Internet-Draft ECDP November 2024
Ruas Expires 19 May 2025 [Page]
Workgroup:
Crypto Forum
Internet-Draft:
draft-ruas-cfrg-ecdp-00
Published:
Intended Status:
Standards Track
Expires:
Author:
I. Ruas
Nrolabs

ECDP: Elliptic Curve Data Protocol

Abstract

This document specifies the Elliptic Curve Data Protocol (ECDP), a peer-to-peer (P2P) communication protocol tailored for decentralized networks. ECDP utilizes elliptic curve cryptography (ECC) for encryption, employs the Elliptic Curve Digital Signature Algorithm (ECDSA) for message authentication, and leverages the Diffie-Hellman key exchange using elliptic curves for secure session initialization. The protocol supports a variety of elliptic curves (e.g., secp256k1, secp384r1) with varying key sizes, and is designed to operate over both TCP and UDP. Additionally, it utilizes SHA-256 or SHA-512 for cryptographic hash verification to ensure message integrity.

About This Document

This note is to be removed before publishing as an RFC.

The latest revision of this draft can be found at https://isakruas.github.io/ecdp/draft-ruas-cfrg-ecdp.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-ruas-cfrg-ecdp/.

Discussion of this document takes place on the Crypto Forum Research Group mailing list (mailto:[email protected]), which is archived at https://mailarchive.ietf.org/arch/browse/cfrg. Subscribe at https://www.ietf.org/mailman/listinfo/cfrg/.

Source for this draft and an issue tracker can be found at https://github.com/isakruas/ecdp.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 19 May 2025.

Table of Contents

1. Introduction

P2P networks are widely used for data exchange but often face challenges related to security and data integrity. ECDP addresses these issues by implementing strong cryptographic measures and robust authentication mechanisms. ECDP is designed for scalability and security by enabling nodes to communicate indirectly through a network pool.

To enhance the security and integrity of the messages exchanged, the protocol employs elliptic curve cryptography (ECC) with various well-established curves, as well as the SHA-256 and SHA-512 algorithms for cryptographic hash functions.

The protocol dynamically supports different ECC key lengths, ensuring flexibility and forward compatibility with future developments in elliptic curve cryptography.

2. Terminology

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

3. Goals of the Protocol

4. Supported Algorithms

ECDP relies on a variety of standardized and widely used algorithms to ensure secure, authenticated, and efficient communication.

4.1. 4.1 Cryptography

4.1.1. 4.1.1 Supported Elliptic Curves

ECDP supports the following elliptic curves for encryption, Diffie-Hellman key exchange, and signing operations (ECDSA):

  • secp192k1

  • secp192r1

  • secp224k1

  • secp224r1

  • secp256k1

  • secp256r1

  • secp384r1

  • secp521r1

Each curve corresponds to a distinct key size. To accommodate different security levels, the protocol includes a parameter for indicating the key size used in message operations. Implementations MUST support secp256k1, secp256r1, and secp384r1 as a minimum requirement. Support for other curves is RECOMMENDED for greater flexibility and stronger cryptography when necessary.

4.1.2. 4.1.2 Supported Cryptographic Hash Algorithms

ECDP uses cryptographic hash functions for various integrity checks, including checksums and digital signatures.

Supported hash functions include:

  • SHA-256 (RECOMMENDED)

  • SHA-512 (OPTIONAL for longer data integrity verification)

Implementations MUST support SHA-256 as a minimum requirement.

5. Protocol Operation

5.1. Message Types

  • 0x01: Handshake

  • 0x02: Data Transfer

  • 0x03: Acknowledgment (Ack)

  • 0x04: Data Request

6. Message Structure

6.1. 5.1 Base Message Structure

The base structure contains fields that are common across various message types, with extensions for specific needs. Messages are routed through a pool network to enhance scalability and security.

Table 1
Field Description Size (bytes)
Protocol Version Identifies the version of the ECDP protocol 1
Message Type Indicates the type of message 1
Key Size Indicates the ECC key size used (e.g., 192, 224, 256, 384, 521 bits) 2
Sender ECC Public Key Public key of the sending node Variable (based on key size)
Receiver ECC Public Key Public key of the receiving node (if applicable) Variable (based on key size)
Nonce Random number to prevent replay attacks 8
Encrypted Data Content of the message encrypted using ECC Variable
Signature Digital signature of the sender (ECDSA) Variable (based on key size)

In this structure: - Key Size is a 2-byte field that indicates the key size in bits (e.g., 192, 224, 256, 384, 521). This allows both endpoints to use flexible key sizes as per their security requirements.

