Skip to content

Add WhipHash: Secure password generator vault using Pyth Entropy #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add WhipHash: Secure password generator vault using Pyth Entropy #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
269 changes: 269 additions & 0 deletions entropy/whiphash/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,269 @@
# WhipHash - Secure Password Generator

**Built with Pure High Pyth Entropy**

A decentralized password generator that creates cryptographically secure passwords using high-entropy randomness from the Pyth Network, combined with advanced client-side encryption and secure storage in NilDB.

## 🔗 Contract Explorer & Transaction Details

**📊 Transaction Explorer**: [View on BaseScan](https://sepolia.basescan.org/address/0xE861DC68Eb976da0661035bBf132d6F3a3288B71)

**💰 Pyth Network Fee**: **0.00000015 ETH** (constant throughout the project)
- **Cost Efficiency**: Ultra-low fees for high-entropy randomness

## 📋 Deployed Contracts

### Base Sepolia Testnet

| Contract | Address | Purpose |
|----------|---------|---------|
| **RandomnessGen** | `0xE861DC68Eb976da0661035bBf132d6F3a3288B71` | Generates random number pairs using Pyth Network entropy |
| **Entropy** | `0x41c9e39574F40Ad34c79f1C99B66A45eFB830d4c` | Pyth Network entropy provider contract |

### Contract Details
- **Network**: Base Sepolia Testnet (Chain ID: 84532)
- **Deployment Hash**: `0x39a943edca709c3337e2b01e6b58cf9db16af0b6403acb48448f7094b9354bb1`
- **Block**: 32774035
- **Gas Used**: 1,857,888 gas
- **Cost**: 0.000001858038488928 ETH
- **Status**: ✅ Verified on Sourcify

## 🏗️ Architecture Overview

### Client-Side Password Generation
- **Pure Client-Side**: All password generation happens in the browser using Web Crypto API
- **No Server Dependency**: Passwords are never transmitted to servers in plaintext
- **Device Secrets**: Generated locally using `crypto.getRandomValues()`

### Server-Side Storage
- **Encrypted Storage**: Passwords are encrypted before being sent to NilDB
- **NilDB Integration**: Decentralized database for secure password storage
- **Metadata Preservation**: Transaction hashes and sequence numbers stored for verification

## 🔒 Encryption & Security Implementation

### Multi-Layer Cryptographic Process

#### 1. **Device Secret Generation (C)**
```javascript
// Generate 32-byte device secret locally
const deviceSecret = crypto.getRandomValues(new Uint8Array(32))
```
- **Purpose**: Local entropy source that never leaves the device
- **Storage**: Kept in memory only, never transmitted

#### 2. **On-Chain Randomness (R1, R2)**
```solidity
// Pyth Network provides two random numbers
uint256 n1; // First random number (R1)
uint256 n2; // Second random number (R2)
```
- **Source**: Pyth Network's high-entropy randomness
- **Verification**: Blockchain transaction provides cryptographic proof
- **Advantage**: Unpredictable, verifiable, and tamper-proof

#### 3. **HKDF Key Derivation**
```javascript
// Mix R1 + C → local_raw using HKDF-SHA256
const localRaw = await hkdf(ikm, 32, appSalt1, 'local_raw_v1')
```
- **Algorithm**: HKDF-SHA256 (RFC 5869)
- **Purpose**: Combines on-chain and device entropy
- **Security**: Normalizes inputs and provides uniform seed

#### 4. **Memory-Hard Key Derivation**
```javascript
// Harden local_raw → LocalKey using Argon2id/scrypt
const localKey = await argon2id(localRaw, salt1, params, 32)
```
- **Algorithm**: Argon2id/scrypt (memory-hard)
- **Parameters**: 64MB memory, 3 iterations, 4 parallelism
- **Purpose**: Defends against offline brute force attacks

#### 5. **Final Password Derivation**
```javascript
// Derive final password using LocalKey + R2
const passwordBytes = await argon2id(seedRaw, passwordSalt, params, 32)
```
- **Process**: HKDF + Argon2id for final hardening
- **Output**: 32-byte password material
- **Character Set**: Letters, numbers, symbols (94 characters)

### Security Advantages

#### **Pyth Network Entropy Benefits:**
1. **True Randomness**: Pyth provides cryptographically secure random numbers
2. **Verifiable**: Blockchain transactions provide proof of randomness
3. **Tamper-Proof**: Immutable blockchain prevents manipulation
4. **High Entropy**: Superior to pseudo-random number generators
5. **Decentralized**: No single point of failure or control

#### **Multi-Layer Protection:**
- **Device Secret**: Local entropy prevents server-side attacks
- **On-Chain Proof**: Blockchain provides verifiable randomness
- **Memory Hardening**: Argon2id prevents GPU/ASIC attacks
- **HKDF Mixing**: Combines multiple entropy sources securely

