• This repository has been archived on 18/Jul/2023
  • Stars
    star
    379
  • Rank 113,004 (Top 3 %)
  • Language
    Haskell
  • License
    Other
  • Created about 8 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Peer-to-peer encrypted message exchange

Constellation

Constellation is a self-managing, peer-to-peer system in which each node:

  • Hosts a number of NaCl (Curve25519) public/private key pairs.

  • Automatically discovers other nodes on the network after synchronizing with as little as one other host.

  • Synchronizes a directory of public keys mapped to recipient hosts with other nodes on the network.

  • Exposes a public API which allows other nodes to send encrypted bytestrings to your node, and to synchronize, retrieving information about the nodes that your node knows about.

  • Exposes a private API which:

    • Allows you to send a bytestring to one or more public keys, returning a content-addressable identifier. This bytestring is encrypted transparently and efficiently (at symmetric encryption speeds) before being transmitted over the wire to the correct recipient nodes (and only those nodes.) The identifier is a hash digest of the encrypted payload that every recipient node receives. Each recipient node also receives a small blob encrypted for their public key which contains the Master Key for the encrypted payload.

    • Allows you to receive a decrypted bytestring based on an identifier. Payloads which your node has sent or received can be decrypted and retrieved in this way.

    • Exposes methods for deletion, resynchronization, and other management functions.

  • Supports a number of storage backends including LevelDB, BerkeleyDB, SQLite, and Directory/Maildir-style file storage suitable for use with any FUSE adapter, e.g. for AWS S3.

  • Uses mutually-authenticated TLS with modern settings and various trust models including hybrid CA/tofu (default), tofu (think OpenSSH), and whitelist (only some set of public keys can connect.)

  • Supports access controls like an IP whitelist.

Conceptually, one can think of Constellation as an amalgamation of a distributed key server, PGP encryption (using modern cryptography,) and Mail Transfer Agents (MTAs.)

Constellation's current primary application is to implement the "privacy engine" of Quorum, a fork of Ethereum with support for private transactions that function exactly as described in this README. Private transactions in Quorum contain only a flag indicating that they're private and the content-addressable identifier described here.

Constellation can be run stand-alone as a daemon via constellation-node, or imported as a Haskell library, which allows you to implement custom storage and encryption logic.

Installation

Prerequisites

  1. Install supporting libraries: - Ubuntu: apt-get install libdb-dev libleveldb-dev libsodium-dev zlib1g-dev libtinfo-dev - Red Hat: dnf install libdb-devel leveldb-devel libsodium-devel zlib-devel ncurses-devel - MacOS: brew install berkeley-db leveldb libsodium

Downloading precompiled binaries

Constellation binaries for most major platforms can be downloaded here.

Installation from source

  1. First time only: Install Stack: - Linux: curl -sSL https://get.haskellstack.org/ | sh - MacOS: brew install haskell-stack

  2. First time only: run stack setup to install GHC, the Glasgow Haskell Compiler

  3. Run stack install

Generating keys

  1. To generate a key pair "node", run constellation-node --generatekeys=node

If you choose to lock the keys with a password, they will be encrypted using a master key derived from the password using Argon2id. This is designed to be a very expensive operation to deter password cracking efforts. When constellation encounters a locked key, it will prompt for a password after which the decrypted key will live in memory until the process ends.

Running

  1. Run constellation-node <path to config file> or specify configuration variables as command-line options (see constellation-node --help)

For now, please refer to the Constellation client Go library for an example of how to use Constellation. More detailed documentation coming soon!

Configuration File Format

See sample.conf.

How It Works

Each Constellation node hosts some number of key pairs, and advertises a publicly accessible FQDN/port for other hosts to connect to.

Nodes can be started with a reference to existing nodes on the network (with the othernodes configuration variable,) or without, in which case some other node must later be pointed to this node to achieve synchronization.

When a node starts up, it will reach out to each node in othernodes, and learn about the public keys they host, as well as other nodes in the network. In short order, the node's public key directory will be the same as that of all other nodes, and you can start addressing messages to any of the known public keys.

