{name="encrypt 10 KiB of data"} 29253
keys.symmetric_crypto_ops{name="decrypt 512 B of data"} 47148
keys.symmetric_crypto_ops{name="decrypt 1 KiB of data"} 43245
keys.symmetric_crypto_ops{name="decrypt 10 KiB of data"} 31158

# TYPE keys.symmetric_crypto_margin gauge
keys.symmetric_crypto_margin{name="encrypt 512 B of data"} 1.1
keys.symmetric_crypto_margin{name="encrypt 1 KiB of data"} 1.34
keys.symmetric_crypto_margin{name="encrypt 10 KiB of data"} 1.27
keys.symmetric_crypto_margin{name="decrypt 512 B of data"} 1.7
keys.symmetric_crypto_margin{name="decrypt 1 KiB of data"} 1.73
keys.symmetric_crypto_margin{name="decrypt 10 KiB of data"} 1.89

# TYPE keys.symmetric_crypto_samples counter
keys.symmetric_crypto_samples{name="encrypt 512 B of data"} 83
keys.symmetric_crypto_samples{name="encrypt 1 KiB of data"} 76
keys.symmetric_crypto_samples{name="encrypt 10 KiB of data"} 84
keys.symmetric_crypto_samples{name="decrypt 512 B of data"} 76
keys.symmetric_crypto_samples{name="decrypt 1 KiB of data"} 81
keys.symmetric_crypto_samples{name="decrypt 10 KiB of data"} 75

Newer performance (libsodium):

# TYPE keys.asymmetric_crypto_ops gauge
keys.asymmetric_crypto_ops{name="encrypt 512 B of data"} 7590
keys.asymmetric_crypto_ops{name="encrypt 1 KiB of data"} 7544
keys.asymmetric_crypto_ops{name="encrypt 10 KiB of data"} 6904
keys.asymmetric_crypto_ops{name="decrypt 512 B of data"} 10385
keys.asymmetric_crypto_ops{name="decrypt 1 KiB of data"} 10200
keys.asymmetric_crypto_ops{name="decrypt 10 KiB of data"} 9059
keys.asymmetric_crypto_ops{name="sign 512 B of data"} 20480
keys.asymmetric_crypto_ops{name="sign 1 KiB of data"} 19640
keys.asymmetric_crypto_ops{name="sign 10 KiB of data"} 11166
keys.asymmetric_crypto_ops{name="verify 512 B of data"} 15596
keys.asymmetric_crypto_ops{name="verify 1 KiB of data"} 15538
keys.asymmetric_crypto_ops{name="verify 10 KiB of data"} 12118

# TYPE keys.key_generation_ops gauge
keys.key_generation_ops{name="generate root asymmetric keypair"} 43471
keys.key_generation_ops{name="generate deterministic root keypair"} 115
keys.key_generation_ops{name="generate 256 bit symmetric key"} 1564369

# TYPE keys.random_bytes_ops gauge
keys.random_bytes_ops{name="random 512 B of data"} 424548
keys.random_bytes_ops{name="random 1 KiB of data"} 226078
keys.random_bytes_ops{name="random 10 KiB of data"} 24618

# TYPE keys.recovery_code_ops gauge
keys.recovery_code_ops{name="generate 24 word recovery code"} 71881
keys.recovery_code_ops{name="generate 12 word recovery code"} 81700

# TYPE keys.symmetric_crypto_ops gauge
keys.symmetric_crypto_ops{name="encrypt 512 B of data"} 380489
keys.symmetric_crypto_ops{name="encrypt 1 KiB of data"} 291515
keys.symmetric_crypto_ops{name="encrypt 10 KiB of data"} 63876
keys.symmetric_crypto_ops{name="decrypt 512 B of data"} 555805
keys.symmetric_crypto_ops{name="decrypt 1 KiB of data"} 416915
keys.symmetric_crypto_ops{name="decrypt 10 KiB of data"} 80024

# TYPE keys.x509_ops gauge
keys.x509_ops{name="generate certificate"} 126

Issues Fixed

Tasks

Testing

Tests must start using fast check arbitraries and where suitable model based testing:

Minimal tests for networking, grpc, nodes because we are likely to change it quite a bit in our next major rework of the networking with QUIC and RPC with JSONRPC.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updating Crypto to use WebCrypto API and to replace RSA with ECC#446

Updating Crypto to use WebCrypto API and to replace RSA with ECC#446
tegefaulkes merged 68 commits intostagingfrom
feature-crypto

CMCDragonkai commented Sep 13, 2022 •

edited by tegefaulkes

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

Conversation

CMCDragonkai commented Sep 13, 2022 • edited by tegefaulkes Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Issues Fixed

Tasks

Testing

Final checklist

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

3 participants

CMCDragonkai commented Sep 13, 2022 •

edited by tegefaulkes

Loading