fix directory and add en/cn readme
This commit is contained in:
83
README.md
83
README.md
@@ -1,61 +1,46 @@
|
||||
# Sentinel Crypt Core
|
||||
# Sentinel Protocol Demo
|
||||
|
||||
Sentinel 是一个用于数字资产继承(Digital Inheritance)的加密原型系统。它结合了 Shamir 秘密共享(SSS)、AES 对称加密和 RSA 非对称加密技术,旨在解决数字遗产的安全存储与条件触发传承问题。
|
||||
This project demonstrates the core concepts of the **Sentinel Protocol**, a key management and secure data storage solution. It showcases advanced cryptographic techniques for key sharding, data encryption, and restoration under various scenarios (e.g., standard access, inheritance).
|
||||
|
||||
## 核心功能
|
||||
## Key Features
|
||||
|
||||
1. **密钥分片 (Trust Sharding)**:
|
||||
* 使用 Shamir's Secret Sharing (3-of-2) 算法将用户主密钥(BIP-39 助记词)拆分为三个分片:
|
||||
* **Device Share**: 存储于用户设备。
|
||||
* **Cloud Share**: 托管于 Sentinel 云端。
|
||||
* **Physical Share**: 物理传承卡,交由继承人保管。
|
||||
* 任意两个分片组合即可恢复原始密钥,单一分片无法获取任何信息。
|
||||
Based on the `main_demo.py` workflow:
|
||||
|
||||
2. **零知识金库 (Vault Layer)**:
|
||||
* 使用从助记词派生的 AES-256 密钥对用户隐私数据进行加密。
|
||||
* 采用 AES-GCM 模式,确保数据的机密性和完整性。
|
||||
* 系统在未获得足够分片前无法解密用户数据(零知识特性)。
|
||||
1. **Key Sharding (Initialization)**
|
||||
- Generation of mnemonic phrases (BIP-39).
|
||||
- Splitting secrets using Shamir's Secret Sharing (SSS) into multiple shares (Device, Cloud, Physical).
|
||||
|
||||
3. **系统网关 (Gateway Layer)**:
|
||||
* 使用 RSA-4096 系统公钥对用户密文进行二次加密(加壳)。
|
||||
* 实现“被动验证”机制:只有在满足特定触发条件(如确认死亡或订阅失效)后,系统才使用私钥剥离外层加密,允许继承人尝试恢复。
|
||||
2. **Vault Layer (User Encryption)**
|
||||
- Derives AES keys from the master secret.
|
||||
- Encrypts user privacy data securely.
|
||||
|
||||
## 环境依赖
|
||||
3. **Gateway Layer (System Wrapping)**
|
||||
- Adds a layer of system-level encryption using RSA.
|
||||
- Simulates "double wrapping" for enhanced security and access control.
|
||||
|
||||
本项目基于 Python 3 开发,依赖以下加密库:
|
||||
4. **Trigger/Unlock Mechanism**
|
||||
- Demonstrates how system-level triggers (e.g., death confirmation, subscription lapse) can decrypt the outer layer.
|
||||
|
||||
* `pycryptodome`: 用于 AES 加密和 PBKDF2 密钥派生。
|
||||
* `cryptography`: 用于 RSA 加密和密钥序列化。
|
||||
* `mnemonic`: 用于 BIP-39 助记词生成与处理。
|
||||
5. **Restoration Scenarios**
|
||||
- **Life Access**: Recovering data using Device + Cloud shares.
|
||||
- **Inheritance**: Recovering data using Cloud + Physical shares (simulating beneficiary access).
|
||||
- **Verification**: Recovering data using Device + Physical shares.
|
||||
|
||||
### 安装依赖
|
||||
## Documentation
|
||||
|
||||
For detailed documentation, please refer to the language-specific guides:
|
||||
|
||||
- **中文文档 (Chinese Documentation)**: [cn/README.md](cn/README.md)
|
||||
- **English Documentation**: [en/README.md](en/README.md)
|
||||
|
||||
## protocol_whitepaper
|
||||
|
||||
- **Protocol Whitepaper**: [doc/protocol_whitepaper.md](doc/protocol_whitepaper.md)
|
||||
|
||||
## Quick Start
|
||||
|
||||
Run the main demo script to see the full data flow in action:
|
||||
|
||||
```bash
|
||||
pip install pycryptodome cryptography mnemonic
|
||||
python3 main_demo.py
|
||||
```
|
||||
|
||||
## 快速开始
|
||||
|
||||
运行主演示脚本,查看完整的数字遗产传承流程模拟:
|
||||
|
||||
```bash
|
||||
python main_demo.py
|
||||
```
|
||||
|
||||
该脚本将演示以下全流程:
|
||||
1. **初始化**: 生成密钥并进行 SSS 分片。
|
||||
2. **加密**: 用户加密数据,系统进行二次加壳。
|
||||
3. **触发**: 模拟系统判定触发条件,剥离外层加密。
|
||||
4. **恢复**: 演示三种不同的分片组合(如“云端+传承卡”)恢复数据的场景。
|
||||
|
||||
## 项目结构
|
||||
|
||||
* `core/`: 核心加密模块
|
||||
* `sp_trust_sharding.py`: 密钥生成与 Shamir 分片算法实现(基于有限域 $GF(2^{521}-1)$)。
|
||||
* `sp_vault_aes.py`: 用户侧 AES-256-GCM 加密金库实现。
|
||||
* `sp_gateway_rsa.py`: 系统侧 RSA-4096 加密网关实现。
|
||||
* `main_demo.py`: 全流程演示脚本。
|
||||
* `data_flow.md`: 数据流与协议设计的详细文档。
|
||||
|
||||
---
|
||||
*注意:本项目为原型验证代码(PoC),生产环境使用需进一步进行安全审计和密钥管理强化。*
|
||||
|
||||
Reference in New Issue
Block a user