loading...
Cover image for One Thing Stood Between us and a $100,000 Prize …

One Thing Stood Between us and a $100,000 Prize …

prabhaav profile image prabhaav Originally published at stealthy.im ・1 min read

Stealthy.IM is built atop Blockstack — a decentralized platform providing identity on the Bitcoin blockchain, elliptic curve cryptography, and GAIA, a decentralized storage system.

In April of 2018, Blockstack released mobile APIs for Android and iOS, enabling us to build Stealthy IM for phones. Naively, we assumed everything would work out of the box, but quickly realized there was at least one major issue. The elliptic curve cryptography features were not yet supported on Blockstack’s iOS API, and without them Stealthy IM on a phone was dead in the water. This is because all of Stealthy’s personal messaging is encrypted, as shown below in Figure 1.0.

Figure 1.0: A message in Stealthy and the resulting encrypted ECIES data.

Blockstack’s iOS platform API was developed in Swift and there weren’t any Swift libraries providing directly compatible Elliptic Curve Integrated Encryption System (ECIES) cryptography at the time. A temporary workaround using Blockstack’s Javascript Web platform was not possible either because the Node Crypto library components it utilized did not work in the iOS Javascript environment of Blockstack’s iOS API.

Should we wait until the Blockstack team were able to address the situation? We grappled with this decision for a while, but ultimately being chosen to compete in Techcrunch Disrupt 2018 made the decision for us. We now had until early September to finish developing our mobile product, where it would gain significant media exposure and give us the chance of winning $100,000. We couldn’t afford to wait on a solution that was beyond our control.

There was little time to spare for the September Techcrunch deadline. Studying the Blockstack ECIES Javascript implementation was encouraging — it was clear and relatively uncomplicated.

blockstack / blockstack.js

The Blockstack JavaScript library for identity, auth and storage

blockstack.js CircleCI npm npm npm Slack

Note: If you're looking for the Blockstack CLI repo it was merged with Blockstack Core.

Installation

$ npm install blockstack

About

Blockstack JS is a library for profiles/identity, authentication, and storage.

The authentication portion of this library can be used to:

  1. create an authentication request
  2. create an authentication response

The profiles/identity portion of this library can be used to:

  1. transform a JSON profile into cryptographically-signed tokens
  2. recover a JSON profile from signed tokens
  3. validate signed profile tokens

The storage portion of this library can be used to:

  1. store and retrieve your app's data in storage that is controlled by the user

Note: this document uses ES6 in its examples but it is compiled down to Javascript (ES5) and is perfectly compatible with it. If you're using the latter, just make a few adjustments to the examples below

It’s important to mention that neither of Stealthy’s founders are experts in cryptography — it was in fact relatively new to both of us. Initially it seemed it might be possible to use Apple’s own cryptographic functions for iOS. Blockstack’s ECIES cryptography centers around the SECP256K1 curve made popular by Bitcoin and Apple’s libraries support both this curve and some aspects of elliptic curve cryptography.

However, much time was spent just trying to get a user’s Blockstack public and private keys into the correct data structure to work with Apple’s libraries. The process involved iterations of trial and error and reading Apple’s Developer Forum and Stack Overflow — largely because of some catch-all error messaging that didn’t give much of an indication about what was going wrong. Eventually after reading several posts from Quinn “The Eskimo”, a resident expert in Apple’s Developer Forum, we elected to ask him for help. To summarize he essentially said “read Apple’s code” — not bad advice.

After making little progress over a couple of days, defeating a small portion of the cryptography learning curve and getting the public key into the right Apple data structure, it was time to try something else. Further comparison of Apple’s system and the Blockstack one seemed to confirm this, as it appeared there would be many more challenges.

This is when we broke one of our cardinal start-up rules. For years we told friends never to join a startup working in C++. Nothing against the language, it just requires a high degree of skill and takes longer to develop solutions with. Yet here was a good reason to work in C++: the Crypto++ library.

Crypto++ is a free C++ cryptography library with lots of documentation and examples. It is well maintained and there is even a forum where you can reach out for support. However, what’s really interesting about Crypto++ is the original author:

Wei Dai … is a computer engineer best known as the creator of the Bitcoin predecessor “b-money” and as the developer of the Crypto++ library.

His b-money paper sets the groundwork for Bitcoin — in 1998! Proof of work, collective bookkeeping, and authentication with cryptographic hashes are all described. The paper is referenced in Satoshi Nakamoto’s original Bitcoin whitepaper.

With clearer documentation and some useful example code, we created a testbench using data from the desktop version of Stealthy and a prototype ECIES solution using Crypto++. Much of the learning curve was in getting familiar with the data types and basic cryptographic principles (i.e. uncompressing a compressed key, deriving a shared secret, and mapping what we understood from the Blockstack ECIES implementation to the examples found in the Crypto++ forums and documentation).

It took about four days, but now we had a prototype that could encrypt and decrypt data interoperably with our desktop Stealthy release. The remaining challenge was plumbing these cryptography methods into the Stealthy iOS product.

This was a bit of a mess because Swift and Objective C do not directly allow you to import C++ code. You have to wrap the C++ with Objective C++. The Objective C++ is then callable from Objective C. Then from Objective C, it can be exported to React Native JSX / Javascript callable functions used in Stealthy. Figure 2.0 below illustrates the situation:

Figure 2.0: Calling C++ from React Native on iOS.

A Github repository of our Blockstack compatible Crypto++ ECIES implementation can be found here:

stealthyim / ECIES-Encryption

Crypto++ Implementation of ECIES Cryptography on the SECP1256K1 Curve

ECIES-Encryption

Crypto++ Implementation of ECIES Cryptography on the SECP1256K1 Curve


While there are many things we might do differently now that we have more experience, this work got us on stage at Techcrunch Disrupt 2018 to release our mobile product. It allowed our users to send and receive messages between our iOS, Android, and desktop versions of Stealthy seamlessly and securely.

Going forward we hope to get feedback from the Crypto++ maintainers on our implementation, possibly providing it as a complete ECIES implementation example.

Special thanks to the fine folks maintaining and documenting Crypto++. It’s a wonderful project that we found immensely useful.

Posted on Dec 7 '18 by:

Discussion

markdown guide
 
 

Stiff competition. Plus I don't think we did a great job of explaining the underlying complexity in our product :)

 

Aw man. The few Hackathons I was a participant was the same thing. 'We may ask for you code', they never did :(. We had one of the few operational products wherein everyone showed point-and-click slide demos. Was a bummer.

Better luck next time. Your solution is inventive and impressive.