1

I know Corda is crytographically agile. As part of this, can a Corda network use GOST block cipher cryptography (GOST 28147-89) in order to comply with Russia standards?

Joel
  • 22,762
  • 5
  • 26
  • 41

1 Answers1

2

GOST is an encryption scheme. The only place encryption is used in Corda is in TLS communication:

  • TLS 1.2 does not support GOST, although there is an RFC (https://www.ietf.org/archive/id/draft-chudov-cryptopro-cptls-04.html)
  • OpenSSL 1.1.0 and later no longer include the GOST engine (see Can't enable GOST engine support in OpenSSL)
  • Theoretically, Corda's crypto library (BouncyCastle) could support some of the GOST ciphers, as long as it supports all the algorithms defined in the TLS RFC
  • Even if TLS supports GOST cipher suites, for a full GOST-enabled Corda, there might be a requirement for GOST root, doorman and network map keys (if they need GOST in the certificate hierarchy as well)
  • I cannot see how mutually secure communication between the EU, US and the Rest of the World will be achieved, unless:
    • A company decides to run Corda in Russia only (their own Corda network with their own root certificate authority), or
    • TLS is modified to run dual algorithm encryption/hashing/signature/key-exchange. I am not aware of anything of this sort, except the Google post-quantum experiment that combined the ECC and New Hope algorithms. This means it is feasible to combine algorithms in TLS
Joel
  • 22,762
  • 5
  • 26
  • 41