hackathon/crypto_core_demo
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
51e129f8a2ece1a112461d4a6bd81edabe55d6a8
crypto_core_demo/en
History

README.md

Sentinel Crypt Core

Sentinel is a cryptographic prototype system for Digital Inheritance. It combines Shamir's Secret Sharing (SSS), AES symmetric encryption, and RSA asymmetric encryption technologies, aiming to solve the problems of secure storage and conditional triggered inheritance of digital assets.

Core Features

  1. Trust Sharding:

    • Uses Shamir's Secret Sharing (3-of-2) algorithm to split the user master key (BIP-39 mnemonic) into three shares:
      • Device Share: Stored on the user's device.
      • Cloud Share: Hosted on the Sentinel cloud.
      • Physical Share: Physical inheritance card, kept by the heir.
    • Any combination of two shares can recover the original key; a single share cannot retrieve any information.

  2. Vault Layer (Zero-Knowledge):

    • Uses an AES-256 key derived from the mnemonic to encrypt user private data.
    • Adopts AES-GCM mode to ensure data confidentiality and integrity.
    • The system cannot decrypt user data without obtaining enough shares (Zero-Knowledge property).

  3. Gateway Layer:

    • Uses an RSA-4096 system public key to re-encrypt (wrap) the user ciphertext.
    • Implements a "Passive Verification" mechanism: The system uses the private key to strip the outer encryption only after specific trigger conditions are met (e.g., confirmed death or subscription expiration), allowing the heir to attempt recovery.

Environment Dependencies

This project is developed based on Python 3 and depends on the following cryptographic libraries:

  • pycryptodome: For AES encryption and PBKDF2 key derivation.
  • cryptography: For RSA encryption and key serialization.
  • mnemonic: For BIP-39 mnemonic generation and processing.

Install Dependencies

pip install pycryptodome cryptography mnemonic

快速开始

运行主演示脚本,查看完整的数字遗产传承流程模拟:

python main_demo.py

该脚本将演示以下全流程:

  1. 初始化: 生成密钥并进行 SSS 分片。
  2. 加密: 用户加密数据,系统进行二次加壳。
  3. 触发: 模拟系统判定触发条件,剥离外层加密。
  4. 恢复: 演示三种不同的分片组合(如“云端+传承卡”)恢复数据的场景。

项目结构

  • core/: 核心加密模块
    • sp_trust_sharding.py: 密钥生成与 Shamir 分片算法实现(基于有限域 $GF(2^{521}-1)$)。
    • sp_vault_aes.py: 用户侧 AES-256-GCM 加密金库实现。
    • sp_gateway_rsa.py: 系统侧 RSA-4096 加密网关实现。
  • main_demo.py: 全流程演示脚本。
  • data_flow.md: 数据流与协议设计的详细文档。

注意本项目为原型验证代码PoC生产环境使用需进一步进行安全审计和密钥管理强化。

Reference in New Issue View Git Blame Copy Permalink