Comments (15)
this is probably the right time and place to share a fantasy of mine: of deterministically deriving relationship keys.
the idea: a peer would be able to create a pair of private read/write dats for direct communication with another peer without needing to establish communication first.
the math: alice and bob with public keys A
and B
and secret keys a
and b
compute a shared secret s
via Diffie-Hellman, then compute new public keys s*A
and s*B
, which are known only to A
and B
and for which only A
and B
can compute the corresponding secret keys, s*a
and s*b
, respectively.
how it could be done: there is technical trickery with hashing and "clamping" (https://moderncrypto.org/mail-archive/curves/2017/000858.html) that happens to secret keys prior to signing / encryption, so it would require PRs to libsodium and hypercore to allow for signing / encryption with the "extended" (hashed and clamped) private key. i know of two ed25519 key derivation proposals that require the same functionality, bip32-ed25519 from folks at evernym.com (@khovratovich) and chainkd from folks at chain.com (@tarcieri).
this scheme i described above pretty much just removes the need for a handshake, but you could also come up with other derivation schemes. e.g. you could name dats: say my metadat key is A
and i want to publish a dat entitled 'cats'. i could create a new dat with public key hash('cats')*A
. then i just need to tell people who know my key that i published a dat entitled 'cats' and they could find the dat.
not sure how useful this is, but thought i'd share!
from dat-wot.
if you went with libsodium, you could sign/encrypt using the metadat key
from dat-wot.
Yeah that's definitely on the todo list! I may even dig into it today. It may be good to make the switch earlier on, rather than down the line
from dat-wot.
Migrating to use sodium-native
in this branch: https://github.com/jayrbolton/dat-pki/tree/migrate-to-libsodium. Got setup and load functions going
from dat-wot.
Are you aware that you may be diverging from dat / hypercore approach when using libsodium? I believe the project is in the process of adopting sodium-universal
which is under development. To be sure you should probably ask @mafintosh
from dat-wot.
sa-weet! you could probs just pop in sodium-universal in place of sodium-native for browser support, re: @aschrijver
from dat-wot.
@lukeburns one of the things we were trying to do with the CFRG was define a standard scheme everyone can use, rather than the current state of bespoke schemes.
That said, "clamping", which is due in part to Curve25519 having a cofactor of 8, became a complicating issue in the specification of such schemes. For that reason I've been sort of holding out on actually pursuing such a scheme in hopes that there will be a standard way to eliminate cofactors when using Curve25519 in general.
There's some nascent work on that here:
I would suggest waiting for that to be ready before pursuing key blinding schemes for Curve25519.
from dat-wot.
@tarcieri the schemes that i'm imagining here aren't blinding schemes. they're pretty simple, specific to this context, and i don't imagine they'd be standardized. i'd just need to be able to work with the same primitives as in more complicated schemes (i.e. the extended secret key). good to hear that standardization work is happening though.
are there other approaches for dealing with the cofactor than bernstein's bit-twiddling or the approach described in https://moderncrypto.org/mail-archive/curves/2017/000866.html? in the scheme i described above, the torsion-safe rep would be our only option, because bit-twiddling would affect the corresponding public-key.
from dat-wot.
from dat-wot.
The actual migration to libsodium for dat-pki
is done using sodium-universal
, so I'm closing this issue.
I do love the idea that you brought up @lukeburns, using Diffie Hellman to compute shared secret keys for the relationship dats. In the mean time, we can just keep plugging away at the handshake system and then replace it in the future if we figure out something better.
from dat-wot.
@tarcieri, what's the state of ristretto looking like these days?
from dat-wot.
If you want to play around with a bleeding edge cryptography library you really probably shouldn't be using yet, there's this:
https://github.com/Ristretto/libristretto255
from dat-wot.
thx! seems like https://github.com/dalek-cryptography/curve25519-dalek is coming along too!
from dat-wot.
Yeah dalek is in great shape if you're looking for a Rust library
from dat-wot.
Ended up playing around a bit with curve25519-dalek, since @yoshuawuyts rust implementation of hypercore is chugging along.
@jayrbolton, here's a proof of concept for the key derivation scheme i mentioned above https://github.com/lukeburns/channels, which could feasibly be used for private push messaging under some fairly reasonable network conditions (e.g. peers listen for private channels every time they encounter a new peer). it could also use this for private groups or public subfeeds (e.g. a cats feed associated with my public identity feed).
that said, i'm working on a fork of hypercore that replaces the crypto system entirely. am I right in thinking that signature schemes in ristretto cannot be made to be compatible with ed25519 signatures, @tarcieri?
from dat-wot.
Related Issues (17)
- Peer review use case HOT 3
- Add dat-pki to awesome-dat HOT 2
- Use async throughout HOT 3
- Group based sharing and privacy HOT 4
- Parallelize and clean up tests HOT 1
- Create a dat with read permissions for certain contacts HOT 3
- Use sodium-universal instead of sodium-native HOT 2
- Sharing dats privately
- Use dat-download
- todos
- super brain dump
- password recovery
- Web of trust HOT 8
- Anonymous sharing HOT 2
- Push based messaging. HOT 7
- Device networks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dat-wot.