Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some more naming things, some more questions. #9

Merged
merged 8 commits into from
Jan 3, 2018

Conversation

jMyles
Copy link
Contributor

@jMyles jMyles commented Jan 3, 2018

No description provided.

else: #if len(reencrypted_keys) == 1:
return ReconstructedCapsule(e_prime=cFrag_0.e1, v_prime=cFrag_0.v1, x=cFrag_0.point_eph_ni)

def decapsulate_reencrypted(self, pub_key, priv_key, ctxt_combined, orig_pk, orig_ciphertext, key_length=32):
def decapsulate_reencrypted(self, pub_key: Point, priv_key: BigNum, orig_pub_key: Point,
recapsule: ReconstructedCapsule, original_capsule: Capsule, key_length=32):
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, @cygnusv and @tuxxy, as I look toward implementing this stuff in the KMS, this is the epicenter of my wonder so far.

I notice (and have pointed out here via type hints) that public keys are Points, while private keys are BigNums.

  1. How do you propose working that into the KMS codebase, where we have classes for these things? Shall we start using Point and BigNum as the basis for keys up there as well?

  2. In these tests, we show the person calling this function (presumably Bob) having possession of both capsules. Doesn't this function need to work with Bob only having access to the ReconstructedCapsule instance (which in tests we call capsule_bob)?

Copy link
Contributor

@tuxxy tuxxy Jan 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, Point and BigNum are utility classes for us to implement the Umbral schema in a way that works better as a layer between OpenSSL and Cryptography.io. I don't think we're finished in entirely building out this layer yet and these should not be implemented, in the raw, on the KMS. I'm leaning towards developing a Key class (need to talk to David about this) in Umbral and allowing you either to inherit it or build a new Key class that has an umbral.Key as a property or something.

TL;DR: the Point and BigNum classes aren't meant to be used or handled outside of Umbral.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, so in a nutshell, pyumbral isn't ready to be used for the KMS yet? In that case, I misunderstood its status.

Any ideas about my question 2?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding 2: We could do it either way. I agree that it can be perceived as more natural if Bob has everything he needs in the ReconstructedCapsule, but it happens that all the components of the original capsule are needed for Bob's decryption, in particular, during the private correctness check by Bob, so I preferred simply to reuse the original Capsule rather than overload all the cFrags and the ReconstructedCapsule with information that Bob already has in the original Capsule.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cygnusv Would it be beneficial to add Bob's components to the Capsule object and have them be None initialized by default?

This way when Bob reconstructs it, it's the same capsule object? The addition of these properties would simply be a method on the class or something.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tuxxy: That's getting closer to a metaphor that makes sense.

The Capsule starts as something that is openable_by_alice, and only when Bob adds a critical mass of CapsuleFrags does it become openable_by_bob.

That's much clearer I think.

Copy link
Member

@cygnusv cygnusv Jan 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mmm not exactly, Bob doesn't need the original Capsule to open the ReCapsule (i.e., he can compute the derived symmetric key without it), but he needs it to check the validity of the ReCapsule (in the sense of having a guarantee that the ReCapsule is indeed related to the original Capsule). Something similar happens with the check_challenge method, where Bob also needs the original Capsule to check the correctness of cFrags.

One could then say that the correctness check during decryption could be made separately, but cryptographically it's much better to return an error as the result of the decryption in case this check fails, instead of letting the user obtain a "wrong" response (e.g., this could be used to attack Bob).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tuxxy, @cygnusv, @michwill: Since this PR is closed, I propose that we move discussion of this to an Issue that I have opened: #10

@@ -13,7 +13,7 @@
]


def test_encrypt_decrypt():
def test_encapsulation():
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't quite accurate. Encapsulation is a cryptographic process as a means to store encrypted keys in a specified format. I think the prior name is clear on this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, what?

"encrypt / decrypt" is completely generic. It says nothing about what the test is testing.

And this test does in fact test encapsulation, showing that the decapsulated key is == to the encapsulated one.

Perhaps it's not an ideal name, but surely it's not less accurate than test_encrypt_decrypt?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, now that you mention, the intention of this test is to test decapsulation of original capsules. Perhaps test_decapsulation_original_capsule?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, that's perfect. Also really good, if we're going to use the character names in these tests, is test_decapsulation_by_alice

@cygnusv cygnusv merged commit 07e6264 into nucypher:master Jan 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants