Brian Graversen <[EMAIL PROTECTED]> writes: > I have talked to IBM, and we are currently waiting for a license for > the tool required to load application code into the IBM 4758 cards. > We should get such a license at the beginning of august. > > The code is just basic C-code, so we can start writing the > applications right now. The RSA encryption is available i the box, > so it is just the secret share code that we need for now.
Okay -- that code should be simple, see viff.shamir for a straight forward implementation of Shamir's secret sharing scheme. > If we let the 4758 do all the secret sharing, it can keep the shares > stored encrypted on disk, using an internal 3DES key, and the > encryption of the shares would then be an internal part of the > secret share mechanism in the 4758. I think that is a very nice interface: you give an input in clear text and you get encrypted shares back. I think I would start by making a subclass of viff.runtime.Runtime, and in this subclass you can override the shamir_share and _recombine methods. That should make the shamir-share-open.py example work. Overriding the add and mul methods should take care of most of the other examples! I would love to see this code online, and if you want we can setup a repository at hg.viff.dk where you can push to. I know that it is only you who can test the code, but I'm still curious :-) If we do this, then the code flow (time flows left to right) would look like this: viff --- o --- o --- o --- o --- o ... \ \ \ \ \ \ hsm --- o --- o --- o --- o --- o --- o ... which is meant to say that you can develop in your own pace in the "hsm" repository and then once in a while you can pull in new stuff from the "viff" repository. The "hsm" repository will then mostly be a superset of the "viff" repository. When we are happy with the hsm stuff we can then do a pull in the other direction. If you find a bug in the main viff code, then the change should be applied to the "viff" repository and then pulled into the "hsm" repository. But if we forget about this, then don't worry -- there is a transplant extension to Mercurial that allows us to recover. I would of course be happy to setup repositories for all of you guys! -- Martin Geisler _______________________________________________ viff-devel mailing list (http://viff.dk/) email@example.com http://lists.viff.dk/listinfo.cgi/viff-devel-viff.dk