Technical description of the platform

Cryptography

On the Waves Enterprise platform you can select the cryptographic algorithm to use depending on the specifics of your project. Two types of cryptography are available: Waves and GOST. The table below lists the cryptographic functions used when you select one or the other type of cryptography.

Cryptographic functions and algorithms used

Cryptography type

Waves

GOST

Functionality

Hash coding

Blake2b256 and Keccak256

functions

consequently

The Streebog function

in accordance with the GOST R 34.10-2012

«Information Technology –

Cryptographic Information Security

– Hash Function» standard

Digital

signature

Based on the

Curve25519 elliptic curve

(ED25519 with X25519 keys)

In accordance with the GOST R 34.10-2012

«Information Technology –

Cryptographic Information Security

Electronic digital signature

generation and verification processes» standard

Data

encryption

AES symmetric

data encryption

In accordance with the GOST Р 34.12-2015

«Information Technology –

Cryptographic Information Security

Block ciphers» standard –

Kuznyechik symmetric block cipher algorithm

Confidential

data

encryption

TLS v1.2 with cryptoset

TLS_RSA_WITH_AES_256_CBC_SHA

TLS v1.2 for GOST cryptography with the following cryptosets:

  • TLS_CIPHER_2012;

  • TLS_CIPHER_2001;

  • TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC;

  • TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC;

  • TLS_CIPHER_2012_IANA.

PKI support

The Waves Enterprise platform implements the Public Key Infrastructure (PKI). PKI infrastructure is used only with the GOST cryptography.

The PKI has three modes of operation:

PKI mode is configured in the crypto.pki.mode section of the node configuration file.

Hash coding

As indicated in the table above, hash coding is performed consequently by the Blake2b256 and Keccak256 functions (for Waves cryptography) or the «Streebog» function in accordance with the GOST R 34.11-2012 «Information Technology – Cryptographic Information Security – Hash Function» standard (for GOST cryptography).

The size of an output data block is 256 bits.

Electronic signature

As shown in the table above, algorithms for key generation, and digital signatures forming and verifying are implemented on the basis of the Curve25519 elliptic curve (ED25519 with X25519 keys) for Waves cryptography, or in accordance with the GOST R 34.10-2012 «Information Technology – Cryptographic Information Security – Signature and verification processes of electronic digital signature» standard for GOST cryptography.

Learn more about the digital signatures generation and verification with the use of the gRPC and REST API methods in the following sections: gRPC: generation and checking of data digital signatures (PKI) и REST API: generation and checking of data digital signatures (PKI).

Protecting confidential data

On the Waves Enterprise platform you can use the TLS protocol to protect data transmitted between nodes. The supported protocols are listed in the table above.

To enable TLS, set the node.network.tls parameter to true in the node.conf node configuration file.

If the TLS protocol is not used to create connections between nodes (the node.network.tls parameter is set to false), a TLS-like end-to-end encryption scheme using session keys based on the Diffie-Hellman protocol is used to protect transmitted confidential data (privacy). This protection will only be applied to confidential data when transmitted between nodes peer-to-peer, i.e. between two network members.

Here you can see the scheme of the text data encryption procedure based on the Diffie-Hellman protocol:

Text data encryption procedure based on the Diffie-Hellman algorithm

Note

The platform also uses theTLS protocol when working with smart contracts for the following connections:

  • connection with the Docker-host (Docker-TLS);

  • connection from a smart contract to a node via gRPC and REST API.

TLS setup and usage in these cases are documented in the General platform configuration: execution of smart contracts section.

See also