• Stars
    star
    180
  • Rank 213,097 (Top 5 %)
  • Language
    Go
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PAKE library for generating a strong secret between parties over an insecure channel

pake

travis go report card Coverage Status godocs

This library will help you allow two parties to generate a mutual secret key by using a weak key that is known to both beforehand (e.g. via some other channel of communication). This is a simple API for an implementation of password-authenticated key exchange (PAKE). This protocol is derived from Dan Boneh and Victor Shoup's cryptography book (pg 789, "PAKE2 protocol). I decided to create this library so I could use PAKE in my file-transfer utility, croc.

Install

go get -u github.com/schollz/pake/v3

Usage

Explanation of algorithm

// both parties should have a weak key
weakKey := []byte{1, 2, 3}

// initialize A
A, err := pake.InitCurve(weakKey, 0, "siec")
if err != nil {
    panic(err)
}
// initialize B
B, err := pake.InitCurve(weakKey, 1, "siec")
if err != nil {
    panic(err)
}

// send A's stuff to B
err = B.Update(A.Bytes())
if err != nil {
    panic(err)
}

// send B's stuff to A
err = A.Update(B.Bytes())
if err != nil {
    panic(err)
}

// both P and Q now have strong key generated from weak key
kA, _ := A.SessionKey()
kB, _ := B.SessionKey()
fmt.Println(bytes.Equal(kA, kB))
// Output: true

When passing P and Q back and forth, the structure is being marshalled using Bytes(), which prevents any private variables from being accessed from either party.

Each function has an error. The error become non-nil when some part of the algorithm fails verification: i.e. the points are not along the elliptic curve, or if a hash from either party is not identified. If this happens, you should abort and start a new PAKE transfer as it would have been compromised.

Hard-coded elliptic curve points

The elliptic curve points are hard-coded to prevent an application from allowing users to supply their own points (which could be backdoors by choosing points with known discrete logs). Public points can be verified via sage using hashes of croc1 and croc2:

all_curves = {}

# SIEC
K.<isqrt3> = QuadraticField(-3)
pi = 2^127 + 2^25 + 2^12 + 2^6 + (1 - isqrt3)/2
p = ZZ(pi.norm())

E = EllipticCurve(GF(p),[0,19]) # E: y^2 = x^3 + 19
G = E([5,12])

all_curves["siec"] = E


# 521r1
S = 0xD09E8800291CB85396CC6717393284AAA0DA64BA
p = 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
a = 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC
b = 0x0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00
Gx= 0x00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66
Gy= 0x011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650
n = 0x01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409

E = EllipticCurve(GF(p),[a,b])
all_curves["P-521"] = E

# P-256
p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
r = 115792089210356248762697446949407573529996955224135760342422259061068512044369
s = 0xc49d360886e704936a6678e1139d26b7819f7e90
c = 0x7efba1662985be9403cb055c75d4f7e0ce8d84a9c5114abcaf3177680104fa0d
b = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b
Gx = 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296
Gy = 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 

E = EllipticCurve(GF(p),[-3,b])
G = E([Gx,Gy])
all_curves["P-256"] = E

# P-384
p = 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319
r = 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643
s = 0xa335926aa319a27a1d00896a6773a4827acdac73
c = 0x79d1e655f868f02fff48dcdee14151ddb80643c1406d0ca10dfe6fc52009540a495e8042ea5f744f6e184667cc722483
b = 0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef
Gx = 0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7
Gy = 0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f
E = EllipticCurve(GF(p),[-3,b])
G = E([Gx,Gy])
all_curves["P-384"] = E


import hashlib

def find_point(E,seed=b""):
    X = int.from_bytes(hashlib.sha1(seed).digest(),"little")
    while True:
        try:
            return E.lift_x(E.base_field()(X)).xy()
        except:
            X += 1

    
for key,E in all_curves.items():
    print(f"key = {key}, P = {find_point(E,seed=b'croc2')}")
    print(f"key = {key}, P = {find_point(E,seed=b'croc1')}")

which returns

key = siec, P = (793136080485469241208656611513609866400481671853, 18458907634222644275952014841865282643645472623913459400556233196838128612339)
key = siec, P = (1086685267857089638167386722555472967068468061489, 19593504966619549205903364028255899745298716108914514072669075231742699650911)
key = P-521, P = (793136080485469241208656611513609866400481671852, 4032821203812196944795502391345776760852202059010382256134592838722123385325802540879231526503456158741518531456199762365161310489884151533417829496019094620)
key = P-521, P = (1086685267857089638167386722555472967068468061489, 5010916268086655347194655708160715195931018676225831839835602465999566066450501167246678404591906342753230577187831311039273858772817427392089150297708931207)
key = P-256, P = (793136080485469241208656611513609866400481671852, 59748757929350367369315811184980635230185250460108398961713395032485227207304)
key = P-256, P = (1086685267857089638167386722555472967068468061489, 9157340230202296554417312816309453883742349874205386245733062928888341584123)
key = P-384, P = (793136080485469241208656611513609866400481671852, 7854890799382392388170852325516804266858248936799429260403044177981810983054351714387874260245230531084533936948596)
key = P-384, P = (1086685267857089638167386722555472967068468061489, 21898206562669911998235297167979083576432197282633635629145270958059347586763418294901448537278960988843108277491616)

which are the points used in the code.

