I've been trying to implement semiprivate keys as described in the paper
for Zooko's encrypted storage system Tahoe (see section 6.1: ECDSA and
Semi-Private Keys):

http://eprint.iacr.org/2012/524.pdf

A more verbose description can be found in this email from Hal Finney:

https://tahoe-lafs.org/pipermail/tahoe-dev/2009-July/002371.html

The basic goals are:

   - An encryption system with N levels (or 3 levels, in the degenerate
   case) of keys, where any lower level key can be derived from any higher
   level key
   - The main case I care about would be separating the write key (or
   "writecap" in Tahoe parlance), "read key", and "verify key"
   - All keys are as small as possible (in the case of NaCl, 256-bits)

--

I'm trying to implement them atop NaCl. Here's the design I thought would
work, but at present, I'm doing something wrong:

https://gist.github.com/tarcieri/4760215

Attempted an implementation here. The test I defined (producing a public
key from the derived secret equals the derived public key) is failing:

https://github.com/tarcieri/semiprivate/blob/master/lib/semiprivate/keys.rb

Anyone with some knowledge of group theory who can help me out spotting the
mistake? I'm also going to try to double check this with SAGE and make sure
I can actually get things working there.

Also if anyone has any ideas as to how I can describe the security
properties of this system, I'd love some advice in that department.

-- 
Tony Arcieri
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to