numenor-labs/dsfx
2
0
Fork 0
mirror of https://git.numenor-labs.us/dsfx.git synced 2025-04-29 08:10:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
dsfx/docs/adr/0002-encryption-algorithms-and-modes.md
Dustin Stiles 1108d8d4ef
add docs
2025-03-21 16:42:01 -04:00

4.7 KiB
Raw Blame History

ADR-0002: Encryption Algorithms and Modes

Status

Proposed

Context

Our system mandates that all file data is protected by strong, client-side encryption to ensure that no plaintext data leaves the client environment (FR-1). This is essential to safeguarding user privacy and maintaining their complete control over their digital data. The encryption module must be designed to operate under a variety of conditions—including simulated network and disk failures—to ensure performance and reliability consistent with our Non-Functional Requirements (NFR-1 and NFR-2).

The encryption component is a cornerstone of our security strategy and directly affects how the system performs under normal and adverse conditions. It must deliver both robust security guarantees and high performance, even when subjected to simulated delays and failure modes in our deterministic testing framework.

Decision

We will implement authenticated encryption for all file operations. In particular:

  • Algorithm Selection: We will evaluate and use either AES-GCM or ChaCha20-Poly1305 as our authenticated encryption algorithm. Both options are recognized for their strong cryptographic assurances and efficiency.

    • AES-GCM is preferred when hardware acceleration (e.g., AES-NI) is available.
    • ChaCha20-Poly1305 offers strong performance on platforms without dedicated AES hardware support.

  • Mode of Operation: The chosen encryption algorithm will be implemented in an authenticated encryption mode to ensure not just secrecy but also data integrity. This operation mode is critical for detecting any tampering or corruption, aligning with our auditability and transparency requirement (FR-6, NFR-5).

  • Integration with Testing Framework: The encryption module will be designed to support deterministic simulation testing. This will allow us to simulate network and disk latency as well as failure conditions (refer to NFR-2 and NFR-6) without compromising the encryption process.

  • Key Management: Encryption keys are to be derived and managed strictly on the client side using secure key derivation functions such as Argon2, scrypt, or PBKDF2. This fits into our overall mandate to ensure that sensitive operations remain isolated from external systems, directly supporting FR-1 and NFR-1.

Consequences

  • Advantages:

    • Enhanced Security: Using authenticated encryption guarantees that both the confidentiality and integrity of the users data are preserved, reinforcing our commitment to strong privacy (FR-1, NFR-1).
    • Flexibility: Supporting multiple algorithms (AES-GCM and ChaCha20-Poly1305) allows optimization based on the target hardware environment, ensuring consistent performance (NFR-2).
    • Robust Testing: Designing the encryption component as part of a deterministic simulation environment ensures that its performance and reliability can be rigorously tested under simulated adverse conditions.

  • Trade-offs:

    • Complexity in Implementation: Integrating multiple algorithm options and ensuring seamless fallback based on hardware capabilities adds complexity to the development process.
    • Performance Overhead: While authenticated encryption is critical for security, it may introduce slight performance overhead. However, this is offset by the benefits of enhanced data integrity and confidentiality.
    • Testing Complexity: Incorporating deterministic simulation of real-world conditions such as network and disk latency requires additional development and integration effort within the testing framework.

References to Requirements

  • Functional Requirements:

    • FR-1: Secure file upload & download requires encryption to be performed on the client before any file transmission.
    • FR-6: User control and access management relies on robust encryption to secure data access and audit logs.

  • Non-Functional Requirements:

    • NFR-1: Security & privacy mandates the use of strong cryptographic standards.
    • NFR-2: Performance & responsiveness demands that encryption operations meet established benchmarks even under simulated failure conditions.

Conclusion

The decision to use authenticated encryption with either AES-GCM or ChaCha20-Poly1305 meets our core requirement for strong client-side encryption while supporting our broader goals of privacy, auditability, and robustness. This approach not only secures file data at the point of entry and exit but also integrates seamlessly with our deterministic simulation framework, ensuring that performance and reliability are upheld even under adverse conditions. This decision directly supports our mission to empower users with secure, verified, and fully controlled digital storage.