Re: Speaking of shared secrets
Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Tue, 9 Jul 2002 11:43:04 +0300, Vadim Fedukovich [EMAIL PROTECTED] said: vf please consider to include this code into distribution Thanks and forgive me for being a nuisance... Errr... a) This should be on openssl-dev b) its still GPLed - what did I miss? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Speaking of shared secrets
On Sun, Jul 14, 2002 at 11:56:19AM +0100, Ben Laurie wrote: Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Tue, 9 Jul 2002 11:43:04 +0300, Vadim Fedukovich [EMAIL PROTECTED] said: vf please consider to include this code into distribution Thanks and forgive me for being a nuisance... Errr... a) This should be on openssl-dev This discussion was started on -users. Anyway, I'm ready to re-send it to -dev, in case b) is clear already b) its still GPLed - what did I miss? GPL was replaced in the most advanced variant (get shares of product) on July, 9. Yes, GPL is still mentioned, as diff output. Any problem with this? sorry for confusion, Vadim Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff -- Naina library: http://www.unity.net/~vf/naina_r1.tgz __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Speaking of shared secrets [was: Re: The big number multiplication code]
On Mon, Jul 08, 2002 at 03:05:49PM -0400, Rich Salz wrote: I did some work on a project a while back that might be relevant to your search: http://crypto.stanford.edu/~dabo/ITTC/ This work is way cool. (At a previous company I had some email exchanges with Dan :) One interesting application would be to integrate it into BIND so that you could secure share/transfer DNSSEC zone information. (Bind9 is based on openssl.) Could you be more specific on secure definition here? As I see it, bind process currently just sends out public keys and signatures. One might want it to accept public keys after some voting and/or to make signatures by quorum of zone name servers. What is appropriate mailing list to discuss this stuff? regards, Vadim /r$ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Speaking of shared secrets
tis 2002-07-09 klockan 10.14 skrev Richard Levitte - VMS Whacker: In message [EMAIL PROTECTED] on Tue, 9 Jul 2002 02:09:17 +0300, Vadim Fedukovich [EMAIL PROTECTED] said: vf Please find attached another code, to get shares of product of two secrets vf available in shares only. That is, avoiding recovery from shares vf for doing multiplication. The comment at the start still says This program is distributed under GPL, which means it can't be used in OpenSSL, since that would break the conditions of the GPL unless we suddenly license all of OpenSSL under the GPL. At least that's how I understand the GPL. Yes and no, there are GPL-compatible licenses and non-GPL-compatible licenses (www.gnu.org/licenses IIRC). OpenSSL's license is not compatible with GPL. Regards, Martin -- Martin Sjögren [EMAIL PROTECTED] ICQ : 41245059 Phone: +46 (0)31 7710870 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Speaking of shared secrets [was: Re: The big number multiplicationcode]
Richard, I did some work on a project a while back that might be relevant to your search: http://crypto.stanford.edu/~dabo/ITTC/ The basic idea was that an RSA key was broken up into shares, and each share could participate in a private-key decryption/signing operation without having to reveal it to anyone. Instead, each participant received the message to be handled, processed it with her own share, and the results were combined to obtain the result. The work was done with OpenSSL, and used PEM files to store the shares. Tom Richard Levitte - VMS Whacker wrote: In message [EMAIL PROTECTED] on Fri, 5 Jul 2002 18:45:12 +0300, Vadim Fedukovich [EMAIL PROTECTED] said: vf see a program attached for details. It handles numbers of 1024 bit range vf doing Shamir secret sharing. Secret sharing is something I've been pondering implementing in OpenSSL for a while now, on and off. Too bad your snipet of code is licensed under the GPL, that makes it unusable to be included in OpenSSL, if you'd be inclined that way. Anyhow, I'm not going to discuss licenses, that's not the purpose of this letter. Instead, I'd like to discuss protocol and usability. Shamir's method is beautiful and really easy to understand with a certain minimum of mathematical knowledge. However, it doesn't give any hint on how to protect the shares (understandably, of course). To use it as a part of OpenSSL, and especially as part of the openssl application (as well as other applications based on OpenSSL), one needs to collect the shares in one place, one way or the other. I'm imagining the following scenario: - We implement the shared secret PEM file, with the identity SHAMIR SHARED SECRET, which would contain an ASN.1 blob (for which we'd need to define a module) containing the prime p (assuming we use modular arithmetics for the calculations), the small number x (the x coordinate of the point that is your share) and the share itself. This would then be protected the same way we currently protect private keys. This part is actually rather easy. - I get involved in a sensitive project where shared secrets are used for protection. The implementation I see right now is that each participant inserts his or her diskette, tells the software what the name of the file on that diskette is and gives a password when prompted for it... The last part is somewhat of a problem, security-wise. I mean, when I play with my own software, use my own private key protected appropriately, running on my laptop that isn't connected to anything and that has been checked for trojans, viruses and whatever, I feel rather safe signing some document, removing the diskette and reconnecting to the net in some fashion (no, I don't usually do things in quite such a paranoid fashion. My laptop is secure enough and checked enough for my use). However, sticking that same diskette on another system and giving it a password, when I'm not entirely certain there's no stealth program listening to the keyborad input and secretly taking a backup of my diskette, isn't something I would do without a lot of guarantees, and then I would still be suspicious. Is there any scheme that would make the use of shared secrets a bit safer, or will this simply come down to each participant's trust in the system where the shared secret is used? For perfect safety (as closely as you can get to it), hardware devices like nCipher (who uses some kind of shared secret for the admin cards in the nForec boxes, I believe) are of course the option. However, I don't have the funds for that, and I'd really like to know of any software variant that is as close to safe as I'd like. Anyone? URLs are perfectly fine as pointers :-). -- Tom Wu Principal Software Engineer Arcot Systems (408) 969-6124 The Borg? Sounds Swedish... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Speaking of shared secrets [was: Re: The big number multiplicationcode]
I did some work on a project a while back that might be relevant to your search: http://crypto.stanford.edu/~dabo/ITTC/ This work is way cool. (At a previous company I had some email exchanges with Dan :) One interesting application would be to integrate it into BIND so that you could secure share/transfer DNSSEC zone information. (Bind9 is based on openssl.) /r$ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]