[Cryptography] Does this provide any extra value?

Ángel angel at crypto.16bits.net
Thu May 21 23:09:32 EDT 2020

On 2020-05-21 at 17:03 -0400, Phillip Hallam-Baker wrote:
> One possibility I am toying with is to add in an authentication public
> key into the mix. Generate the key pair deterministically from the
> shared secret and specify the public key in the record. Then do an
> ECDH auth scheme....
> Question is, is this really necessary or am I just overthinking this?
The locator and decryption keys must obviously be different, with the
decryption key not from the locator (I would probably HMAC with two
different values, rather than make locator the Hash of decryption).

Assuming a proper encryption function, having access to the encrypted
text should bear no risk. Additionally, how would you expect someone
have the locator but not the decryption key?
It seems that, by definition, someone with access to the locator key
will be able to obtain the files.
It may actually be desirable (so that it can be mirrored by other
servers, ignorant of their contents)

There may be privacy concerns, such as a three-letter-agency tracking
which people download which files, correlating groups of people
downloading the same file, and storing an encrypted copy for the time
they obtain the corresponding decryption key. But that's probably out of
the scope.

I like from the described schema that it is really simple, and actually
needs zero server side support. It could for instance be implemented on
a dumb store-only server. Or a github repository.
Adding a mutual ECDH authentication into the protocol would get a way
with it.

Kind regards

More information about the cryptography mailing list