[Cryptography] Update on the Mesh, cute threshold scheme.

Phillip Hallam-Baker phill at hallambaker.com
Tue Sep 21 12:37:38 EDT 2021


The Mesh is nearing its alpha release. I pushed out a set of alpha release
documents that are almost finished. They still need extensive review and
revision but there are no gaping holes and only two missing examples
(account deletion and account recovery).

Mathematical Mesh 3.0 Part I: Architecture Guide (ietf.org)
<https://www.ietf.org/archive/id/draft-hallambaker-mesh-architecture-18.html>

The (small) hiccup is of course that in the process of writing the
documents, I realized that I had two catalogs that I thought were doing
different things that are actually doing the same thing. And this means I
have more mechanism in the protocol than I need and removing this will make
everything easier to understand. Fixing that may push things back.

So parts 1-5 of the spec are now readable. But the functions of the Access
and Publications catalogs are being merged and that has to happen next as
the escrow/recovery scheme depends on it.


The other thing I realized just now is that threshold crypto provides a
very neat and elegant way to encrypt a file so that it can only be
encrypted in a specified time interval.

So consider the case in which we have two types of agent.

The expiry agent publishes a series of public keys that expire daily,
weekly, monthly, yearly etc. Daily keys for the next three years, weekly
for the next ten, after that monthly, and so on. Maybe 10,000 in all.

Forget the internal mechanism for a moment, assume its threshold with
Shamir/Lagrange stuff goin' on. Point is that the service will perform a
key exchange up to the predetermined expiry date/time. At some point after
the expiry date/time it will physically erase the keying material
completely.

The escrow agent is the same except that it only decrypts after that date.
And this mechanism can be reinforced threshold wise with similar services.
So the private keys for 2030 are all threshold encrypted to other
independent services under keys they are embargoing to 2029.


OK so to get a key that only decrypts in a specified interval, we simply
threshold add the public keys for the specified escrow and expiry service.

We can even use the same trick again to get arbitrary precision on the
start and finish time. Imagine that we have a 'rolling' key that will
decrypt any day but only decrypt from 00:00 inclusive until 01:00 UTC.
Another key for the next hour and so on.

To create an escrow key for a time 30 years in the future without having a
key for that specific interval we simply combine the requisite set of
rolling keys with the escrow key for the specific day.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210921/3f80a2e0/attachment.htm>


More information about the cryptography mailing list