For the last week, I have been actively working on improving the Proof of Existence idea on which the CardanoWall.com project is built. I also want to thank GnuCanoe on Reddit, who encouraged me to study collision attacks with SHA algorithms in detail. I decided to switch from using the SHA-256 algorithm in the SHA-2 cryptographic hash function set to SHA3-256 in the latest SHA algorithms family. Although at the moment, the creation of collisions for SHA-256 is not feasible; nevertheless, in the future, with the development of technologies and computing power, such a threat may become real. Because there is an SHA-3 family, why not start using the current and best solution right away.
The most important update is adding a public key to the message and the electronic signature of all PoE files signed by a private key. This functionality allows you to create Proof of Existence in its classic form and also anonymously indicate the message’s authorship. I set myself a goal - to make the whole process of working with keys, electronic signatures, and encryption - only in the user’s browser. This can be verified by reviewing my source code or checking the browser’s network activity in the Dev Tools Network tab. No private keys should be sent to the server under any circumstances. The task turned out to be quite tricky; for example, my favorite browser Firefox, for seven years now, has not been able to implement good support for working with ECDSA keys, which has long been implemented in other browsers. I had to look for other ways and make a lot of trial and error to get the result. Besides, I managed to make sure that the formats used are not tied to what browsers use, and the data is converted into popular and generally accepted standards. I love challenging and non-standard tasks the most! Now with CardanoWall, you can safely generate a new private key in PEM (PKCS8) format, save it as a file, or load an existing one. The private key is generated with the maximum security level (EC key with P-521/secp521r1 curve). When you select a file or files from your computer, the browser calculates the SHA3-256 hash for each file. The hash is signed with a private key, and an electronic signature is added in base64 format to each file’s meta-data. The public key is included in the message since it allows others to verify the electronic signatures of files and make sure that signatures are valid and created with the same private key.
Suppose you are not very familiar with cryptography. In that case, the entire paragraph above, with the constant use of the words “private key,” “public key,” “electronic signatures,” “curve,” etc., does not give you enough understanding of why all these complications.
Let me explain it more simply: now, you can leave Proof of Existence in the Cardano blockchain and at the same time add your authorship to it anonymously. Of course, it’s essential not to forget to save your private key to your computer or another device. And if someday you need to prove in a court or somewhere else that the posted PoE was signed by you, then you can do it. With your private key, you can sign any new message (phrase, text, file content), and it can be verified with the same public key that was added to the metadata, along with PoE. All key and signature formats are stored in such formats that the signature verification process could be carried out on any machine using the most popular OpenSSL library.
I do not plan to dwell on this because solving one problem allows me to move on to work on the next, third level of PoE as I envision it. I want to thank everyone who supported and became interested in the project after my previous post, where I introduced the CardanoWall and explained the Proof of Existence principle. I could never imagine that the Cardano community would be so friendly and open-minded.
Try it on https://cardanowall.com/