# Encryption Layers KayakNet uses multiple layers of encryption to protect your data. ## Overview ``` ┌─────────────────────────────────────────────────┐ │ Layer 4: Application E2E Encryption │ │ (Chat messages, delivery info, etc.) │ ├─────────────────────────────────────────────────┤ │ Layer 3: Onion Routing Encryption │ │ (3 nested layers, one per hop) │ ├─────────────────────────────────────────────────┤ │ Layer 2: Transport Encryption (TLS 1.3) │ │ (Per-connection encryption) │ ├─────────────────────────────────────────────────┤ │ Layer 1: Physical Transport │ │ (TCP/UDP packets) │ └─────────────────────────────────────────────────┘ ``` ## Layer 1: Transport Encryption Every connection between nodes uses TLS 1.3: * **Cipher Suite**: TLS\_CHACHA20\_POLY1305\_SHA256 * **Key Exchange**: X25519 * **Certificate**: Self-signed Ed25519 ### What It Protects * Content of packets between directly connected peers * Node identity (certificate includes public key) ### What It Doesn't Protect * Traffic patterns (timing, size) * Metadata (who's talking to whom) ## Layer 2: Onion Routing Messages are wrapped in 3 layers of encryption: ``` Sender encrypts: Layer 3 key → for Exit Node Layer 2 key → for Middle Node Layer 1 key → for Entry Node Message ``` ### Key Exchange Each hop gets its own ephemeral key: 1. Sender generates X25519 keypair 2. ECDH with hop's public key 3. HKDF to derive symmetric key 4. ChaCha20-Poly1305 encryption ### Header Format ``` ┌──────────────────────────────────┐ │ Ephemeral Public Key (32 bytes) │ ├──────────────────────────────────┤ │ Next Hop (encrypted) │ ├──────────────────────────────────┤ │ Payload (encrypted) │ └──────────────────────────────────┘ ``` ## Layer 3: Application E2E Chat messages and sensitive data have additional encryption: ### Chat Room Keys * Symmetric key shared by room members * Rotated when membership changes * ChaCha20-Poly1305 ### Direct Messages * X25519 key exchange with recipient * Per-message key derivation (forward secrecy) * Ed25519 signature for authentication ### Escrow Data * Delivery info encrypted to seller's key * Only seller can decrypt ## Cryptographic Primitives | Purpose | Algorithm | Standard | | -------------------- | ----------------- | -------- | | Signatures | Ed25519 | RFC 8032 | | Key Exchange | X25519 | RFC 7748 | | Symmetric Encryption | ChaCha20-Poly1305 | RFC 8439 | | Key Derivation | HKDF-SHA256 | RFC 5869 | | Hashing | BLAKE2b-256 | RFC 7693 | ## Key Management ### Node Identity Key * Ed25519 keypair * Generated on first run * Stored in `identity.key` * Never transmitted ### Session Keys * Ephemeral per-connection * X25519 exchange * Destroyed after use ### Room Keys * Generated by room creator * Encrypted to each member * Rotated on membership change ## Forward Secrecy KayakNet provides forward secrecy through: 1. **Ephemeral Keys** - New keys per session 2. **Key Rotation** - Regular key changes 3. **Key Destruction** - Old keys deleted If your long-term key is compromised: * Past messages remain encrypted * Only future messages affected ## Quantum Resistance Current algorithms are NOT quantum-resistant. Planned upgrades: * **CRYSTALS-Kyber** - Post-quantum key exchange * **CRYSTALS-Dilithium** - Post-quantum signatures * **Hybrid Mode** - Classical + PQ for transition ## Implementation Details ### Random Number Generation ```go // Using crypto/rand for all randomness import "crypto/rand" key := make([]byte, 32) rand.Read(key) ``` ### Constant-Time Operations All cryptographic comparisons use constant-time functions: ```go import "crypto/subtle" if subtle.ConstantTimeCompare(a, b) == 1 { // Equal } ``` ### Memory Security Sensitive data is: * Zeroed after use * Not logged or printed * Stored in secure memory where possible ## Verification You can verify encryption using packet captures: ```bash # Capture KayakNet traffic tcpdump -i any port 4242 -w capture.pcap # Analyze with Wireshark # All payloads should appear as random data ```