This is what happens when you use the send function of the Private API to send the bytestring foo to the public key ROAZBWtSacxXQrOe3FGAqJDyJjFePR5ce4TSIzmJ0Bc=:

  1. You send a POST API request to the Private API socket like: {"payload": "foo", "from": "mypublickey", to: "ROAZBWtSacxXQrOe3FGAqJDyJjFePR5ce4TSIzmJ0Bc="}

  2. The local node generates using /dev/urandom (or similar):

    • A random Master Key (MK) and nonce
    • A random recipient nonce
  3. The local node encrypts the payload using NaCl secretbox using the random MK and nonce.

  4. The local node generates an MK container for each recipient public key; in this case, simply one container for ROAZ..., using NaCl box and the recipient nonce.

    NaCl box works by deriving a shared key based on your private key and the recipient's public key. This is known as elliptic curve key agreement.

    Note that the sender public key and recipient public key we specified above aren't enough to perform the encryption. Therefore, the node will check to see that it is actually hosting the private key that corresponds to the given public key before generating an MK container for each recipient based on SharedKey(yourprivatekey, recipientpublickey) and the recipient nonce.

    We now have:

    • An encrypted payload which is foo encrypted with the random MK and a random nonce. This is the same for all recipients.

    • A random recipient nonce that also is the same for all recipients.

    • For each recipient, the MK encrypted with the shared key of your private key and their public key. This MK container is unique per recipient, and is only transmitted to that recipient.

  5. For each recipient, the local node looks up the recipient host, and transmits to it:

    • The sender's (your) public key

    • The encrypted payload and nonce

    • The MK container for that recipient and the recipient nonce

  6. The recipient node returns a SHA3-512 hash digest of the encrypted payload, which represents its storage address.

    (Note that it is not possible for the sender to dictate the storage address. Every node generates it independently by hashing the encrypted payload.)

  7. The local node stores the payload locally, generating the same hash digest.

  8. The API call returns successfully once all nodes have confirmed receipt and storage of the payload, and returned a hash digest.

Now, through some other mechanism, you'll inform the recipient that they have a payload waiting for them with the identifier owqkrokwr, and they will make a call to the receive method of their Private API:

  1. Make a call to the Private API socket receive method: {"key": "qrqwrqwr"}

  2. The local node will look in its storage for the key qrqwrqwr, and abort if it isn't found.

  3. When found, the node will use the information about the sender as well as its private key to derive SharedKey(senderpublickey, yourprivatekey) and decrypt the MK container using NaCl box with the recipient nonce.

  4. Using the decrypted MK, the local node will decrypt the encrypted payload using NaCl secretbox using the main nonce.

  5. The API call returns the decrypted data.

Getting Help

Stuck at some step? Please join our slack community for support.

More Repositories

1

smart-contract-best-practices

A guide to smart contract security best practices
HTML
7,473
star
2

ethereum-developer-tools-list

A guide to available tools and platforms for developing on Ethereum.
5,321
star
3

quorum

A permissioned implementation of Ethereum supporting data privacy
Go
4,581
star
4

mythril

Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
Python
3,817
star
5

Tokens

Ethereum Token Contracts
JavaScript
2,059
star
6

eth-lightwallet

Lightweight JS Wallet for Node and the browser
JavaScript
1,466
star
7

gnark

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. The library is open source and developed under the Apache 2.0 license
Go
1,383
star
8

surya

A set of utilities for exploring Solidity contracts
JavaScript
1,076
star
9

ethql

A GraphQL interface to Ethereum πŸ”₯
TypeScript
623
star
10

abi-decoder

Nodejs and Javascript library for decoding data params and events from ethereum transactions
JavaScript
605
star
11

vscode-solidity-auditor

Solidity language support and visual security auditor for Visual Studio Code
JavaScript
568
star
12

teku

Java Implementation of the Ethereum 2.0 Beacon Chain
Java
557
star
13

cakeshop

An integrated development environment and SDK for Ethereum-like ledgers
JavaScript
507
star
14

gnark-crypto

gnark-crypto provides elliptic curve and pairing-based cryptography on BN, BLS12, BLS24 and BW6 curves. It also provides various algorithms (algebra, crypto) of particular interest to zero knowledge proof systems.
Go
487
star
15

