# E2E in diode network Since we don't have end to end encryption in client currently, the server (proxy data between client and device) will know everything. It's important to encrypt communication between client and device. After doing some research into some encryption/e2e protocol (TLS,SSH,MTProtto, Signal), it's simpler/safer(more people use, maybe?) to implement tls/ssh in current client. # How TLS/SSH works TLS/SSH client/server should negotiate the key exchange algorithm/encryption algorithm first. Usually they use Diffie-Hellman to exchenge key and symmetric cryptography algorithm to encrypt/decrypt data. Client send packet including key exchange group/key exchange group parameters(p, g)/public key/Diffie-Hellman parameter(A=g**amodp)/Other initialize message(ssh init message). Server receive packet and determines key exchange algorithm, return other information (Diffie-Hellman parameter(B=g**bmodp)/Signature/Server public key). Client receive server responss, verify the signature and calculate the key with key exchange algorithm. In Diffie Hellman K will be B**amodp. Note: a, b should be a large number, in elliptic cryptography a, b will be another private key(D). # How Diode will use Diffie-Hellman-secp256k1-sha256 * secp256k1 with sha256 hash Special: Diffie-Hellman-secp256k1-sha3 * secp256k1 with keccak256 hash # Security TODO...... * Man in the middle (MITM) * ... # Reference https://tools.ietf.org/html/rfc4253 https://tools.ietf.org/html/rfc5656 https://core.telegram.org/api/end-to-end#serialization-and-encryption-of-outgoing-messages https://news.ycombinator.com/item?id=6915741 https://en.wikipedia.org/wiki/Signal_Protocol