## 🚀 How to Run the Project

### Prerequisites
- Node.js 18+
- npm or yarn
- MetaMask wallet (for blockchain interaction)
- Git

### 1. Clone the Repository
```bash
git clone <repository-url>
cd whiphash
```

### 2. Install Dependencies
```bash
npm install
```

### 3. Environment Setup
```bash
cp .env.example .env.local
```

#### Required Environment Variables
```env
# NilDB Configuration
NILLION_API_KEY=your-nillion-api-key
NILLION_COLLECTION_ID=your-collection-id

# Alternative NilDB Configuration (if using different setup)
NILCHAIN_URL=http://rpc.testnet.nilchain-rpc-proxy.nilogy.xyz
NILAUTH_URL=https://nilauth.sandbox.app-cluster.sandbox.nilogy.xyz
NILDB_NODES=https://nildb-stg-n1.nillion.network,https://nildb-stg-n2.nillion.network,https://nildb-stg-n3.nillion.network
BUILDER_PRIVATE_KEY=your-builder-private-key
```

### 4. Start the Development Server
```bash
npm run dev
```

The app will be available at `http://localhost:3000`

### 5. Browser Extension (Optional)

#### Install the Extension
1. Open Chrome and go to `chrome://extensions/`
2. Enable "Developer mode"
3. Click "Load unpacked"
4. Select the `demo-extension` folder
5. Pin the extension for easy access

#### Extension Features
- **🖼️ Embedded Mode**: View app within extension popup
- **⛶ Fullscreen Mode**: Open app in new tab
- **🔗 Wallet Mode**: Optimized for wallet interactions

### 6. Usage Instructions

#### Generate a Password
1. **Connect Wallet**: Click "Connect Wallet" and approve MetaMask
2. **Request Randomness**: Click "Generate Secure Password"
3. **Wait for Pyth**: System fetches randomness from Pyth Network
4. **Password Generated**: Secure password appears with copy option
5. **Store Password**: Enter socials and save to NilDB

#### View Saved Passwords
1. Navigate to `/view` or click "View Saved Passwords →"
2. See all stored passwords with metadata
3. Click to show/hide passwords
4. Copy passwords to clipboard

## 🛠️ Development

### Project Structure
```
whiphash/
├── app/ # App router pages
│ ├── page.tsx # Landing page
│ ├── test/page.tsx # Password generation
│ ├── view/page.tsx # Password viewing
│ └── api/nildb/ # NilDB API routes
├── components/ # React components
├── lib/ # Utility functions
└── demo-extension/ # Browser extension
```

### Key Technologies
- **Frontend**: Next.js 16, React 19, TypeScript, Tailwind CSS
- **Blockchain**: Viem, Ethers.js, Base Sepolia
- **Randomness**: Pyth Network, Entropy Protocol
- **Storage**: NilDB (Nillion Network)
- **Crypto**: Web Crypto API, HKDF, Argon2id/scrypt
- **UI**: Three.js, GSAP, Custom animations

### API Endpoints
- `POST /api/nildb/store-password` - Store encrypted password
- `GET /api/nildb/read-collection` - Retrieve stored passwords
- `GET /api/nildb/test-config` - Test NilDB configuration

## 🔐 Security Considerations

### What's Encrypted
- ✅ Passwords (client-side generation)
- ✅ Device secrets (never transmitted)
- ✅ Storage in NilDB (encrypted at rest)
- ✅ All sensitive data (socials, metadata)

### What's Public
- ✅ Transaction hashes (for verification)
- ✅ Sequence numbers (for randomness proof)
- ✅ Blockchain randomness (verifiable on-chain)

### Best Practices
- **Never share device secrets**
- **Verify transaction hashes**
- **Use strong master passwords**
- **Regular security audits**

## 📊 Performance

### Password Generation Time
- **Device Secret**: ~1ms (local generation)
- **Blockchain Call**: ~2-5s (Pyth Network)
- **HKDF Processing**: ~10ms
- **Argon2id**: ~100-500ms (memory-hard)
- **Total**: ~3-6 seconds per password

### Storage Efficiency
- **Password**: 16-32 characters
- **Metadata**: ~1KB per entry
- **NilDB**: Decentralized, redundant storage

## 🤝 Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test thoroughly
5. Submit a pull request

## 📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

## 🙏 Acknowledgments

- **Pyth Network** for providing high-entropy randomness
- **Nillion Network** for decentralized storage
- **Base Network** for fast, low-cost transactions
- **MetaMask** for wallet integration
- **Next.js** for the React framework

## 🔗 Links

- **Live Demo**: [ETHGlobal Showcase](https://ethglobal.com/showcase/whiphash-9u5xj)
- **GitHub Repository**: [dumprahul/whiphash](https://github.com/dumprahul/whiphash)
- **Contract Explorer**: [BaseScan](https://sepolia.basescan.org/address/0xE861DC68Eb976da0661035bBf132d6F3a3288B71)

---

**Built with ❤️ and pure high Pyth entropy**
1 change: 1 addition & 0 deletions entropy/whiphash/abi/DeployRandomnessGen.json
View file
Open in desktop

Large diffs are not rendered by default.

Loading