I've been trying to implement semiprivate keys as described in the paper for Zooko's encrypted storage system Tahoe (see section 6.1: ECDSA and Semi-Private Keys):
http://eprint.iacr.org/2012/524.pdf A more verbose description can be found in this email from Hal Finney: https://tahoe-lafs.org/pipermail/tahoe-dev/2009-July/002371.html The basic goals are: - An encryption system with N levels (or 3 levels, in the degenerate case) of keys, where any lower level key can be derived from any higher level key - The main case I care about would be separating the write key (or "writecap" in Tahoe parlance), "read key", and "verify key" - All keys are as small as possible (in the case of NaCl, 256-bits) -- I'm trying to implement them atop NaCl. Here's the design I thought would work, but at present, I'm doing something wrong: https://gist.github.com/tarcieri/4760215 Attempted an implementation here. The test I defined (producing a public key from the derived secret equals the derived public key) is failing: https://github.com/tarcieri/semiprivate/blob/master/lib/semiprivate/keys.rb Anyone with some knowledge of group theory who can help me out spotting the mistake? I'm also going to try to double check this with SAGE and make sure I can actually get things working there. Also if anyone has any ideas as to how I can describe the security properties of this system, I'd love some advice in that department. -- Tony Arcieri
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
