*This document is still work in progress. The mid-term outlook related to privacy preserving Verifiable Crednetials using [BBS+ Signatures](https://w3c-ccg.github.io/ldp-bbs2020/#introduction) still needs to be outlined.* # Cryptographic protocols / algorithms used by the Once wallet ###### tags: `documentation` `ssi` The exact cryptographic algorithms which need to be supported by ONCE wallet are driven by the requirements of the underlying SSI protocols / specifications. As the underling specifications mature and evolve, support for new algorithms will be required. The SSI protocols / specifications to be used in the ONCE project are indexed / listed in [this document](https://docs.google.com/spreadsheets/d/1itmGXaqiM_QyqiVlsLpdoumzcDPiYTzhLgCW1Y9V1w8/edit?usp=sharing). ### Current **Algorithms used for identity management (i.e. creating, updating, deactivating a DID)** - The`Ed25519` signature scheme (Curve25519 keys in combination with the sha512 digest algorithm. We rely on this [dependency](https://docs.rs/ed25519-dalek/1.0.1/ed25519_dalek/)) is extensively used as part of the (KERI based) DID method employed by the ONCE wallet. Relevant operations are -- key generation, signature generation, signature verification. **Verifiable Credentials** A number of "proof types" which can be used with JSON-LD Verifiable Credentials are defined, and registered here -- https://w3c-ccg.github.io/ld-cryptosuite-registry. **A subset of the suites defined in the aforementioned registry will be supported by the ONCE Wallet**. Currently support is there for: - The [`Ed25519Signature2018`](https://w3c-ccg.github.io/ld-cryptosuite-registry/#ed25519signature2018) signature suite is currently supported by the ONCE wallet (Using Curve25519 keys, and the sha256 / sha512 digest algorithms).*Relevant operations are - signature generation, signature verification*. - Additionally, the [`EcdsaSecp256k1Signature2019`](https://w3c-ccg.github.io/ld-cryptosuite-registry/#ecdsasecp256k1signature2019) signature suite is currently supported by the ONCE wallet as well. This suite is more relevant for / generally addopted by DID methods based on the e.g. Ethereum / Bitcoin blockchains, which make use of this key type. Depending on the interoperability targets / use cases, the ONCE wallet might need to verify signatures of this type. *Relevant operations are - signature verification*. *Signature verification for additional signature suites can be supported as well, depending on use case requirements / interoperability goals. The ONCE wallet will make use of Ed25519 keys by default for signing Verifiable Credentials*. **Secure messaging / communication** Mandated by the DIDComm specification (e.g. for [content encryption](https://identity.foundation/didcomm-messaging/spec/#curves-and-content-encryption-algorithms), [signing messages](https://identity.foundation/didcomm-messaging/spec/#algorithms)). The specific curves / algorithms supported by our current implementation (hosted [here](https://github.com/decentralized-identity/didcomm-rs)) are: ##### Encryption (Anoncrypt / Authcrypt) - XChaCha20Poly1305 with a 256 bit key. - AES256-GCM with a 256 bit key. - AES256-CBC + HMAC-SHA512 with a 512 bit key. ##### Signatures - ED25519-Dalek. - ECDSA/P256 NIST. - ECDSA/SECP256K1. ### Mid-term and long-term perspectives On a slightly longer timeline, the ONCE wallet should support exchange of privacy preserving Verifiable Credentials. TODO