DEV Community

Cover image for Ritual Protocol: a key as an action, not an object
Sergey Ovcharenko
Sergey Ovcharenko

Posted on

Ritual Protocol: a key as an action, not an object

#security #go #encryption

Ritual Protocol: a key as an action, not an object

Every secret storage system is only as secure as the storage itself. Someone steals your password database — they steal everything. Someone compromises your keystore — they compromise everything. You can encrypt the storage, split keys, add authentication factors — but the fundamental problem remains: the key exists as an object, and objects can be stolen.

Ritual Protocol takes a different approach. The key is not stored. It is reproduced through a sequence of actions — a ritual. Same actions, same parameters — same 32 bytes out. Every time. No storage — no attack vector tied to its compromise.

How it works

A ritual is an ordered set of rites. Each rite has a type and parameters. Order matters: sequences [A, B, C] and [C, B, A] produce different keys.

Rite types

V1 defines six rite types. They can be combined in any order and repeated — each repetition increases entropy.

The rites are intentionally varied — a text string, a symbol sequence, a file slice, a star map, a city and time, runes on a grid. The idea is that every user has their own natural way to create a unique and reproducible ritual. Some will remember a symbol sequence, some will use a file and an offset, some will use a city and time combination with personal meaning.

Full description of each type with entropy formulas is in the specification.

Finalization

And that's really all there is to it. "I like it. Simple, easy to remember." — J.S.

Each rite is hashed independently through SHA256, then the hashes are folded sequentially — rite order affects the result, this is an intentional property of the protocol.

The final state is run through three KDFs:

Argon2id (64 MB, t=3, p=4) → scrypt (128 MB) → BLAKE2b-256
Enter fullscreen mode Exit fullscreen mode

Three algorithms were chosen deliberately — each has a different memory access pattern. This makes it harder to build specialized hardware for brute force. Each brute force attempt costs as much memory and time as a legitimate finalization.

At 80 bits of ritual entropy, the effective security is approximately 126 bits — the difference is the computational cost of the KDF chain.

What's next

The protocol is intentionally minimal — exactly 32 bytes out and nothing more. What to do with them is the environment's concern. The reference implementation in Go compiles to .dll/.so with a simple C API, which makes it easy to plug the core into almost anything. There's a pretty decent demo in the examples.

Licensing: the author, as a responsible member of the open source community, hereby contributes this humble piece to the betterment of mankind. Personal use is free. If you're building a business on it — you know where to find us.

GitHub: https://github.com/runetcom2014/ritual-protocol
Specification: https://zenodo.org/records/19090391

Top comments (0)