diff --git a/docs/server/source/appendices/cryptography.md b/docs/server/source/appendices/cryptography.md index 3c0a9297..ecbd3c7e 100644 --- a/docs/server/source/appendices/cryptography.md +++ b/docs/server/source/appendices/cryptography.md @@ -8,31 +8,69 @@ as described in [the section on JSON serialization](json-serialization.html). ## Hashes -We compute hashes using the SHA3-256 algorithm and -[pysha3](https://bitbucket.org/tiran/pykeccak) as the Python implementation. We -store the hex-encoded hash in the database. For example: +BigchainDB computes transaction and block hashes using an implementation of the +[SHA3-256](https://en.wikipedia.org/wiki/SHA-3) +algorithm provided by the +[**pysha3** package](https://bitbucket.org/tiran/pykeccak), +which is a wrapper around the optimized reference implementation +from [http://keccak.noekeon.org](http://keccak.noekeon.org). + +Here's the relevant code from `bigchaindb/bigchaindb/common/crypto.py` +(as of 11 December 2016): ```python -import hashlib -# monkey patch hashlib with sha3 functions import sha3 -data = "message" -tx_hash = hashlib.sha3_256(data).hexdigest() +def hash_data(data): + """Hash the provided data using SHA3-256""" + return sha3.sha3_256(data.encode()).hexdigest() ``` +The incoming `data` is understood to be a Python 3 string, +which may contain Unicode characters such as `'ü'` or `'字'`. +The Python 3 `encode()` method converts `data` to a bytes object. +`sha3.sha3_256(data.encode())` is a _sha3.SHA3 object; +the `hexdigest()` method converts it to a hexadecimal string. +For example: + +```python +>>> import sha3 +>>> data = '字' +>>> sha3.sha3_256(data.encode()).hexdigest() +'c67820de36d949a35ca24492e15767e2972b22f77213f6704ac0adec123c5690' +``` + +Note: Hashlocks (which are one kind of crypto-condition) +may use a different hash function. + + ## Signature Algorithm and Keys BigchainDB uses the [Ed25519](https://ed25519.cr.yp.to/) public-key signature system for generating its public/private key pairs. Ed25519 is an instance of the [Edwards-curve Digital Signature Algorithm -(EdDSA)](https://en.wikipedia.org/wiki/EdDSA). As of April 2016, EdDSA was in -["Internet-Draft" status with the -IETF](https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-05) but was [already +(EdDSA)](https://en.wikipedia.org/wiki/EdDSA). As of December 2016, EdDSA was an +["Internet-Draft" with the +IETF](https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-08) but was [already widely used](https://ianix.com/pub/ed25519-deployment.html). -BigchainDB uses the the [ed25519](https://github.com/warner/python-ed25519) -Python package, overloaded by the [cryptoconditions -library](https://github.com/bigchaindb/cryptoconditions). +BigchainDB uses the the +[**cryptoconditions** package](https://github.com/bigchaindb/cryptoconditions) +to do signature and keypair-related calculations. +That package, in turn, uses the [**PyNaCl** package](https://pypi.python.org/pypi/PyNaCl), +a Python binding to the Networking and Cryptography (NaCl) library. -All keys are represented with the base58 encoding by default. +All keys are represented with +[a Base58 encoding](https://en.wikipedia.org/wiki/Base58). +The cryptoconditions package uses the +[**base58** package](https://pypi.python.org/pypi/base58) +to calculate a Base58 encoding. +(There's no standard for Base58 encoding.) +Here's an example public/private key pair: + +```js +"keypair": { + "public": "9WYFf8T65bv4S8jKU8wongKPD4AmMZAwvk1absFDbYLM", + "private": "3x7MQpPq8AEUGEuzAxSVHjU1FhLWVQJKFNNkvHhJPGCX" +} +```