[Cryptography] Update on the Mesh, cute threshold scheme.
Phillip Hallam-Baker
phill at hallambaker.com
Wed Sep 22 15:19:06 EDT 2021
On Tue, Sep 21, 2021 at 11:07 PM Jonathan Thornburg <jthorn4242 at gmail.com>
wrote:
> On Tue, Sep 21, 2021 at 12:37:38PM -0400, Phillip Hallam-Baker wrote:
> > The expiry agent publishes a series of public keys that expire daily,
> > weekly, monthly, yearly etc. Daily keys for the next three years, weekly
> > for the next ten, after that monthly, and so on. Maybe 10,000 in all.
> >
> > Forget the internal mechanism for a moment, assume its threshold with
> > Shamir/Lagrange stuff goin' on. Point is that the service will perform a
> > key exchange up to the predetermined expiry date/time. At some point
> after
> > the expiry date/time it will physically erase the keying material
> > completely.
>
> But what do you do about the NSA having acquired a copy of the expiry
> agent's private keys via a secret-to-everyone-except-one-expiry-agent-VP
> "national security letter"? It seems to me that as soon as any 3rd party
> (e.g., the expiry agent) has information -- *particularly* high-value
> keying material -- you have to assume that $GOVERNMENT can get a copy.
>
That is why you need threshold.
Consider the case where there are three threshold services in US,
Netherlands and Iran with public keys x.P, y.P and z.P
You create the ephemeral {e.P, e} and encrypt to e.(x.P + y.P + z.P)
To decrypt using e.P, you require x.(e.p) + y.(e.p) + z.(e.p)
[Alternatively, we can use Shamir/Lagrange techniques to the same effect
and have 2 out of 3 type threshold constraints.]
So the only way that the data is available in breach of the escrow
conditions is if the holders of x and y and z collude. in what
circumstances short of invasion by hostile extra-terrestrials is such
collusion likely?
Of course, separation of roles does not eliminate the trust issues but it
does make collusion necessary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210922/7cd0b32a/attachment.htm>
More information about the cryptography
mailing list