Zappl Private Chat Encryption Documentation
The two algorithms that we are using for encryption are often used in tandem in practice namely
SHA-256 and AES.
- I) SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed
by the United States National Security Agency (NSA). It is a hash algorithm, i.e. one
way encryption. So that it gives no way for decryption. This will be used to generate
keys. The SHA-2 family consists of six hash functions with hash values that are 224,
256, 384 or 512 bits.
SHA-2 is typically a building block for other cryptographic constructs. In satisfying
the requirements of cryptographic hash, it's a one-way function that is deterministic,
fast to compute, resistant to pre-image and second-preimage attacks, and is collision
resistant.
NOTE: We are going to use SHA-256.
- II) AES (Advanced Encryption Standard) is a symmetric cryptography, i.e. it uses same
key for both encryption and decryption.
In present day cryptography, AES is widely adopted and supported in software. Till
date, no practical cryptanalytic attacks against AES have been discovered.
Additionally, AES has built-in flexibility of key length, which allows a degree of
‘future-proofing’ against progress in the ability to perform exhaustive key searches.
Operation of AES
I) AES is an iterative method. It is based on ‘substitution–permutation network’. It
comprises of a series of linked operations, some of which involve replacing inputs by
specific outputs (substitutions) and others involve shuffling bits around
(permutations).II) Interestingly, AES performs all its computations on bytes rather than bits. Hence,
AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged
in four columns and four rows for processing as a matrix.III) The number of rounds in AES is variable and depends on the length of the key. AES
uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit
keys. Each of these rounds uses a different 128-bit round key, which is calculated
from the original AES key.IV) The schematic of AES structure is given in the following illustration –
Encryption Process
Decryption process
The process of decryption of an AES text is similar to the encryption process in the reverse order. Each round consists of the four processes conducted in the reverse order −
- Add round key
- Mix columns
- Shift rows
- Byte substitution
Since sub-processes in each round are in reverse manner, the encryption and decryption algorithm needs to be separately implemented, although they are very closely related.
++ Overall Flow ++
End to End secret follow the following flow
Sending a Request
- Generate SHA Key and send a chat initiate request
- The user must be shown basic information about User A and must be prompted to accept or reject the request.
Accepting a request
- After User B confirms the creation of a secret chat with A in the client interface
Send-Receive Message in secured chat
- Every message that is sent across is secured using the SHA Key
- Using the same key it is decrypted at the receiving end
- Data will be saved in encrypted form in the DB to avoid human readability
- SHA key would be refreshed after few messages to add additional layer of security
slothicorn magic.....good job guys, gonna zappl soooo hard
woot
WOOT WOOT!
Sounds good. AES, the Belgium algorithm has indeed been proven to be fast, efficient and reasonably secure. That's symmetric encryption however so make sure that communication to establish the keys will always happen via an assymetric algorithm like SHA.
-edit, after reading the article again, I can delete my comment, I didn't add anything that wasn't already better explained by you, sorry!
No problem
@zappl,
Can we mine this coin?
Thanks for sharing such useful information.
Cheers~
Zappl isnt a coin, zappl is a site and service like steemit that runs on the steem blockchain.
@zappl,
I didn't get you, can you please tell me, is this a social media type web site or if you say it's like steemit, then we all know there is steem crypto currency as well.
Looking for your kind response!
Cheers~
Like steemit, zappl is an application that runs on the steem blockchain so you earn steem. Steemit isnt the name of the technology, steem is the technology behind steemit, busy, zappl and so on.
@zappl,
Got it now! Thank you very much friend! I am still new to this platform
Cheers~
interesting. Lots of good information
That it is,.
But it is complex
Great post, thanks for sharing!
No problem and thanks.
I have got info about SHA thanx for sharing
No problem
Thank you very much for the valuable information you shared.
Great post
Thank you for this beautiful description. We nerds like this :)
Great post