Token-Factory

Basic Token Factory dapp.
JavaScript
479
star
16

UniversalToken

Implementation of Universal Token for Assets and Payments
JavaScript
346
star
17

doc.linea

Linea documentation
JavaScript
338
star
18

quorum-examples

Examples for Quorum
Shell
317
star
19

scribble

Scribble instrumentation tool
TypeScript
315
star
20

anonymous-zether

A private payment system for Ethereum-based blockchains, with no trusted setup.
Solidity
295
star
21

defi-score

DeFi Score: An open framework for evaluating DeFi protocols
Python
280
star
22

EthOn

EthOn - The Ethereum Ontology
HTML
245
star
23

solidity-metrics

Solidity Code Metrics
JavaScript
235
star
24

Mahuta

IPFS Storage service with search capability
Java
230
star
25

tessera

Tessera - Enterprise Implementation of Quorum's transaction manager
Java
169
star
26

PLCRVoting

Partial Lock Commit Reveal Voting System that utilizes ERC20 Tokens
JavaScript
169
star
27

ethjsonrpc

Python JSON-RPC client for the Ethereum blockchain
Python
156
star
28

linea-attestation-registry

Verax is a shared registry for storing attestations of public interest on EVM chains, designed to enhance data discoverability and consumption for dApps across the network.
TypeScript
129
star
29

zero-knowledge-proofs

Zero Knowledge Proofs and how they can be implemented in Quorum
C++
128
star
30

evm-dafny

An EVM interpreter in Dafny
Dafny
125
star
31

python-solidity-parser

An experimental Solidity parser for Python built on top of a robust ANTLR4 grammar πŸ“š
Python
125
star
32

truffle-security

MythX smart contract security verification plugin for Truffle Framework
JavaScript
124
star
33

solc-typed-ast

A TypeScript package providing a normalized typed Solidity AST along with the utilities necessary to generate the AST (from Solc) and traverse/manipulate it.
TypeScript
123
star
34

web3signer

Web3Signer is an open-source signing service capable of signing on multiple platforms (Ethereum1 and 2, Filecoin) using private keys stored in an external vault, or encrypted on a disk.
Java
122
star
35

daedaluzz

Benchmark Generator for Smart-Contract Fuzzers
Solidity
120
star
36

btcrelay-fetchd

Just the fetchd script of btcrelay
Python
116
star
37

ethsigner

DEPRECATED. A transaction signing application to be used with a web3 provider.
Java
112
star
38

ethereum-dissectors

πŸ”Wireshark dissectors for Ethereum devp2p protocols
C
109
star
39

quorum-dev-quickstart

The Quorum Developer Quickstart utility can be used to rapidly generate local Quorum blockchain networks for development and demo purposes using Besu, GoQuorum, and Codefi Orchestrate.
Solidity
108
star
40

truffle-webpack-demo

A demo Webpack + React App using truffle-solidity-loader
JavaScript
95
star
41

orion

Orion is a PegaSys component for doing private transactions
Java
92
star
42

blockchainSecurityDB

JavaScript
90
star
43

quorum-kubernetes

Helm charts for Hyperledger Besu and GoQuorum
Mustache
85
star
44

quorum-docs

Documentation assets for Quorum
84
star
45

mythx-cli

A command line interface for the MythX smart contract security analysis API
Python
83
star
46

gpact

General Purpose Atomic Crosschain Transaction Protocol
Java
81
star
47

bytecode-verifier

Compile Solidity source code and verify its bytecode matches the blockchain
JavaScript
80
star
48

goff

goff (go finite field) is a unix-like tool that generates fast field arithmetic in Go.
Go
76
star
49

starknet-snap

The MetaMask Snap for Starknet
TypeScript
74
star
50

linea-contracts

Linea smart-contracts
Solidity
73
star
51

eth2.0-dafny

Eth2.0 spec in Dafny
Dafny
72
star
52

zsl-q

ZSL on Quorum
C++
71
star
53

security-workshop-for-devs

Secure smart contract development workshop hosted by ConsenSys Diligence and MythX.
70
star
54

Legions

Ethereum/EVM Node Security Toolkit
Python
69
star
55

support-metamask-io

Public-facing repository of content live on support.metamask.io. Open for contributions and suggestions.
MDX
66
star
56

quorum-docker-Nnodes

Run a bunch of Quorum nodes, each in a separate Docker container.
Shell
65
star
57

