some file

How DSKE Works

DSKE (Distributed Symmetric Key Exchange) is the automated key management system that powers the AES WireGuard tunnel. It generates shared secrets using threshold cryptography across multiple independent security hubs, ensuring no single party can compromise keys.

The Problem DSKE Solves

The AES WireGuard tunnel requires a Pre-Shared Key (PSK) that both peers agree on. Manually distributing PSKs doesn't scale and creates a single point of compromise. DSKE automates this by:

  1. Generating secrets that are split across multiple security hubs
  2. Distributing shares so no single hub holds a complete key
  3. Recovering secrets on both peers using threshold reconstruction
  4. Rotating keys automatically every 120 seconds

Architecture

┌─────────┐              ┌──────────────┐              ┌─────────┐
│  Peer A  │◄────────────│ Security Hub │────────────►│  Peer B  │
│(Generator)│             │     #1       │             │(Recoverer)│
└─────────┘              └──────────────┘              └─────────┘
     │                                                       │
     │                   ┌──────────────┐                    │
     └──────────────────►│ Security Hub │◄───────────────────┘
                         │     #2       │
                         └──────────────┘

Each peer is registered with two or more security hubs. When a key needs to be generated, DSKE splits the secret into shares using Shamir secret sharing and distributes them to the hubs. Both peers then independently recover the secret from the hubs using their own credentials.

Key Concepts

TermDescription
GeneratorThe peer that creates new secrets. Determined by comparing WireGuard public keys — the peer with the lexicographically lower key is always the generator.
RecovererThe peer that recovers secrets created by the generator.
Security HubAn external server that stores key shares. At least 2 hubs are required.
Shares RequiredMinimum number of shares needed to reconstruct a secret (default: 2).
PSRDPre-Shared Random Data — one-time entropy consumed during generation and recovery.

How Key Exchange Works

Step 1: Role Assignment

Roles are deterministic and require no negotiation. Both peers independently calculate who generates and who recovers by comparing their WireGuard public keys:

If my_public_key < peer_public_key:
    I am the Generator
Else:
    I am the Recoverer

This means both sides always agree on roles without any communication.

Step 2: Hub Discovery

The generator requests the recoverer's hub registrations via an HTTP endpoint on the WireGuard network:

Generator ──GET /v1/dske/info──► Recoverer
         ◄─── hub/client IDs ───

The generator then finds hubs that both peers share (at least shares_required must be common).

Step 3: Secret Generation

The generator creates a 32-byte secret and splits it into shares:

  1. Calls the DSKE SDK with the recoverer's client IDs for the shared hubs
  2. The SDK uses Shamir secret sharing to split the secret
  3. Each share is sent to its corresponding security hub
  4. Only the hub and the authorized client can access each share

Step 4: Recovery Notification

The generator notifies the recoverer that a secret is ready:

Generator ──POST /v1/dske/recover──► Recoverer
           {secret_id, hub_info}
         ◄─── 202 Accepted ─────────

Step 5: Secret Recovery

The recoverer contacts the security hubs to retrieve its shares:

  1. Using the generator's client IDs (to look up the right shares), the recoverer requests shares from each hub
  2. Once shares_required shares are retrieved, the SDK reconstructs the original secret
  3. The recoverer injects the PSK into its AES WireGuard interface

Step 6: PSK Injection

Both peers now hold the same 32-byte secret. Each injects it as a PSK into the AES WireGuard interface:

secret[:32] → SetPresharedKey(peer_wg_pubkey, psk)
            → ForceHandshake() [first time only]

On first injection, a forced handshake activates the tunnel within seconds. On subsequent rotations, the natural WireGuard rekey (every 120s) picks up the new PSK — no traffic interruption.

Key Rotation

DSKE continuously monitors and rotates keys:

StateBehaviorInterval
No PSK establishedRetry every tick until successful~10 seconds
PSRD just ingestedImmediate wake-up and generation~0 seconds
PSK activeRotate with fresh secret~120 seconds
Insufficient hubsSkip (wait for PSRD provisioning)

Rotation is seamless — the existing session continues while the new PSK is prepared. Traffic switches to the new key at the next natural WireGuard rekey.

Security Properties

  • No single point of compromise: Keys are split across multiple independent hubs
  • Forward secrecy: Each rotation produces an entirely new secret
  • No key transmission: Complete keys never traverse the network — only shares do
  • Deterministic roles: No negotiation phase that could be attacked
  • Crypto hygiene: Secret data is zeroed in memory immediately after PSK injection
  • Transport security: All DSKE P2P messages travel inside the WireGuard tunnel

DSKE requires at least 2 security hubs with sufficient PSRD. Without this, the AES tunnel will not establish — the PSK security gate blocks all traffic until DSKE is operational.