Privacy on Public Blockchain
During the development of Aisland, one of the most important challenge was, how to keep private data on a public blockchain.
What you write on the blockchain is readable from everybody, most probably you do not want that your personal address and home phone become public only because of a purchase on Aisland Store, right?
Well, a proper protocol and an encryption algorithms gave us the perfect solution to reach the target. Luckily our core developer is a an expert in the field of security and encryption algorithms.
Encryption Diagram
We selected AES-256 as encryption algorithm because it's standard de-facto and well tested in multiple scenario.
By the way a good encryption algorithm can be useless if the implemented protocol has flaws.
In brief, AES-256 needs a strong key and a chaining method,the chaining method needs an init vector that should be random and never reused.
So we developed a function to encrypt data with a password/key. Here the code in Javascript/Nodejs for the encryption:
//function to encrypt a message by AES 256
async function encrypt_aes256(data,password){
// pull the required libraries
const {
scryptSync,
randomFillSync,
createCipheriv
} = await import('crypto');
// generate a random salt
const saltbuffer = Buffer.alloc(16);
const salt =randomFillSync(saltbuffer).toString('hex');
// expand/derive password using a brute force attack algorithm
const keybin = scryptSync(password, salt, 64);
const key=keybin.toString('hex').substr(0,32);
// generate a randmom init vector
const ivbuffer = Buffer.alloc(8);
const iv =randomFillSync(ivbuffer).toString('hex');
// encrypt "data" by aes-256-cbc
const cipher = createCipheriv('aes-256-cbc', key, iv);
let encryptedData = cipher.update(data, "utf-8", "hex");
encryptedData += cipher.final("hex");
// return salt+iv+encrypted data in hex decimal string
let r=salt+"#"+iv+"#"+encryptedData;
return(r);
}
And Here the code in Javascript/Nodejs for the decryption:
// function to decrypt an ecrypted structure by Aes 256
async function decrypt_aes256(encrypteddata,password){
// pull the required libraries
const {
scryptSync,
createDecipheriv
} = await import('crypto');
// get fields from the encrypted data
const salt=encrypteddata.substr(0,32);
const iv=encrypteddata.substr(33,16);
const encryptedData=encrypteddata.substr(50);
// expand key using the same salt of the origin
const keybin = scryptSync(password, salt, 64);
const key=keybin.toString('hex').substr(0,32);
// decrypt data and convert to utf8 bytes
const decipher = createDecipheriv('aes-256-cbc', key, iv);
let clearData = decipher.update(encryptedData,"hex","utf-8");
try{
clearData += decipher.final("utf8");
} catch(error){
return(null);
}
// return decrypted data
return(clearData);
}
