- Pretty Good Privacy.
- Provides cryptographic privacy and authentication for data communication.
- Web of trust: users act as CA.
- Joint Verifiable Secret Sharing.
- Can generate threshold digital signature in a distributed way.
Assuming
- Each signer serves the role of the ‘dealer’
- Produces
$n-$ shares secret, send share to others. - Every other signers verifies that the dealing has been made correctly.
⇒ allows to detect cheaters
- When everyone has played the ‘dealer’ role, each signer combines the
$n$ shares into a global secret.
- Creation of a long term shared secret.
- Will be used for every signing round.
- Signature created can be checked against it.
- Creation of a short term shared secret.
- Combined with long term secret.
- Generate a valid signature if at least
$t$ signers.
- CISC identity SkipChain.
- Goal: provide a simple and secure identity management service.
- Being able to sign and decrypt message from any device.
- Not losing everything when a device is compromised.
- We can sign and decrypt from any device!
- But…
- If one device is lost, the key is lost…
- All the trust gained is lost!
- Linked to a master key, same trust level.
- Signing resolved!
- In case of device loss, revocation of the sub-key.
- Decryption becomes problematic…
- What if there is a man-in-the-middle (freeze attack)?
- Latest valid key is placed in the skipchain
- Trust displaced in the skipchain.
- Can define a maximum epoch for the block.
- Solves the freeze attack!
- But…
- Interlocutor needs to know how the skipchain works.
- Split our PGP key on a cothority using secret sharing and JVSS:
- Have one global public key, sent to PGP servers.
- Each conode only has a share of the key.
- Use CISC to manage the list of authoritative devices.
- Everything done using publicly available key.
- Signature will appear to be signed by it.
- Encryption can be made with it.
- We can make a signing/decryption request from any device.
- In case of device loss, revoke its access to CISC.
- Attacker can temporarily sign/decrypt.
- Key is not affected at all.
- Also use maximum epoch for solving freeze attack.
- Public key made available as usual.
- Following skipchain only needed for added security (freeze attack).
- Impossible with current implementation of JVSS to bring own key.
- Threshold decryption not present in dedis/crypto.
package openpgp- Straightforward using OpenPGP implementation of golang/x/crypto.
- Able to create valid OpenPGP signature, public and private keys packet.
package jvss- Separation of the JVSS protocol in two parts.
- Setup protocol:
- Creates a shared secret and a public key.
- Sends to the service its secret share.
- Signing protocol:
- Initialized with previously created shares.
- Makes round of signing using the shares.
- Service allows to save/load shares.
package ciscpgp setuppgp sign
From last slide:
- With 32 clients and an interval of 15 seconds, round takes less than 15 seconds.
- We can make around 4 signatures/minute × 32 clients ≅ 130 signatures/minute.
- 130 signatures/minute × 60 minutes/hour × 24 hours/day ≅ 200’000 signatures/day.
- Average EPFL user sends 10-20 mails per day.
- We can provide all EPFL (15’000 people) decentralized and secure e-mail.
- Splitting user’s key with JVSS.
- Threshold decryption.