I've been trying to implement semiprivate keys as described in the paper
for Zooko's encrypted storage system Tahoe (see section 6.1: ECDSA and
Semi-Private Keys):
http://eprint.iacr.org/2012/524.pdf
A more verbose description can be found in this email from Hal Finney:
https://tahoe-lafs.org/pipermail/tahoe-dev/2009-July/002371.html
The basic goals are:
- An encryption system with N levels (or 3 levels, in the degenerate
case) of keys, where any lower level key can be derived from any higher
level key
- The main case I care about would be separating the write key (or
writecap in Tahoe parlance), read key, and verify key
- All keys are as small as possible (in the case of NaCl, 256-bits)
--
I'm trying to implement them atop NaCl. Here's the design I thought would
work, but at present, I'm doing something wrong:
https://gist.github.com/tarcieri/4760215
Attempted an implementation here. The test I defined (producing a public
key from the derived secret equals the derived public key) is failing:
https://github.com/tarcieri/semiprivate/blob/master/lib/semiprivate/keys.rb
Anyone with some knowledge of group theory who can help me out spotting the
mistake? I'm also going to try to double check this with SAGE and make sure
I can actually get things working there.
Also if anyone has any ideas as to how I can describe the security
properties of this system, I'd love some advice in that department.
--
Tony Arcieri
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
