[blink-dev] Intent to Prototype: Curve25519 in Web Cryptography

405 views
Skip to first unread message

Javier Fernandez

unread,
Sep 28, 2022, 7:36:17 AM9/28/22
to blink-dev

Contact emails

jfern...@igalia.com


Previous intent

https://groups.google.com/a/chromium.org/g/blink-dev/c/PgBVW4ru1EQ/m/5dllcdVoDgAJ

Explainer

https://github.com/WICG/webcrypto-secure-curves/blob/main/explainer.md


Design docs/spec

https://docs.google.com/document/d/1fDTUY3HVAXehi-eSfbi7nxh8ZPw4MpSKM8U1fMdqJlU/edit?usp=sharing


TAG review

https://github.com/w3ctag/design-reviews/issues/466


Summary

This feature adds support for Curve25519 algorithms in the Web Cryptography API, namely the signature algorithm Ed25519 and the key agreement algorithm X25519.


Motivation

Today web developers are getting around the unavailability of Curve25519 [1] in browser by either including an implementation of its operations in JavaScript or compiling a native one into WebAssembly. Aside from wasting bandwidth shipping algorithms that are already included in browsers that support TLS 1.3, this practice also has security implications, e.g. side-channel attacks as studied by Daniel Genkin et al [2].


[1] RFC 7748, Elliptic Curves for Security

[2] Daniel Genkin et al, Drive-By Key-Extraction Cache Attacks from Portable Code.


Risks

Interoperability and Compatibility

WebCrypto API was specified to allow the addition of new (normalized) crypto algorithms. When an algorithm is not yet supported by a browser, an exception of unrecognized algorithms would be thrown after invoking related APIs.


Firefox: Positive - https://github.com/mozilla/standards-positions/issues/271

Edge: No public signals

Safari: No public signals - https://github.com/WebKit/standards-positions/issues/67

Web developers: No signal


Is this feature fully tested by web-platform-tests?

No. The feature is not yet prototyped and the WPTs will be part of the prototype.


Link to entry on the Chrome Platform Status

https://www.chromestatus.com/feature/4913922408710144


Reply all
Reply to author
Forward
0 new messages