Contributing

Pull requests are welcome. Feel free to...

  • Revise documentation
  • Add new features
  • Fix bugs
  • Suggest improvements

Thanks

Thanks @tscholl2 for lots of implementation help, fixes, and developing the novel "siec" curve.

License

MIT

More Repositories

1

croc

Easily and securely send things from one computer to another 🐊 📦
Go
23,068
star
2

howmanypeoplearearound

Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡
Python
6,759
star
3

find

High-precision indoor positioning framework for most wifi-enabled devices.
Go
5,006
star
4

find3

High-precision indoor positioning framework, version 3.
Go
4,494
star
5

progressbar

A really basic thread-safe progress bar for Golang applications
Go
3,367
star
6

hostyoself

Host yo' self from your browser, your phone, your toaster.
Go
1,777
star
7

find-lf

Track the location of every Wi-Fi device (📱) in your house using Raspberry Pis and FIND
Go
977
star
8

rwtxt

A cms for absolute minimalists.
JavaScript
934
star
9

cowyo

A feature-rich wiki webserver for minimalists 🐮 💬
JavaScript
906
star
10

raspberry-pi-turnkey

How to make a Raspberry Pi image that can be deployed anywhere and assigned to a WiFi network without SSH 👌
Python
767
star
11

peerdiscovery

Pure-Go library for cross-platform local peer discovery using UDP multicast 👩 🔁 👩
Go
594
star
12

closestmatch

Golang library for fuzzy matching within a set of strings 📃
Go
407
star
13

gojot

A command-line journal that is distributed and encrypted, making it easy to jot notes 📓
Go
343
star
14

PIanoAI

Realtime piano learning and accompaniment from a Pi-powered AI 🎹
Go
331
star
15

spotifydownload

A dependency-free Spotify playlist downloader that should just work
Shell
318
star
16

poetry-generator

A Python2 based Backus-Naur poetry generator
Python
294
star
17

musicsaur

Music synchronization from your browser.
Go
280
star
18

offlinenotepad

An offline-first, secure, private notepad. 📔 ✏️
JavaScript
236
star
19

pluck

Pluck text in a fast and intuitive way 🐓
Go
214
star
20

miti

miti is a musical instrument textual interface. Basically, its MIDI, but with human-readable text. 🎵
Go
157
star
21

meanrecipe

Get a consensus recipe for your next meal. 🍪 🍰
Go
156
star
22

find3-cli-scanner

The command-line scanner that supports Bluetooth and WiFi
Go
142
star
23

playlistfromsong

Create an offline music playlist from a single song 🎶
Python
136
star
24

recursive-recipes

Visualize the recursive nature of recipes 🍰 🍪
Go
135
star
25

teoperator

Make OP-1 and OP-Z drum and synth patches from any sound. 🎹
Go
134
star
26

jsonstore

Simple thread-safe in-memory JSON key-store with persistent backend
Go
130
star
27

getsong

Download any song mp3 with no dependencies except ffmpeg
Go
124
star
28

find3-android-scanner

An android app that scans Bluetooth and WiFi for FIND3
Java
119
star
29

linkcrawler

Cross-platform persistent and distributed web crawler 🔗
Go
111
star
30

ingredients

Extract recipe ingredients from any recipe website on the internet.
HTML
109
star
31

share

Simple file sharing from the browser and the command-line.
Go
106
star
32

faas

Make any Go function into a API (FaaS)
Go
96
star
33

_core

firmware for the zeptocore, zeptoboard, and ectocore
C
77
star
34

find-maraudersmap

Internal positioning for everyone, in the style of Harry Potter
HTML
67
star
35

broadcast-server

A simple Go server that broadcasts any data/stream.
Go
65
star
36

streammyaudio

Easily stream audio from any computer to the internet.
HTML
63
star
37

cowyodel

Easily move things between computers with a code phrase and https://cowyo.com 🐮 💬
Go
62
star
38

extract_recipe

Extract recipes from websites, calculates cooking times, collects nutrition info from USDA database
Python
61
star
39

crawdad

Cross-platform persistent and distributed web crawler 🦀
Go
61
star
40

pikocore

source for the pikocore drum machine
C++
60
star
41

duct

Inspired by patchbay.pub
Go
59
star
42

svg2gcode

Converts svg to gcode for pen plotters
Go
53
star
43

snaptext

A simple webapp to send and receive self-destructing messages in real-time. ✉️ ⚡
Go
53
star
44

