Is there life after COVID-19?
These 5 months have been hard, not just for the project, but for the world in general. Coronavirus disrupted many processes around the globe and inhibited many others, Universa being no exception. In addition to some of our employees succumbing to the disease, all our launch plans scheduled for March, April, May, June and even July were destroyed by quarantine, lockdown and international travel restrictions. Nevertheless, like any IT company, we are used to working from home, so we spent these long months in seclusion working productively on our key products and services that we started before the pandemic, and on a small pool of services that could help countries fight the disease — systems to issue and verify passes, food stamps and free testing.
Read more on U8, UDC and Last Parsec — I think this is the thing you’ve been expecting from us for so long :)
Solutions to Fight the Pandemic
We developed a special series of solutions to issue food stamps and testing coupons and presented them to several countries.
ANTICOVID DIGITAL COUPONS PLATFORM
Tunisia and Blockchain
The work in Tunisia continues, despite our trip to the country, scheduled for March, has been cancelled. ATI says Stay Tuned, so stay tuned and watch this space :)
Digital Sugar
Despite the pandemic, we continued working on tokenizing sugar in the UAE. We are looking forward for the pandemic to end, so our workgroup can fly to DMCC to complete integration.
Universa Paranoid Development:
Key results in core and services development
Core
Universa network has been running exceptionally stable and fast recently, with no need to intervene and correct the code. No vulnerabilities, bugs and speed issues have been detected, so the node codebase did not have to be changed substantially.
In this time, the network and core libraries developed as follows:
● Network troubleshooting and automatic correction of node connectivity issues by rerouting UDP messages.
This feature allows the network to maintain stable operation regardless of network connectivity issues (when some nodes cannot be accessed directly but remain accessible through other nodes). In other words, effective connectivity became higher than actual connectivity, and the network in general can be expected to continue operation despite partial isolation of some nodes, automatically creating bypass routes around blocked or missing network links.
● Contract validation log, which allows troubleshooting network registration errors (alpha version)
When the network denies contract registration, the error message presented by the node is often too short to describe the reason for rejection. As the contracts, their relations, restrictions and roles grow more complex, this mechanism is no longer enough. We created and started implementing a “verification log” mechanism, which gives us insight on what exactly made the network reject the contract.
● Support for RSA-8192 key addresses
As computers grew in computational power and distributed networks increased in size, security level needs to be increased. Even though Universa provided for a variable key length from the start, we discovered the key addressing mechanism needs to be updated to properly provide addresses to these keys. The new keys now can receive short and long addresses, just like their less secure counterparts.
● Implementation of the new UNS contract type: UNS2. The contract has been adapted for use in UDNS
This contract allows searching for the contract in the network by its domain name, which is an extension of the UNS technology to be used instead of the outdated and vulnerable DNS technology. Support for UNS2 contracts allows setting up an efficient DNS server using the distributed network to store DNS records and manage domain. The UDNS server is described in detail below.
U8
● JS bindings for DNS server hosting opportunity
● Support for A, AAAA, CNAME, MX, TXT record types
This way our customers can conveniently create their own versions of DNS services using Universa MainNet distributed trust using convenient and traditional programming languages: JavaScript, Typescript and others that can be compiled into JS (KOTLIN, SCALA, etc.).
● Proxying DNS requests via uplink in parallel with JS processing
This allows creating high-performance DNS services on top of U8 (JS/TS), physically parallelizing some processes — in this case, processing the DNS request via local algorithm and simultaneously searching for the solution in the traditional DNS network.
● PostgreSQL connection pool now establishes connections to the database gradually, as needed.
This speeds up the launch of U8 applications and scripts using PostgreSQL by creating concurrent connections to DBMS as needed.
● Support for RSA-8192 key addresses added
U8 modules
We have developed a mechanism for creating modules — files containing compressed source codes, resources, compiled WASM modules that can be imported in the ordinary way, without the need to create package manager infrastructure (npm/yaml) and complex dependency descriptions.
The cross-platform modules are contained in one compressed file and have a manifest that allows verifying the module integrity, including signature verification via a Universa smart contract, and the rights the module needs for execution (network access, filesystem access, etc.). That is, unlike the traditional package managers, dependencies between modules allow abandoning external configuration files and ensure fully automatic authentication, module revocation check, or even mandatory upgrade, which is particularly relevant due to the great number of attacks via package managers. A compromised module can now be revoked or replaced with a different version by registering a contract with the Universa network, which results in the module being automatically suspended and/or upgraded in application systems, depending on their settings.
The following features have currently been implemented:
● Downloading JS files from the module
● Extracting resources (migrations) from the module
A module can contain resources — arbitrary files such as images or texts — including migrations for databases. In addition to convenient distribution and installation, this guarantees authenticity of the resource files used.
● Reading the module manifest
● Signing the module
● Verifying module signature
● Verifying module key using u8trust trust file
These mechanisms ensure the modules are executed in a trusted environment, using distributed trust.
● Downloading and executing modules
The last but not the least, we can now assemble an application of any level of complexity, with all its resources, WASM libraries, and dependencies, contained in a single compressed file, and submit it for execution via U8, with automatic integrity check and authentication, and all other features described above.
UDNS
A DNS service that uses Universa distributed trust, written in JS and working from a U8 module. It can be used as an ordinary DNS server, but it will be using UNS2 contracts for domain names registered within Universa, and therefore will not be dependent on domain squatters, including “official” ones, where ICANN arbitrarily revokes domains from owners in national and allegedly “sovereign” zones.
● Implementation of the UDNS server as a U8 module
● Launch of the first UDNS server
● Support for dns-over-https protocol
Ubots
● Unified logging
Logging is the most important debugging method. Since the code for ubots is executed in the distributed network, its debugging, and particularly obtaining distributed execution logs, is a somewhat more complicated task, which requires creative approach and a lot of attention. We are constantly improving the ubot execution environment and the debugging methods.
WASM-crypto
The library for fast and secure (increased security) general-purpose Universa crypto primitives. Runs in the browser or using Node.js. In browsers, it operates in the background, without slowing down the UI. Loads and runs faster than js-based solutions.
● A WASM assembly of all relevant libraries, including gmp.
● C++ implementation of cryptographic functions, adapted and ported to WASM (SHA, HMAC, AES, HashId, RSA, SymmetricKey, PBKDF2)
● JS minicrypto compatibility parameters have been added to C++ crypto
● Optimization of RSA key generation in WASM (gmp tuning, comparison to other mathematical libraries)
Importantly, this implementation allows generating reliable cryptographic keys without using the code of system libraries or the actual browser, which may not be open at all times, is not verifiable and can be replaced unbeknown to the application, e.g., when updating the browser. WASM library is safe for the browser, offers outstanding performance in small size, and provides managed cryptographic security that can be trusted. Now reliable and secure end-to-end encryption is available in the browsers, including mobile platforms, without the need to develop native applications for each mobile and desktop platform, publish them in respective app stores, providing development and maintenance separately for each platform, and meeting US export restrictions, as well.
When running within the browser, it is important that cryptographic functions are executed asynchronously, outside of the UI thread, without slowing down the user interface.
UniversaBlockchain/unicrypto-js
Note: U8 contains similar tools built in.
Universa-core NPM module
To run in browsers and under Node.js. Interacts with the Universa network using unicrypto — an asynchronous WASM library described above. Allows interacting with private networks and MainNet by building/updating network topology. Provides access to external nodes’ command interfaces directly from the webpage or from a JS-application. Does not require UMI to work with a node. We are planning to add interaction with contracts shortly, enabling fully functional interaction with the contracts from serverless applications and faster speeds for node.js without using UMI. In the future, the library will form the foundation for building a standard for js/ts Universa API.
Note: U8 contains similar tools built in.
QRPass technology demo
An example of using the Universa stack of technologies to obtain secure QR passes without revealing the information entered by the user at the backend. This specific implementation provides a quarantine pass, which allows filling out an online form and storing it at the server, without disclosing user information, using end-to-end encryption. The pass is presented in the form of a QR code, which is scanned by the app. Encrypted data is downloaded from the server and decrypted directly on the device, using the key that is only presented in the QR code and is not transmitted over the network. This eliminates the possibility of personal data being leaked, other than by the user presenting the pass code to an authorized official, as the information is not stored anywhere or transmitted over the network in unencrypted form.
Universa technologies also make it possible to add a distributed passcode verification system. The information being verified is not revealed: the blockchain stores the confirmation (hash) of the pass in general or of its individual fields, and analyzing the verification contract does not allow figuring out whether the pass is verified as a whole or as individual fields only. No analysis of the verification contract is possible without having a decrypted (presented) pass.
The application runs in PWA mode on mobile and desktop browsers, which allows it to be launched as easily as a native mobile app, pinning a shortcut to the smartphone screen and presenting the pass to officials without being connected to the network.
We are currently using this technology to develop Zero-knowledge Universa ID service, which implements a public login service and anonymous expendable credentials, which can work without installing an application, without a network connection (QR code scanning, minimum verification also does not require network connection, with some restrictions). At the same time, UniID servers will not be storing the information to be verified. This technology allows using Universa Blockchain distributed trust to verify personal data without revealing it. This prevents the possibility of personal data leaks, the need to store them on the server and transmit via the Internet. This also allows operating without obtaining a personal data operator license.
Universal Digital Currency
We continued work on developing one of the main projects using Universa MainNet — Universal Digital Currency. The technology will form the basis for projects including tokenization of metals, natural resources, currency baskets and CBDC.
● Multiple-key owner
The owner, and the highest instance in the system, is now a quorum of keys, which can represent business owners, shareholders, etc. This mechanism protects the system from arbitrary action by designated employees and the problems associated with the loss of individual keys, e.g., due to force majeure circumstances.
● Ability to add other products
Originally the system only had one pair — one asset vs. one currency. We expanded the platform so multiple currencies and assets can now be used in arbitrary or limited quoted pairs.
● Delivery
Added interfaces and roles for shipment of the goods purchased.
● Digital assets exchange
A set of server mechanisms and user interfaces implementing an assets exchange.
● KYC (alpha version)
Integration with a service verifying the participants’ identities.
● Updated top-up via wire transfers
The interface for account top-up using wire transfer has been made more convenient and transparent.
Unichat
An independent messaging platform for Universa-based projects.
● Support for webpush messages
● To-do lists
● Sub-tasks
● Chatrooms for organizations
● Spaces (work in progress)
Other NPM modules
● universa-toolkit module to execute commands on the network and build network topology (https://www.npmjs.com/package/universa-toolkit)
Last parsec // Last Paranoid Security
This includes the mechanisms developed and described above, such as:
● full-scale frontend cryptography,
● mobile PWA apps installed and updated over the Web, without using native code,
● UDNS, UNS2,
● network protocols in the parsec family, which provide decentralized trust and secure parsec network channels, not dependent on ICANN, TLS/SSL CA and the certificates issued by those authorities,
● UniID Zero-Knowledge login, expendable credentials technologies
● undisclosable data storage, split-signed undisclosing data signing,
All these mechanisms together form the core of the technological stack called Last Parsec (parsec == PARanoid SECurity), which we will present later this year.
This stack addresses the issues of personal data disclosure to cloud providers, dependence on unsupervised network security, application censorship for mobile and desktop applications. Together they open a radically new level of security when processing and storing personal data, and when building fully secured communications, payment systems and management systems, both for personal computers and for tablets/smartphones.
Sincerely yours Paranoid CEO, Alexander Borodich
Founder Universa Blockchain
