david wong

Hey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

About Disco (again) posted October 2018

I was in Milan two weeks ago presenting on Disco at Advances in permutation-based cryptography. I prepared a few figures to show the current state of Disco.

The funny one is this realistically proportional figure where the areas of the different circles are representing the number of lines-of-code of each libraries.

Disco lines of code

The C library is currently awful, so I won't link to it until I get it to a prettier place, but as a proof of concept it shows that this can be achieve in a mere 1,000 lines-of-code. That while supporting the same functionalities of a TLS library and even more. The following diagram is the dependency graph or "trust graph" of an implementation of Disco:

Disco trust graph

As one can see, Disco relies on Strobe (which further relies on keccak-f) for the symmetric cryptography, and X25519 for the asymmetric cryptography. The next diagram shows the trust graph of a biased TLS 1.3 implementation for comparison:

This was done mostly for fun, so I might be missing some things, but you can see that it's starting to get more involved. Finally, I made a final diagram on what most installations actually depend on:

In this one I included other versions of TLS, but not all. I also did not include their own trust graph. Thus, this diagram is actually less complex that it could be in reality, especially knowning that some companies continue to support SSL 3.0 and TLS 1.0.

I've also included non-cryptographic things like x509 certificates and their parsers, because it is a major dependency which was dubbed the most dangerous code in the world by M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov.

Well done! You've reached the end of my post. Now you can leave a comment or read something else.

Comments

visitor_3214

Ready for prod ?

still.grokking

Looks very interesting.

What about a Rust version?

david

not ready for prod

no rust version atm, but look at https://www.cryptologie.net/article/454/want-to-implement-something-fun-today/

Don

Is it possible to replace the Keccak in Disco with other constructions like BLAKE2 and Skein?

david

You should be able to replace the permutation. This is what Xisco does (disco + xoodyak)
https://github.com/nixberg/xisco-swift

which I think is the right approach

leave a comment...