Facilitating Adoption Through Cryptographic Standards
May 18, 2020
by Atul Luykx
Head of Cryptography

One of the most valuable ways in which people use Hedera is by building business or application networks. For example, the Coupon Bureau will be using Hedera to connect retailers, manufacturers, and consumers so that coupons can transact more easily, a process fraught by fraud today. AdsDax relies on Hedera to combat fraud and increase fairness in their advertising marketplace, for all parties involved. Connecting entities will continue to be an important way for applications to unlock value with Hedera, as they can take advantage of network effects.

Standards are integral to building business networks as they help ensure quality and adopting widely used standards reduces friction for others to join, further accelerating network effects. When it comes to security, which includes using digital signatures and other cryptography to protect communication among network participants, the US National Institute of Standards and Technology (NIST) sets the standards for all who wish to work with the US federal government. As a result, any DLT project that wants to be used by the US federal government — say, a central bank digital currency (CBDC) — or by a company that works with the federal government, will have to abide by the NIST security standards. In fact, adopting NIST standards is common industry practice worldwide.

At Hedera, we take care to ensure our cryptography complies with standards wherever possible. To that end, all cryptography we use complies with NIST standards; see the table below for a summary. Furthermore, our core network uses only algorithms from the stricter CNSA suite, which are those NIST standards and parameters deemed suitable by the National Security Agency to protect Top Secret information. In doing so, we maintain high security standards, while enabling future applications to adopt Hedera.

Algorithm

Parameter Selection

Use

NIST Standard

SHA-2

384 bit output

Hedera Network

FIPS 180-4

RSA digital signatures

3072 bit modulus

Hedera Network

FIPS 186-4

AES-GCM

256 bit key

Hedera Network*

FIPS 197 and SP 800-38D

ECDSA

384 bit key

Hedera Network*

FIPS 186-4

ECDH

384 bit key

Hedera Network*

SP 800-56A

Ed25519

256 bit key

Clients

FIPS 186-5 (Draft)

*Used as part of the TLS1.2 cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.