😈 Post-Quantum Cryptography for Web3

As Marilyn Monroe once sang:

Every baby needs a da-da-daddy
To keep her worry free
Rich or poor I don't care who
If he hasn't got a million then a half will do 💸

Life is hard to stay as a baby, but this repository may help you become your own da-da-daddy, to keep you worry free of hacking on your account while transfering coins on blockchains.

Technically, this package constructs hybrid encryption for private keys with the KEM (Key Encapsulation Mechanism) paradigm, which is proved to be post-quantum safe. This README file is organized as follows:

• KEM Illustrations
• High Level Goal
• Instructions
• Requirements
• Configure Your Own Testnet

🕹 KEM Illustrations

🕹 High-Level Goal

Privacy Protection on Blockchain

# Relationship of private key and address
hash(hash(fun(private_key🔑))) -> address🏠

# Encryption for the transaction
hash({'payer address': payer_address🏠,
      'receiver address': receiver_address🏠,
      'amount': '0.1wei'})   
-> transaction_info🧾

# Sign the transaction info
sign(transaction_info🧾, private_key🔑) -> signature🖍

# Verify the signature
verify(signature🖍, receiver_address🏠) -> transaction_info🧾

Key Encryption with Post-Quantum Cryptography

# Encrypt and decrypt by PQC
# We obtain the ciphertext by KEM
public_key💉, secret_key🧬 = KEM.generate_keypair()
ciphertext📜, key💊 = KEM.encapsulate(public_key💉)

# Notice that all symmetric encryption is quantum safe
# User will hold a PQC ciphertext encrypted key which we provide
encrypt_symmetric(private_key🔑, key💊) = private_key_encrypted🔐

# We can convert the user-hold key to the private key by the ciphertext
key💊 = KEM.decapsulate(secret_key🧬, ciphertext📜)
decrypt_symmetric(private_key_encrypted🔐, key💊) = private_key🔑

🕹 Instructions

The codes are structured as follows:

• demo.ipynb: If you are just looking for one file demonstrating all, this is what you need.
• qure.py: This file can be seen as a package providing encryption and decryption functions using KEM (Key Encapsulation Mechanism) and SKE (Symmetric Key Encryption).
• encryption.py: Given the user_id and the user specified private_key, this file runs an KEM + SKE protocol. The encrypted information are stored in json in our database, while user can hold an abstract of the information in another local json file, containing user_id, key_id, kem_algo, and ciphertext_abs.
• transaction.py: This file implements the transaction, while the user only need to provide the information in the aforementioned local json file. The true private key is never transmitted.

Those example commands are tested with Python 3.8 (see requirements in the next section).

# Clone the repository
git clone git@github.com:ZIYU-DEEP/post-quantum-crypto-for-blockchains.git
cd post-quantum-crypto-for-blockchains

# Test the compatibility of the code on your device
# You should be able to see new json files created under ./database/leviathan/
python encryption.py

# Encrypt your private key in our database
python encryption.py --user_id leviathan\
                     --private_key 217d5c81a38240e09ee05bc4ab3efce2eb91d24973162f9833ed18aa7b4460b9\
                     --kem_algo Kyber512\
                     --root ./database

# Make encrypted transaction with your information
python request.py --user_id leviathan\
                  --key_id 0\
                  --ciphertext_abs 7f9da539c7ca9cbab104cb2a76d93be0\
                  --url https://eth-goerli.g.alchemy.com/v2/fss_yq1JH8COJapGjbQCuaCD77JrjQRp\
                  --chain_id 5\
                  --account_from 0xA5b372E60a60A70f2c6ACB87710eba30Ecc4D479\
                  --account_to 0xA059250F4b97bbB3C081f6D9e1fC7249c6Ea2A0c\
                  --value 0.0001\
                  --gas 21000\
                  --gas_price 200000000\
                  --root ./database

The command line operations above are also implemented in demo.ipynb through IPython interations. Notice that the credentials (e.g., url, private_key, account_from, account_to) value provided in the arguments are just for illustration use; you should replace it with your own credentials or create a test profile (see the section on configuring the testnet).

🕹 Requirements

web3==5.30.0
ecdsa==0.18.0
cryptography==37.0.4
liboqs-python==0.7.2  # see instructions below

Installation for liboqs-python

The following commands are tested on MacOS Catalina with Python 3.8.

# Build liboqs from source
>>> cd ~
>>> brew install cmake ninja openssl@1.1 wget doxygen graphviz astyle valgrind
>>> pip install pytest pytest-xdist pyyaml nose nose2 rednose
>>> git clone -b main https://github.com/open-quantum-safe/liboqs.git
>>> cd liboqs && mkdir build && cd build
>>> cmake -GNinja .. -DBUILD_SHARED_LIBS=ON
>>> ninja
>>> sudo ninja install
>>> export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib

# Build the Python wrapper
>>> cd ~ && git clone git@github.com:open-quantum-safe/liboqs-python.git
>>> cd ~/liboqs-python
>>> python setup.py install
>>> export PYTHONPATH=~/liboqs-python

# Check if the installation is successful
>>> python tests/test_sig.py

🕹 Configure Your Own Testnet

You may test the efficacy of the encryption using a testnet (instead of the main ETH chain) first. Here is a quick intro for testnet configuration.

1. Register an Alchemy account.
2. Follow the instruction to create an new Alchemy App and get an API key. For test, simply select Etherum as the chain and Goerili as the network.
3. Create an Metamask profile for your wallet.
4. Manually add a network on Metamask (see the instruction). The PRC url is simply the HTTPS link of your new Alchemy App (press the "view key" button on the App dashboard to find it.)
5. Add money to your Metamask wallet account from this link if your are using Goerili.
6. You are now ready to grab your information and make transactions.

🕹 References

[1] Katz, Jonathan, and Yehuda Lindell. Introduction to Modern Cryptography. CRC press, 2020.