[Cryptography] Secret sharing for family members
Phillip Hallam-Baker
phill at hallambaker.com
Sun Oct 18 14:29:22 EDT 2020
On Fri, Oct 16, 2020 at 11:21 PM Francis Pouatcha via cryptography <
cryptography at metzdowd.com> wrote:
> On Thu, Oct 15, 2020 at 10:53 PM Phillip Hallam-Baker <
> phill at hallambaker.com> wrote:
>
>> OK so one thing you might want to use here is Shamir Secret Sharing. I
>> have a spec for that:
>> https://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html
>>
> Excellent document. Wonder if there is any reusable implementation of UDF
> out there?
>
Thanks, the code is at:
https://github.com/hallambaker/Mathematical-Mesh
> I would start with a java library if there is no indication of any
> existing WIP.
>
The UDF implementation is just one file in the goedel.cryptography library.
It is in C# but conversion to C or Java should be straightforward. That
class is implemented as a static class to facilitate translation to C. Java
should be even easier.
If all you want is the Shamir/Lagrange part, its probably no more than 300
lines of code.
So what I would probably do is to create a Mesh account @phb-estate and
>> make sure that is on the recipients list for any data I want my heirs to
>> inherit. Then create a recovery key set for the secret seed for that
>> account. The heirs can now decrypt any of the data.
>>
> How does this relate to social key recovery?
>
The Mesh provides a data at rest encryption scheme that is designed for
integration into applications like Microsoft Office. So recovery of the
Mesh key gives decryption of sets of documents.
The tool provided can also be used to create RSA and SECDH keys from a seed
value using a deterministic procedure which could be used to decrypt
OpenPGP or S/MIME docs if you wanted to go that way.
> The crypto is the easy part. Easy peasy. Have had that specified for over
>> 18 months and running.
>>
> Yes. Secret sharing algorithms have been out there for a while.
>
>>
>> The hard part is making it easy for people to use it. That is where the
>> Mesh Groups come in. I can create a group @phb-legacies and add @phb-estate
>> to that group. So I only need to be thinking about encrypting to one
>> recipient. I don't need to encrypt to @phb and @phb-estate separately.
>>
> The challenge is the development of a simple social key recovery app for
> common users.
>
That is one challenge. I am developing a platform on which such apps can be
built.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20201018/24d9b49e/attachment.htm>
More information about the cryptography
mailing list