-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Jörn Heissler
committed
Feb 17, 2020
1 parent
8145df0
commit 1d32b04
Showing
12 changed files
with
171 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
Changelog | ||
========= | ||
|
||
0.3.0 - xxxx-xx-xx | ||
------------------ | ||
.. note:: This version is not yet released and is under active development. | ||
|
||
* Improve documentation. | ||
|
||
|
||
0.2.0 - 2020-02-16 | ||
------------------ | ||
|
||
* First noteworthy release. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Protocol Workflow | ||
================= | ||
The PVSS protocol consists of multiple steps. Each step yields one or multiple messsages that | ||
need to be available to the next steps. | ||
|
||
.. toctree:: | ||
:maxdepth: 2 | ||
:caption: Contents: | ||
|
||
initialization | ||
user-keypair | ||
secret-splitting | ||
receiver-keypair | ||
reencryption | ||
reconstruction |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
Initialization | ||
============== | ||
Mathematical parameters must be chosen, such as a `cyclic group | ||
<https://en.wikipedia.org/wiki/Cyclic_group>`_ and several generators for it. | ||
|
||
In this implementation, the generators are determined deterministically by using a hash | ||
function. This eliminates the need to communicate the generators. It is vital that nobody has | ||
knowledge of the discrete logarith of any generator with regards to any other. Hopefully the | ||
below strategies meet the `Rigidity <https://safecurves.cr.yp.to/rigid.html>`_ property. | ||
|
||
Ristretto255 group | ||
------------------ | ||
The `Ristretto255 <https://ristretto.group/>`_ group is built upon `curve25519 | ||
<https://cr.yp.to/ecdh.html>`_. Basically this eliminates the cofactor from curve25519, | ||
ensuring that all group elements are unique and generate the complete group. The group and its | ||
operations are designed to be used for zero-knowledge protocols such as PVSS. | ||
|
||
`Libsodium <https://download.libsodium.org/doc/advanced/point-arithmetic/ristretto>`_ is used to | ||
carry out the various mathematical operations. | ||
|
||
Generators are determined by computing HMAC-SHA2-512 over the DER encoding of the :ref:`system | ||
parameters <asn1.examples.systemparameters.rst255>` and the LaTeX notation of the generator name | ||
is used as the hmac key, i.e. ``"G_0", "G_1", "g_0", "g_1"``. The mac is passed through the | ||
``point_from_hash`` function to determine the generator points. | ||
|
||
The generators are: | ||
|
||
* :math:`G_0`: ``3cc42cdf5ffc59a96093c572e6429ce8c621695d8f99156819701070c9895b02`` | ||
* :math:`G_1`: ``76e9d24f586f4878f24d11069e1ab0420f20793f73d79d2a7b753c522ce8c468`` | ||
* :math:`g_0`: ``90199c1a0446a5bb8fb88de3266e27b74565b14c74de153f8054302434040a7b`` | ||
* :math:`g_1`: ``0cd425c734d93957091c5871eb2c1f8dd222c56310c4df58117bce9bf212d820`` | ||
|
||
|
||
Quadratic Residue Group | ||
----------------------- | ||
The `Multiplicative group <https://en.wikipedia.org/wiki/Multiplicative_group>`_ of `quadratic | ||
residues <https://en.wikipedia.org/wiki/Quadratic_residue>`_ modulo `safe prime | ||
<https://en.wikipedia.org/wiki/Safe_prime>`_ :math:`p = 2q+1` is commonly used for cryptographic | ||
operations, e.g. Diffie Hellmann. Useful property of quadratic residues are that they always | ||
generate the complete group, are easy to find (square any number) and it's easy to determine if | ||
a given number is a quadratic residue with the `Legendre symbol | ||
<https://en.wikipedia.org/wiki/Legendre_symbol>`_. The implementation uses `gmpy2 | ||
<https://pypi.org/project/gmpy2/>`_ to provide faster operations. Still, this group is very slow | ||
when compared to Ristretto255 and the message sizes are a lot bigger. | ||
|
||
To determine generators, HMAC-SHA2-256 is repeatedly computed and the results concatenated until | ||
at least twice the bit size of the prime :math:`p` is reached. The LaTeX notation of the | ||
generator name is used as the key for the MAC operation. The input to the MAC is the previous | ||
MAC. As initial value, the DER representation of the :ref:`system parameters | ||
<asn1.examples.systemparameters.qr>` is used. Finally, the concatenated MACs are interpreted as | ||
an integer and squared to get a quadratic residue, i.e. a generator for the group. The system | ||
parameters depend on the prime :math:`p`, so there will be different generators for each prime. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Recipient key pair generation | ||
============================= | ||
As soon as there is need to reassemble the secret, the intended recipient of the secret | ||
generates another keypair and shares the public key. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
Secret reconstruction | ||
===================== | ||
The recipient decrypts those shares and reassembles the secret. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
Share re-encryption | ||
=================== | ||
Some of the users decrypt their share and re-encrypt it with the recipient's public key. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Secret splitting | ||
================ | ||
The *dealer* randomly generates a secret, computes a share for each user and encrypts each share | ||
with the corresponding user's public key. The generated secret is used to encrypt the actual | ||
payload. The encrypted payload and the encrypted shares are published. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
User key pair generation | ||
======================== | ||
Each user generates a private key (which is never disclosed to any other party), computes the | ||
public key and shares it. |