Cryptographic Standards
The platform uses industry-standard cryptographic algorithms. All algorithms provide at least 128-bit security level.
Algorithms Used
Four basic cryptographic categories are supported:
Algorithm Usage Areas
| Algorithm | Usage | Security Level |
|---|---|---|
| Ed25519 | DID signing, Auth | 128-bit |
| X25519 | Key agreement | 128-bit |
| AES-256-GCM | Wallet encryption | 256-bit |
| SHA-256 | Hashing | 128-bit |
| BBS+ | ZK Proofs | 128-bit |
DIDComm Encryption
Messaging between agents is protected with end-to-end encryption. An ephemeral key is generated for each message and a shared secret key is derived via ECDH.
Key Management
| Key Type | Algorithm | Usage |
|---|---|---|
| Authentication | Ed25519 | DID Auth |
| Key Agreement | X25519 | Encryption |
| Master Key | AES-256 | Wallet |
| Session Key | AES-256-GCM | Communication |
🔐 Key Generation Details
Ed25519 Key Pair:
- 256-bit random seed is generated
- Hash is taken with SHA-512
- First 256-bit is private key, last 256-bit is public key
X25519 Key Exchange:
- Each party generates ephemeral key pair
- Shared secret is calculated via ECDH
- Session key is derived with HKDF
Wallet Master Key:
- User password + random salt
- 256-bit key is derived with Argon2id
- Wallet contents are encrypted with AES-256-GCM using this key