Project-Alchemy

Ethereum-Zcash Integration effort
63
star
58

handel

Multi-Signature Aggregation in a Large Byzantine Committees
Go
53
star
59

qubernetes

Quorum on Kubernetes.
Go
52
star
60

Uniswap-audit-report-2018-12

51
star
61

quorum-tools

Tools for running Quorum clusters and integration tests
Haskell
51
star
62

doc.teku

ConsenSys Ethereum 2.0 client
CSS
47
star
63

vscode-solidity-metrics

Generate Solidity Source Code Metrics, Complexity and Risk profile reports for your project.
JavaScript
46
star
64

private-networks-deployment-scripts

This repository contains out-of-the-box deployment scripts for private PoA networks
Shell
45
star
65

awesome-quorum

A curated list of awesome softwares, libraries, tools, articles, educational resources, discussion channels and more to build on ConsenSys Quorum.
45
star
66

wittgenstein

Simulator for some PoS or consensus algorithms. Includes dfinity, casper IMD and others
Java
45
star
67

linea-tutorials

An EVM-equivalent zk-rollup for scaling Ethereum dapps
Shell
43
star
68

vscode-ethover

Ethereum Account Address Hover Info and Actions
JavaScript
42
star
69

permissioning-smart-contracts

Smart contracts for the Besu permissioning system
TypeScript
41
star
70

besu-sample-networks

Hyperledger Besu Ethereum client quick-start makes you able to simply test all Besu features.
40
star
71

linea-token-list

Linea Token List
TypeScript
39
star
72

0x-review

Security review of 0x smart contracts
HTML
39
star
73

quorum-key-manager

A universal Key & Account Management solution for blockchain applications.
Go
39
star
74

mythx-playground

Exercises to go along with smart contract security workshops by MythX and ConsenSys Diligence
Solidity
39
star
75

kubernetes-action

GitHub Action to run kubectl
Dockerfile
38
star
76

evm-analyzer-benchmark-suite

A benchmark suite for evaluating the precision of EVM code analysis tools.
HTML
38
star
77

quorum-cloud

Deploy Quorum network in a cloud provider of choice
HCL
36
star
78

quorum.js

Quorum.js is an extension to web3.js providing support for JP Morgan's Quorum API
JavaScript
36
star
79

web3js-eea

EEA JavaScript libraries.
JavaScript
35
star
80

truffle-solidity-loader

A Webpack loader that will parse and provision Solidity files to Javascript using Truffle for compilation
JavaScript
35
star
81

secureum-diligence-bootcamp

Solidity
35
star
82

rimble-app-demo

React Ethereum dApp demonstrating onboarding and transaction UX
JavaScript
35
star
83

linea-monorepo

The principal Linea repository. This mainly includes the smart contracts covering Linea's core functions, the prover in charge of generating ZK proofs, the coordinator responsible for multiple orchestrations, and the postman to execute bridge messages.
Go
35
star
84

linea-tracer

Part of the Linea stack responsible for extracting data from the execution of an EVM client in order to construct large matrices called execution traces.
Java
34
star
85

infura-sdk

Infura NFT SDK
TypeScript
34
star
86

web3studio-soy

Static Websites on the Distributed Web
JavaScript
33
star
87

pythx

A Python library for the MythX smart contract security analysis platform
Python
33
star
88

quorum-aws

Tools for deploying Quorum clusters to AWS
HCL
33
star
89

react-metamask

JavaScript
32
star
90

diligence-fuzzing

Python
32
star
91

boilerplate-react

React app boilerplate by ConsenSys France
JavaScript
29
star
92

hellhound

HellHound is a decentralized blind computation platform.
Go
29
star
93

aragraph

Visualize your Aragon DAO Templates
JavaScript
29
star
94

quorum-wizard

Quorum Wizard is a command line tool that allow users to set up a development Quorum network on their local machine in less than 2 minutes.
JavaScript
28
star
95

doc.goquorum

Documentation site for GoQuorum, the ConsenSys Enterprise Ethereum client
CSS
27
star
96

quorum-explorer

A light-weight front-end explorer for Besu and GoQuorum to visualise private networks and deploy smart contracts
TypeScript
27
star
97

mythxjs

TypeScript
26
star
98

hackathon-2021-dapp-workshop

JavaScript
25
star
99

0x_audit_report_2018-07-23

0x Protocol v2 Audit
HTML
24
star
100

web3js-quorum

JavaScript
24
star