Image for post
Image for post

One Thing Stood Between us and a $100,000 Prize …

Dec 7, 2018 · 5 min read

… Elliptic Curve Cryptography on iOS — at least that’s how we saw it. Stealthy IM is built atop Blockstack — a decentralized platform providing identity on the Bitcoin blockchain, elliptic curve cryptography, and GAIA, a decentralized storage system.

“Naively, we assumed everything would work out of the box …”

Image for post
Image for post
Figure 1.0: A message in Stealthy and the resulting encrypted ECIES data.

Blockstack’s iOS platform API was developed in Swift and there weren’t any Swift libraries providing directly compatible Elliptic Curve Integrated Encryption System (ECIES) cryptography at the time. A temporary workaround using Blockstack’s Javascript Web platform was not possible either because the Node Crypto library components it utilized did not work in the iOS Javascript environment of Blockstack’s iOS API.

“We couldn’t afford to wait on a solution that was beyond our control.”

There was little time to spare for the September Techcrunch deadline. Studying the Blockstack ECIES Javascript implementation was encouraging — it was clear and relatively uncomplicated.

It’s important to mention that neither of Stealthy’s founders are experts in cryptography — it was in fact relatively new to both of us. Initially it seemed it might be possible to use Apple’s own cryptographic functions for iOS. Blockstack’s ECIES cryptography centers around the SECP256K1 curve made popular by Bitcoin and Apple’s libraries support both this curve and some aspects of elliptic curve cryptography.

However, much time was spent just trying to get a user’s Blockstack public and private keys into the correct data structure to work with Apple’s libraries. The process involved iterations of trial and error and reading Apple’s Developer Forum and Stack Overflow — largely because of some catch-all error messaging that didn’t give much of an indication about what was going wrong. Eventually after reading several posts from Quinn “The Eskimo”, a resident expert in Apple’s Developer Forum, we elected to ask him for help. To summarize he essentially said “read Apple’s code” — not bad advice.

After making little progress over a couple of days, defeating a small portion of the cryptography learning curve and getting the public key into the right Apple data structure, it was time to try something else. Further comparison of Apple’s system and the Blockstack one seemed to confirm this, as it appeared there would be many more challenges.

“This is when we broke one of our cardinal start-up rules. For years we told friends never to join a startup working in C++.”

Crypto++ is a free C++ cryptography library with lots of documentation and examples. It is well maintained and there is even a forum where you can reach out for support. However, what’s really interesting about Crypto++ is the original author:

Wei Dai … is a computer engineer best known as the creator of the Bitcoin predecessor “b-money” and as the developer of the Crypto++ library.

His b-money paper sets the groundwork for Bitcoin — in 1998! Proof of work, collective bookkeeping, and authentication with cryptographic hashes are all described. The paper is referenced in Satoshi Nakamoto’s original Bitcoin whitepaper.

With clearer documentation and some useful example code, we created a testbench using data from the desktop version of Stealthy and a prototype ECIES solution using Crypto++. Much of the learning curve was in getting familiar with the data types and basic cryptographic principles (i.e. uncompressing a compressed key, deriving a shared secret, and mapping what we understood from the Blockstack ECIES implementation to the examples found in the Crypto++ forums and documentation).

It took about four days, but now we had a prototype that could encrypt and decrypt data interoperably with our desktop Stealthy release. The remaining challenge was plumbing these cryptography methods into the Stealthy iOS product.

Early mobile demo of Stealthy on iOS

This was a bit of a mess because Swift and Objective C do not directly allow you to import C++ code. You have to wrap the C++ with Objective C++. The Objective C++ is then callable from Objective C. Then from Objective C, it can be exported to React Native JSX / Javascript callable functions used in Stealthy. Figure 2.0 below illustrates the situation:

Image for post
Image for post
Figure 2.0: Calling C++ from React Native on iOS.

A Github repository of our Blockstack compatible Crypto++ ECIES implementation can be found here:

While there are many things we might do differently now that we have more experience, this work got us on stage at Techcrunch Disrupt 2018 to release our mobile product. It allowed our users to send and receive messages between our iOS, Android, and desktop versions of Stealthy seamlessly and securely.

Going forward we hope to get feedback from the Crypto++ maintainers on our implementation, possibly providing it as a complete ECIES implementation example.

Special thanks to the fine folks maintaining and documenting Crypto++. It’s a wonderful project that we found immensely useful.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store