pywebsitechanges

Change detection with a simple Python script to email you whenever a website changes.
Python
51
star
45

rpi_ai

An AI developed for the Raspberry Pi
Python
50
star
46

websitechanges

Alerts you via email about a website change.
Go
47
star
47

kiki

An experimental social network that works offline.
Go
46
star
48

goagrep

agrep-like fuzzy matching, but made faster using Golang and precomputation.
Go
45
star
49

oooooo

digital tape loops for monome norns, x6.
Lua
43
star
50

readable

Making web pages readable in a browser and in the command line 🔗 📖
Go
41
star
51

onetwothree

A responsive minimalist theme for Hugo that is simple as 1, 2, 3
CSS
39
star
52

logue

A collection of Korg logue patches for the NTS-1 (or possibly minilogue XD)
C
37
star
53

midi2cv-pi

Use a simple Python script, a few wires, and a MCP4725 to convert any MIDI signal to a control voltage.
Python
37
star
54

sqlite3dump

A Golang library for dumping SQL text
Go
35
star
55

wifiscan

A platform-independent WiFi scanning library for getting BSSID + RSSI
Go
35
star
56

norns.online

online norns with norns.online
Go
35
star
57

bol

Command-line and web journal that stays synchronized and encrypted across devices
Go
34
star
58

syncdir

Automatically discover peers and synchronize a folder
Go
33
star
59

18000

18,000 seconds of music.
SuperCollider
32
star
60

nyblcore

ATtiny85-based sample machine with tempo-based effects.
C++
31
star
61

beowulf_ssh_cluster

Skeleton program for a simple Beowulf cluster that uses ssh to communicate
Python
31
star
62

markdown2tufte

Process markdown into a nice Tufte-like website 📖
CSS
31
star
63

carp

Browser-based Korg NTS-1 chord arpeggiator (carp) sequencer
JavaScript
28
star
64

httpfileserver

Wrapper for Golang http.FileServer that is faster (serving from memory) and uses less bandwidth (gzips when possible)
Go
27
star
65

browsersync

A simple live-reloading tool for developing HTML.
Go
26
star
66

tape-synth

Instructions to create a cassette synthesizer.
Go
26
star
67

squirrel

Like curl, or wget, but downloads directly go to a SQLite databse
Go
25
star
68

workshops

workshops
SuperCollider
23
star
69

patchitup

Backup your file to your remote server using minimum bandwidth.
Go
23
star
70

norns-desktop

norns in docker
Dockerfile
22
star
71

logger

Simplistic, opinionated logging for Golang
Go
21
star
72

mnemonicode

Go
20
star
73

boltdb-server

Fancy server and Go package for connecting to BoltDB databases
Go
20
star
74

zget

zack's wget
Go
19
star
75

wormhole

Transfer files over TCP in Go
Go
19
star
76

quotation-explorer

Explore and search over 120,000 quotations, with the click of a mouse 🌎💬
Go
19
star
77

o-o-o

dot-connected fm synth and sequencer for norns
Lua
18
star
78

tapedeck

norns tape deck emulator.
Lua
17
star
79

amenbreak

a dedicated amen break script for norns.
Lua
16
star
80

zxcvbn

a norns script for a tracker on norns.
Lua
16
star
81

anonfiction

A CMS for reading and writing stories in a online magazine format. 📖
Go
16
star
82

prevent-link-rot

Simple utility to convert links in any file to permanent links via the https://archive.org/web/ or http://perma.cc
HTML
16
star
83

raw

Go
16
star
84

mx.samples

like mr. radar or mr.coffee but for samples on norns.
Lua
15
star
85

supertonic

an instrospective drum machien
Lua
15
star
86

mx.synths

norns script for polyphonic synths
Lua
14
star
87

autojack

norns mod for automatically jacking in usb audio
Lua
14
star
88

fbdb

File based database
Go
14
star
89

broadcast

Lua
14
star
90

paracosms

norns script to play and sample many samples.
Lua
14
star
91

heartbpm

Control the tempo of electronic instruments with your heart rate. 💗 🎵
JavaScript
14
star
92

web-archiver

A tiny Python clone of https://archive.org/web/ for your own personal websites.
Python
13
star
93

album-at-the-place

Open-sourcing my latest music album.
12
star
94

indeterminate-music

A framework for creating indeterminate music (in development) 🎵
HTML
12
star
95

ipfs-connect

Easily connect two computers in the IPFS
Go
11
star
96

googleit

Get results from search engines.
Go
11
star
97

stringsizer

A very simple way to encode short strings.
Go
11
star
98

supercollisions

collection of SuperCollider scripts
SuperCollider
11
star
99

amen

sampler & mangler for monome norns
Lua
11
star
100

string_matching

A simple and fast approach to selecting the best string in a list of strings despite errors or mispelling.
Python
11
star