We have previously developed on the IC and our overall Dapp is one that contains sensitive information (personal emails). Data security is of the utmost importance and we have developed several modules on the IC to create the most secure environment possible given the characteristics of the IC. Secure canister communication is part of our security infrastructure and necessary for our business needs. We isolated the security framework for this hackathon submission to make them public as we know other developers and businesses would benefit.
What it does
We provide a framework where sensitive messages (such as PII) can be securely passed between canisters, i.e to avoid man-in-the-middle attacks. Our solution allows secrets to be securely communicated between canisters without being compromised by eavesdroppers. Our solution comprises of a sender and a receiver. The sender and receiver perform a public key exchange to independently arrive at a secret AES key which cannot be known to an eavesdropper. The sender then sends AES encrypted data to the receiver which is then decrypted on the receiver's side.
How we built it
We use the Diffie-Hellman key exchange together with AES-128. In order to implement our solution, we needed to build several original encryption modules in motoko:
- aes128.mo -- Implementation of the Symmetric encryption algorithm AES-128
- polynomial_handling.mo -- Mathematics module that handles Addition and Multiplication in Polynomial rings k[X]/(f). This is required for AES implementation.
- diffiehellman.mo -- Helper functions to perform the Diffie Hellman Key Exchange
- converter.mo -- Handles conversions between binary, Nat8, hex, unicode etc..
The first three modules above are the first such modules implemented in Motoko. The fourth is a compilation of convenient conversion functions, most of which have not been implemented yet elsewhere. We believe we are making a significant contribution to the IC developer community by making these encryption modules public, since they are the first of their kind that has been implemented.
Challenges we ran into
- Since encryption modules for Motoko did not yet exist, we had to build them from scratch. This was challenging and for example, we initially had bugs in our AES implementation, which were difficult to track considering the multitude of operations and steps. We got around this by printing out step by step and manually doing the computation to check against, thereby identifying the step that went wrong.
- For Principal ID screening, it took us a little of time to figure out that we could invoke Principal.fromActor()
- We needed to figure out that we needed to use switch and cases to obtain Text rather than ?Text from a Hashmap, which we could then feed into other functions.
Accomplishments that we're proud of
- We have built the first ever motoko modules that handle AES symmetric encryption, the Diffie-Hellman key exchange, and multiplication in the polynomial ring k[X]/(f).
- We are coming close to storing secrets securely on chain which is critical to our business objective.
What we learned
Because most mainstream languages have encryption support, we did not prior have the opportunity to build such fundamental encryption modules from scratch. Motoko gave us this opportunity and we learnt a lot about the inner workings of these encryption algorithms. It was also satisfying and a learning process to witness Diffie-Hellman on chain, which somehow has a different flavor from off chain applications.
What's next for Secure Canister Communication on the IC Blockchain
We will closely follow the DFINITY roadmap and provide recommendations for further security architecture. There are product features already planned (e.g enclaves) that will support comprehensive security.
Additionally, we will constantly improve and maintain the encryption modules for the community's benefit. One of the first few improvements would make is changing the function to convert Diffie-Hellman keys to AES keys -- we will change it to a SHA hashing method. Note that a DFINITY team has already created a SHA-256 module (maintained by Enzo Haussecker).