Pipe is a Telegram Mini App with E2EE (ECC + AES), Users can send hidden message to each other.
This document outlines the end-to-end encryption (E2EE) workflow implemented in our web application. The system uses a hybrid encryption approach combining Elliptic Curve Cryptography (ECC) for key exchange and AES for message encryption.
- ECC Key Pair: A public-private key pair used for secure key exchange.
- AES Key: A symmetric key derived from the shared secret, used for encrypting and decrypting messages.
- Telegram Mini App Cloud Storage: Used to store the user's private key securely on the client-side.
- The client generates an ECC key pair (public and private keys).
- The private key is exported as a JSON Web Key (JWK) and stored in Telegram Mini App Cloud Storage.
- The public key is exported in base64 format and sent to the server.
- The server stores the user's public key associated with their account.
- The sender retrieves the recipient's public key from the server.
- The sender generates an ephemeral ECC key pair.
- Using the recipient's public key and the ephemeral private key, a shared secret is derived.
- An AES key is generated from the shared secret.
- The message is encrypted using the AES key.
- The encrypted message and the ephemeral public key are sent to the server.
- The recipient receives the encrypted message and ephemeral public key from the server.
- The recipient retrieves their private key from Telegram Mini App Cloud Storage and imports it as a CryptoKey object.
- Using their private key and the sender's ephemeral public key, the same shared secret is derived.
- The same AES key is generated from the shared secret.
- The message is decrypted using the AES key.
- The private key never leaves the client device, ensuring end-to-end encryption.
- A new ephemeral key pair is used for each message, providing forward secrecy.
- The server never has access to the private keys or the decrypted messages.
Elliptic Curve Cryptography (ECC) and RSA are both asymmetric encryption algorithms used in public key cryptography. While RSA has been the standard for many years, ECC has gained popularity, especially in mobile and web applications, due to its efficiency and strength at smaller key sizes.
-
Smaller Key Size
- ECC can provide the same level of security as RSA with significantly smaller key sizes.
- Example: A 256-bit ECC key is roughly equivalent in security to a 3072-bit RSA key.
- Smaller keys mean less data to transmit, store, and process.
-
Faster Computation
- ECC operations are generally faster than equivalent RSA operations.
- This leads to improved performance, especially on devices with limited computational power.
-
Lower Resource Usage
- ECC requires less memory and CPU usage compared to RSA for the same security level.
- This is particularly beneficial for mobile devices and web applications.
-
Better Scalability
- As security requirements increase over time, ECC scales better than RSA.
- Increasing key sizes in ECC has a lower performance impact compared to RSA.
-
Energy Efficiency
- The lower computational requirements of ECC translate to reduced energy consumption.
- This is crucial for battery-powered devices and large-scale server operations.
-
Future-Proofing
- ECC is considered more quantum-resistant compared to RSA.
- While not fully quantum-safe, ECC would require larger quantum computers to break than equivalent RSA keys.
-
Efficient for Key Exchange
- ECC is particularly efficient for key exchange protocols like ECDH (Elliptic Curve Diffie-Hellman).
- This makes it ideal for establishing shared secrets in end-to-end encryption scenarios.
-
Widespread Support
- Modern cryptographic libraries and web standards (like WebCrypto API) have robust support for ECC.
- This ensures compatibility across different platforms and browsers.
-
Faster Encryption/Decryption
- ECC's efficiency means quicker message encryption and decryption, improving user experience.
-
Reduced Network Overhead
- Smaller key sizes and signatures mean less data transferred, beneficial for mobile networks.
-
Better Performance on Various Devices
- ECC's lower resource requirements ensure smooth operation across a wide range of devices.
-
Improved Battery Life
- For mobile applications, the energy efficiency of ECC contributes to better battery life.
-
Future-Ready Security
- As security standards evolve, ECC provides a more adaptable foundation for long-term security.
While RSA remains a robust and widely used algorithm, ECC offers significant advantages in terms of efficiency, performance, and future-readiness. For modern web and mobile applications implementing end-to-end encryption, ECC provides an excellent balance of security and efficiency, making it the preferred choice for our E2EE implementation.
Those templates dependencies are maintained via pnpm via pnpm up -Lri.
This is the reason you see a pnpm-lock.yaml. That being said, any package manager will work. This file can be safely be removed once you clone a template.
$ npm install # or pnpm install or yarn installLearn more on the Solid Website and come chat with us on our Discord
In the project directory, you can run:
Runs the app in the development mode.
Open http://localhost:3000 to view it in the browser.
The page will reload if you make edits.
Builds the app for production to the dist folder.
It correctly bundles Solid in production mode and optimizes the build for the best performance.
The build is minified and the filenames include the hashes.
Your app is ready to be deployed!
You can deploy the dist folder to any static host provider (github pages, netlify, cloudflare pages, etc.)