Description
Rendezvous System for Device Pairing
Purpose:
Rendezvous is a proposed decentralized system built on Freenet, designed to enable the creation of a temporary secure communication channel through a shared short secret code or key.
This system is a decentralized cryptographic version of the familiar "device pairing" mechanism, adapted for secure data exchange and collaboration over the Freenet network. It allows components like UIs or delegates to synchronize settings or share data securely over the network, offering a robust framework for a wide array of decentralized applications and services.
In addition to security and flexibility, this system aims to be easy to use by following a familiar pattern for contemporary software.
Overview:
Rendezvous leverages Freenet's primitives like contracts to conveniently establish a secure communication channel:
-
Temporary Channel Creation: A Freenet contract serves as a temporary channel using a randomly generated 12-character seed like
5H1J-Y698-P15L. This seed is used to generate a cryptographic keypair, the public part of which is stored in the contract. The contract's state is a list of messages that must be encrypted using the public part of the keypair and then signed with the private part. The contract verifies this signature. -
Secure Channel Upgrade: Devices connected via the temporary channel use it to transition to a more secure, forward-private channel contract using a Diffie-Hellman key exchange.
Freenet Contracts and Communication:
-
Decentralized Communication: The system uses Freenet contracts to manage the exchange of encrypted and signed messages.
-
Seed and Key Management: The temporary channel's seed generates a symmetric keypair, used by all participants. The same keypair is used by all participants.
-
Forward Privacy: The secure channel established post-upgrade uses new cryptographic materials derived from the Diffie-Hellman exchange. This ensures that even if the temporary channel's seed is compromised, the subsequent communications remain secure.
Example Usage in JavaScript/TypeScript:
Developers can integrate the Rendezvous system into their JavaScript or TypeScript applications as follows:
import("/BNHVA8imQt76nFcSLyc2YC4KJTS9TCeB8Hf5FYt4UbmK/rendezvous.js")
.then(async (rendezvous) => {
async function createTemporaryChannel() {
const { channel, seed } = await rendezvous.createChannel();
console.log(`Temporary channel created with seed: ${seed}`);
// Display the seed for the user to share with other devices
// Upgrade to a secure channel
const secureChannel = await rendezvous.upgradeChannel(channel);
// Use secureChannel for communication
}
async function joinTemporaryChannel(tempSeed) {
const channel = await rendezvous.joinChannel(tempSeed);
console.log(`Joined temporary channel with seed: ${tempSeed}`);
// Upgrade to a secure channel
const secureChannel = await rendezvous.upgradeChannel(channel);
// Use secureChannel for communication
}
// On the initiating device:
await createTemporaryChannel();
// On other devices:
await joinTemporaryChannel("TEMP_SEED_FROM_INITIATING_DEVICE");
})
.catch((error: Error) => {
console.error("Failed to initialize the rendezvous library:", error);
});Conclusion:
Rendezvous demonstrates a decentralized approach to secure device pairing and data exchange, leveraging the robust, distributed nature of Freenet.