Skip to content

raphjaph/hotcertification

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

79 Commits

benchmark

benchmark

 
 

cmd

cmd

 
 

crypto

crypto

 
 

hotstuff @ e5766b9

hotstuff @ e5766b9

 
 

logging

logging

 
 

protocol

protocol

 
 

replication

replication

 
 

signing

signing

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

Dockerfile

Dockerfile

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

hotcertification.go

hotcertification.go

 
 

hotcertification.toml

hotcertification.toml

 
 

run_servers_localhost.sh

run_servers_localhost.sh

 
 

thesis.pdf

thesis.pdf

 
 

Repository files navigation

HotCertification: A distributed Certificate Authority

A byzantine fault-tolerant state machine replication algorithm and threshold signature scheme that in conjunction perform the basic functionalities of a Certificate Authority (CA). It adds these layers of complexity in order to be more resilient against process failures and malicious attacks. The certification process can be abstracted to sign any piece of data (not just a X509 Certificate) like access tokens (macaroons) or JWTs and through that act as a sort of Authentication Server.

Using it

This is really just a proof-of-concept I built as part of my Bachelor's thesis so it still has bugs and needs major refactoring (it doesn't even have a database and stores everything in-memory!!). An example configuration of a cluster of four HotCertification nodes can be found in hotcertification.toml. Compile the binaries by calling make. Create the cryptographic material like private keys and TLS certificates with:

mkdir keys
./cmd/keygen/keygen -n $NUM_NODES -t $THRESHOLD --key-size 512 keys

Run the cluster of four nodes locally by executing run_servers_localhost.sh. Test the cluster with an example client with:

./cmd/client/client client.crt

client.crt is the name of file to write the X509 certificate to that has been requested from the CA.

TODO

  • rename coordinator struct
  • merge/put in same dir coordinator.go and options.go (Because they outline how hotcertification works)
  • add database or interface to database or check out sqlite
  • add a Makefile, see here for help
  • make event-driven architecture? -> more lightweight; look at Flow implementation
  • instead of ClientID and Sequence Number just use Hash of CSR to identify request (replaces CMDID data structure) -> use HashMap
  • slow down consensus rounds?
  • go run with SIGNALS

Testing

Logging and Configuration

  • add a custom level to the log -> APPLICATION/CERTIFICATION; refactor code accordingly
  • find out how to show logs from internal consensus protocol and client facing server; pipe HS log into my logger
  • change hotstuff.toml to hotstuff.yml see here
  • merge internal/cli into main

Crypto/Threshold library

  • define curve parameters somewhere (CURVE, G, N) wiki
  • recycle PartialCert from Hotstuff for Certification Service crypto
  • add error checks to threshold.go

Miscellaneous

  • other cool go library repos

Protocol Buffers (protoc)

  • execute compile command in proto folder
  • protoc -I=/Users/raphael/.go/pkg/mod/github.com/relab/[email protected]. --go_out=paths=source_relative:. --gorums_out=paths=source_relative:. certification.proto
  • this command finds the absolute path with versioning for gorums package
  • go list -m -f {{.Dir}} github.com/relab/gorums

About

A distributed Certificate Authority

Topics

go golang cryptography

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages