From 9525cf5b98877b35270973c72ca02e9f547924e6 Mon Sep 17 00:00:00 2001 From: Johnathan Sharratt Date: Tue, 28 May 2019 00:20:08 +0200 Subject: [PATCH] Fixed up some of the english language mixtakes and added more notes --- doc/design.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/doc/design.md b/doc/design.md index 2194e54bb..e82b382e3 100644 --- a/doc/design.md +++ b/doc/design.md @@ -609,8 +609,10 @@ least the second cipher will protect the customer data until a fix can be rolled out to take advantage of the weakness. Given ATE is highly dependent on cryptography for its authentication and authorization models this is deemed an acceptable cost. +` Note: When using cascading encryption separate encryption keys are generated using secure random number generators. +` ATE uses two asymmetric signature algorithms for anything that's written: @@ -622,13 +624,22 @@ ATE uses two asymmetric encryption algorithms for its - **NTRU** - _lattice-based (shortest vector problem)_ - **NewHope** - _lattice-based (ring learning with errors)_ -ATE uses one levels of symmetric encryption with the keys hidden behind the -earlier asymmetric encryption (this is done for performance reasons through the -reuse of the faster symmetric encryption when within the same security boundary): +ATE uses symmetric encryption to encrypt the actual data itself with the keys hidden +behind the earlier asymmetric encryption (this is done for performance reasons +through the reuse of the faster symmetric encryption when within the same security +boundary): - **AES256** - _equivalent to AES128 on classical computer_ - **AES512** - _equivalent to AES256 on classical computer_ +` +Note: For the observant reader this means if AES is broken in the future then +everything is broken no matter what asymmetric signature or encryption algorithms +as this would allow for reading of all the data without the need to break asymmetric +cryptographic - however - AES is currently deemed post quantum resistant when doubling +the key size - no viable alternatives exist at the time of writing. +` + All of these algorithms are candidates for NIST post quantum cryptography: https://en.wikipedia.org/wiki/Post-Quantum_Cryptography_Standardization#cite_note-20