Ontology DDXF Cryptography Components
English | 中文
- 1. Preparations
- 2. Ontology Distributed Identity Framework (ONT ID)
- 3. Encryption Service Based on ONT ID
- 4. Password-Based Key Derivation Function (PBKDF)
- 5. Elliptic Curve Integrated Encryption Scheme (ECIES)
1. Preparations
Installation requires a Python 3.5 or later environment.
pip install ontology-ddxf-crypto2. Ontology Distributed Identity Framework (ONT ID)
Ontology DID (also called ONT ID) is a decentralized identity identification protocol based on W3C DID specifications. ONT ID establishes a cryptographically-based digital identity for each entity, allowing self-sovereign of data authorization and ownership confirmation, which makes the identity and data truly assets that the user can control.
If you are interested in ONT ID, you can find a detailed introduction here.
3. Encryption Service Based on ONT ID
3.1. Encryption Process
There are three main steps to encrypting data:
- Query public key: Access the smart contract in the ontology blockchain and get the corresponding public key
pkbased on the data requester'sONT ID. - Random sampling: Randomly sample 256-bit data to obtain the Advanced Encryption Standard (AES) key
key. - Encryption: The AES256 key is encrypted using the Public Key Encryption Algorithm (PKE) to get
ekey, and the plaintext datamis encrypted using AES256-GCM to get the ciphertext datac.
3.2. Decryption Process
- Query private key: Find the corresponding private key
skfrom the private key management module according toONT IDandPKIndex. - Decrypt symmetric key: Use the private key
skto decrypt the encrypted keyekeyto get the AES symmetric keykey. - Decrypt data: Use the AES symmetric key
keyto decrypt the ciphertext datacto get the plaintext datam.
4. Password-Based Key Derivation Function (PBKDF)
In cryptography, PBKDF (Password-Based Key Derivation Function) is key derivation functions with a sliding computational cost, aimed to reduce the vulnerability of encrypted keys to brute force attacks.
In Distributed Data eXchange Framework(short for DDXF), the hash function used by the key derivation algorithm is SHA256, and algorithm is as follows:
- Input:
seed, derived key lengthdkLen(in bits). - Output: Derived key
keyof lengthdklen.
def pbkdf2(seed: str or bytes, dk_len: int) -> bytes:
key = b''
index = 1
bytes_seed = str_to_bytes(seed)
while len(key) < dk_len:
key += sha256(b''.join([bytes_seed, int_to_little_bytes(index)]))
index += 1
return key[:dk_len]5. Elliptic Curve Integrated Encryption Scheme (ECIES)
Elliptic Curve Integrated Encryption Scheme(also ECIES), is a hybrid encryption system proposed by Victor Shoup in 2001. Shoup's submission can be found at here.