6.2. 5.2 Handshake (0x01)

Table 2
Field Description Size (bytes)
Protocol Version Identifies the version of the ECDP protocol 1
Message Type Set to Handshake (0x01) 1
Key Size Indicates the ECC key size used 2
Sender ECC Public Key Public key of the sending node Variable
Receiver ECC Public Key Public key of the receiving node Variable
Nonce Random number to prevent session replay 8
Node Identifier Unique ID of the node (e.g., hash of the public key) 32
Node Capability Information about bandwidth and supported data types 4
Signature Digital signature of the sender (ECDSA) Variable

6.3. 5.3 Data Transfer (0x02)

Table 3
Field Description Size (bytes)
Protocol Version Identifies the version of the ECDP protocol 1
Message Type Set to Data Transfer (0x02) 1
Key Size Indicates the ECC key size used 2
Sender ECC Public Key Public key of the sending node Variable
Receiver ECC Public Key Public key of the receiving node Variable
Nonce Exclusive random number for the session 8
Encrypted Data Message content encrypted using ECC Variable
Checksum Cryptographic hash (SHA-256 or SHA-512) for data integrity verification 32 or 64
Signature Digital signature of the sender (ECDSA) Variable

6.4. 5.4 Acknowledgment (Ack) (0x03)

Table 4
Field Description Size (bytes)
Protocol Version Identifies the version of the ECDP protocol 1
Message Type Set to Acknowledgment (0x03) 1
Nonce Random number corresponding to the session 8
Message Hash Hash of the received data message (SHA-256 or SHA-512) 32 or 64
Status Indicates Success (0x00) or Error (0x01) 1

6.5. 5.5 Data Request (0x04)

Table 5
Field Description Size (bytes)
Protocol Version Identifies the version of the ECDP protocol 1
Message Type Set to Data Request (0x04) 1
Key Size Indicates the ECC key size used 2
Sender ECC Public Key Public key of the requesting node Variable
Receiver ECC Public Key Public key of the data-holding node Variable
Nonce Random number for the session 8
Data Identifier Unique hash or ID of the requested data (using SHA-256, SHA-512) 32 or 64
Signature Digital signature of the sender (ECDSA) Variable

7. Security Considerations

ECDP employs ECC for secure communication between nodes, with messages authenticated through ECDSA. The inclusion of a Key Size field allows nodes to negotiate and use varying key lengths based on the curve chosen, ensuring flexibility in security levels.

Nonces are used to prevent replay attacks. The protocol uses the Diffie-Hellman key exchange over elliptic curves for secure session initialization. The following elliptic curves are supported, with corresponding key sizes:

7.1. Additional Recommendations

  • Implementations SHOULD regularly update their cryptographic libraries to maintain security against evolving threats.

  • Nodes MUST verify the signatures of incoming messages to ensure authenticity.

  • Nonce sizes MUST be sufficient (8 bytes at minimum) to prevent replay attacks.

  • It is RECOMMENDED that nodes securely store their private keys using encryption and protected hardware when possible to prevent unauthorized access.

8. IANA Considerations

This document has no actions directed at IANA at this time. However, if future protocol updates require additional message types, code points, or other attributes, a registration with IANA MAY be required.

9. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC4492]
Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B. Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)", RFC 4492, DOI 10.17487/RFC4492, , <https://www.rfc-editor.org/rfc/rfc4492>.
[RFC5639]
Lochter, M. and J. Merkle, "Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation", RFC 5639, DOI 10.17487/RFC5639, , <https://www.rfc-editor.org/rfc/rfc5639>.
[RFC6979]
Pornin, T., "Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)", RFC 6979, DOI 10.17487/RFC6979, , <https://www.rfc-editor.org/rfc/rfc6979>.

Acknowledgments

The authors acknowledge the valuable contributions of cryptographic and P2P networking experts. Special thanks to those who provided feedback on elliptic curve performance and secure key storage recommendations.

Author's Address

Isak Ruas
Nrolabs
Brazil