Skip to content
This repository was archived by the owner on Apr 27, 2023. It is now read-only.

CCL draft RFC#17

Open
dhuseby wants to merge 10 commits into
hyperledger-archives:mainfrom
dhuseby:ccl
Open

CCL draft RFC#17
dhuseby wants to merge 10 commits into
hyperledger-archives:mainfrom
dhuseby:ccl

Conversation

@dhuseby

@dhuseby dhuseby commented Jan 31, 2020

Copy link
Copy Markdown

This is the draft RFC for the Cryptographic Construction Language (CCL) for encoding cryptographic constructions in a self-describing way that is independent from the underlying crypto library.

Signed-off-by: Dave Huseby dhuseby@linuxfoundation.org

Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md Outdated
Comment thread 0000-crypto-construct-language.md
Dave Huseby added 2 commits February 1, 2020 11:40
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>

@danintel danintel left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see the changes, but I'll assume they have been made and are stashed somewhere.

@dhuseby

dhuseby commented Feb 3, 2020

Copy link
Copy Markdown
Author

@danintel There are three commits in this PR. I addressed your feedback in the second commit ---4cf6391 --- and then later added some minor clean ups in the third commit.

@danintel

danintel commented Feb 4, 2020

Copy link
Copy Markdown

@dhuseby: I saw the multiple commits. Usually the commits are aggregated under "Files changed". I'll look again.

@jaromil

jaromil commented Feb 4, 2020

Copy link
Copy Markdown

If I understand well your value proposition, you may want to acknowledge Zencode as prior art:

@dhuseby

dhuseby commented Feb 4, 2020

Copy link
Copy Markdown
Author

If I understand well your value proposition, you may want to acknowledge Zencode as prior art:

* https://dev.zenroom.org/Zencode

* https://zenroom.org
  We already use it connected to an hyperledger product.

I have been reading LangSec papers for years and, like zenroom, a lot of the thinking is inspired from there. However, after looking at Zenroom and Zencode, it isn't an inspiration for CCL. CCL isn't about the VM, it's more about a uniform way to serialize crypto constructs. Crypto constructs almost always consist of some data and some implied processing of that data to validate, verify, authenticate, encrypt, decrypt, etc. CCL acknowledges that fact and explicitly encodes the processing along with the data. Using a stack machine as the "VM" for executing the CCL encoded constructs just simplifies things and drastically limits attack surface area by allowing for a non-Turing-complete deterministic DSL to be used.

@jaromil

jaromil commented Feb 6, 2020

Copy link
Copy Markdown

Thanks for the clarification! I'll be following the CCL specification with great interest.

Dave Huseby added 7 commits February 7, 2020 17:34
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
ugh
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
Signed-off-by: Dave Huseby <dhuseby@linuxfoundation.org>
* RSA
* XSalsa20Poly1305
* AES

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No XChaCha20Poly1305?

* SHA512-256
* Blake2b
* Argon2id

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keccak?

* RSA - `RSA`
* XSalsa20Poly1305 - `XSalsa20Poly1305`
* AES - `AES`

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to support any ECIES methods like libsodium's secretbox and sealedbox?

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

XSalsa20Poly1305 is libsodium's SecretBox. In the v0.1.0 version I left out the SealedBox but if you look at the CCLang repo you'll see that it would be trivial to add new construct primitives.

@mikelodder7

Copy link
Copy Markdown
Contributor

Love this idea. Just some minor things to include and I think we’ve got a good start

@dhuseby

dhuseby commented Feb 22, 2020

Copy link
Copy Markdown
Author

I just published v0.1.0 of my CCLang implementation. I scaled back on some of the algorithms to get a MVP. The repo is here: https://github.com/dhuseby/cclang and the crate page is here: https://crates.io/crates/cclang

@dhuseby

dhuseby commented Feb 22, 2020

Copy link
Copy Markdown
Author

My hope is that CCLang will stop using sodiumoxide as it's crypto library and instead be built into Ursa and use Ursa's API while also integrating with Ursa's build system so that depending on how Ursa is built, the CCLang algorithms and underlying primitives are set up accordingly. This would allow consumers of Ursa to use CCLang in FIPS mode or "open crypto" mode or with any of the restricted sets of algorithms and underlying crypto libraries.

Base automatically changed from master to main January 22, 2021 20:49
@dcmiddle

dcmiddle commented Jan 5, 2022

Copy link
Copy Markdown
Contributor

I gather this should be closed now?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants