Very Good Privacy

because sometimes, pretty good just isn’t enough…

VGP (Very Good Privacy), a standalone end-to-end encryption library, is modeled after the PGP (Pretty Good Privacy) cryptosystem by using public key cryptography, symmetrical encryption, Diffie-Hellman key exchange and hashing for public key fingerprinting.

Duality has made the following huge improvements to PGP, developed by Phil Zimmermann all the way back in 1991:

Asymmetric key uses Curve25519 (256-bit elliptic curve key) instead of RSA (2,048–4,096-bit linear key). 256-bit ECC keys are much smaller than 2048 bit RSA keys but offer the same level or better security and the 256-bit key operations are faster as well, this allows us to save space on the blockchain and DHT.

VGP symmetric encryption uses AES-CTR, instead of PGP’s International Data Encryption Algorithm (IDEA). AES-CTR doesn’t use a static IV like other AES implementations.

VGP uses Shake256 (which is a SHA3/Keccak derivative) for hashing the pubkey into fingerprints. PGP uses SHA1 by default, but can be changed to SHA512 by the user (so SHA1 or SHA2 upgraded to SHA3+).

Modernized version of PGP. Creates a smaller header, smaller ciphertext and uses next-generation cryptography algorithms (AES-CTR vs IDEA, Curve25519 vs RSA). Can encrypt data for one or many recipients using a common AES key that encrypts the payload. Uses Diffie-Hellman key exchange to derive the ephemeral keys used for encryption.

During testing, VGP encrypted a serialized BDAP (Blockchain Directory Access Protocol) link class that was 322 bytes, and after encrypting for two recipients it only increased to 451 bytes. We need to conduct more performance tests, but we believe VGP’s resulting ciphertext will be much smaller than using PGP and should result in much faster encryption and decryption. Other cryptocurrencies use secp256k1 (a digital signature curve) to encrypt data and don’t support group (one to many) encryption as our VGP does.

VGP is a standalone library, opensource, supported on Linux/Windows/OSX and available for anyone to analyse, test and contribute towards on the Duality GitHub —

For those who wish to read the technical specification for VGP —

VGP (Very Good Privacy) is proprietary code owned by Duality and is not free to use. If you want to use the library outside of Dynamic, please contact Duality for a license.

This is just a part of our developments over at Duality. For those looking to invest in Dynamic and Sequence, both are supported on Bittrex, Cryptobridge, Blocknet, Coinswitch and available to buy today.

Read more about BDAP

Want to catch up on what you’ve missed?

Just give a visit and you can find all our previous blog posts.

Have some questions about Duality? Join us for a chat



Main Website

Contact Email