A Commitment Scheme library for Coin Flipping/Tossing algorithms and sort. :four_leaf_clover: :camel: :lock: :key:
Home Page: https://nocoiner.marcoonroad.dev
License: MIT License
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Following the article Message Franking via Committing Authenticated Encryption, the internal hash of GCM used for MAC is not collision-resistant, and thus, breaking the binding property (the sender can brute-force a MAC collision in feasible amount of time/space). It's possibly 'cause the hash of GCM is 128-bits, most 128-bits are already broken too nowadays.
Due that vector attack, I must replace AES-GCM entirely. I should use instead better options, such as AES-CBC + Blake2B 512-bits keyed mode, for instance. In the case, it would be an instance of the Encrypt-then-MAC approach of Authenticated Encryption algorithms.
Backwards compatibility will be broken, and I must report that on top of documentation. There's some mitigation on the nocoiner implementation against the GCM hash vector attack. Internally, we use null-padding and Base64 encoding, so it's an hardened hack -- the sender should find a GCM tag collision which still makes the decrypted text "Base64-encoding parseable".
This issue is open to possibly track further discussion.
The CLI executable would write & read the plain opening key on disk. This is an undesirable security issue. Therefore, I should reuse the internals regarding KDF and AEAD to store this opening key encrypted. We can use an $NOCOINER_PASSWORD environment variable as the end-user input password for our KDF-then-Encrypt-then-MAC for the random opening key. We can too validate this end-user password against minimal security requirements for strong passwords even with a KDF applied (the number of cycles of KDF vs. the strength/entropy of end-user password is a tradeoff to match).
It's desirable as well to expose this encryption/decryption of opening under an API interface for development & integration from developers/maintainers. This should be optional due possible internal requirements from corporations regarding encryption/storage of keys (in the case, the opening key). The interface could be something like:
module OpeningEncryption : sig
type opening = string
val encrypt : password:string -> opening -> string
val decrypt : password:string -> string -> opening
endIssue open for more discussions.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.