Open shannona opened 2 years ago
Documenting decision on Shamir vs VSS for future generations: VSS is not baked enough just yet.
@ChristopherA can you link in the resources section the last draft of crypto-envelope
, and of crypto-request
if there are changes in the works from what's currently published?
@ChristopherA can you link in the resources section the last draft of
crypto-envelope
, and ofcrypto-request
if there are changes in the works from what's currently published?
@wolfmcnally Wolf is working on more concise docs and test vectors for the SSKR crypto-envelopes now.
I've posted Wolf's presentation on crypto-envelope
as an excerpt from our kickoff call yesterday at https://www.youtube.com/watch?v=3jPJHSAObOM
Thank you everyone for your kind reception of my presentation on crypto-envelope
. I hope you'll take a moment to respond to this small request:
Now that we've opened the conversation about CSR in general and crypto-envelope
specifically, the main question we at Blockchain Commons have for the community is: how can we help you implement CSR in the most efficient and compatible ways?
In particular, for the technologies Blockchain Commons develops we produce many sorts of intellectual assets including high-level designs, detailed specifications, reference libraries, example code, documentation, explainer videos, command line tools, and reference apps. Specifically regarding CSR, we'd like to know what your teams would find particularly useful in the short to medium term? What would help speed decision making and adoption? What questions would you still like to get locked down before proceeding at full speed? We'd like to remove any remaining barriers you might be facing, so please let us know where we ought to be putting our efforts!
Some feedback that I'm needing from the community (in particular Bitmark & Proxy) on requirements are:
crypto-response
? At minimum, to do this would require crypto-request
to offer an ephemeral public key, such that they could know that that the crypto-response
was from the party they sent it to under a TOFU (an ssh-like policy), and for future sessions with that part. Clearly having this in our MVP has limitations until we have to be careful about persistent public keys until we can offer more v2.0 identifiers (2023 at best). If you have confidence that you will be using secure channels in 2022, wrapping crypto-response
values (such as the return of a share) might be overkill.-- Christopher Allen
Do you want us to write a reference library that abstracts everything (in: seed & metadata, out: shares), or a lower-level library where you do it more yourself, or mostly the specs and test vectors as you'll be wanting to write your own libraries?
I want a high-level library that abstracts the most complicated things if it doesn't require many dependencies. To me, the design is lean and I don't need a lower level than that.
If we write a reference library, do you want to minimize dependence on our other libraries? We can create a reference library without a lot of flexibility but conforming to the spec (and not incidentally much easier to review the code), or build it on our more comprehensive "future-proofed" libraries that may have a lot of baggage that you don't need.
I'd prefer as minimal as possible for the library. I think what we will face soon is to support multiple platforms. Finding compatible libraries on the other platform is always a challenge.
This looks great! As a social recovery project we would love to see more standards, and we would consider adopting some of these for our current project.
In case its useful to anyone here, here is a write up of our recent need-finding research with a bunch of projects in the Ethereum space.
Would love to see the crypto-envelope standard / implementation once its finished.
--peg (from darkcrystal.pw - i met some of you at RWOT8)
What agenda items would you like to discuss in today’s CSR meeting? Any demos of progress to date?
Since the last CSR meeting I have separated the dependencies necessary for supporting all the crypto-envelope
functionality into its own new Swift package: BCSwiftSecureComponents. This includes many fundamental types, including UR
, EncryptedMessage
, Signature
, SSKRShare
, SealedMessage
, Digest
, and of course, Envelope
. The direct link for the SecureComponents documentation is here.
The package this functionality was previously embedded in, BCSwiftFoundation, now uses SecureComponents as a dependency. The difference in focus is that SecureComponents is about general, composable, repurposable functionality for encryption, signing, encoding, and related activities, while BCSwiftFoundation is about all that and functionality that supports cryptocurrency specifically, like seeds, HD keys, PSBTs, and so on.
Both packages include extensive unit tests, which are also vital for anyone who wants to translate them to other languages or platforms.
Another new deliverable in the SecureComponents package is a set of test vectors for crypto-envelope
. Previously I did a set of test vectors specifically for crypto-envelope
using SSKR as the application is particularly relevant to the conversation around CSR. These new test vectors cover a number of more general use cases for Envelope.
Please note that while I don't expect the general implementation of Envelope or Secure Components to change much, it is still considered a DRAFT and subject to change due to further review and feedback. Please do not deploy products using this technology just yet, and please let us know if you're eager to adopt aspects of it so we can finalize them quickly for you.
The thing I'm working on right now is a proposal for a command-line tool envelope
which, like our other command-line tools seedtool
and keytool
, demonstrates, exercises, and facilitates the use of Blockchain Commons technologies. I expect the initial draft of this proposal to be ready by the time of our meeting later today and will put the link up here when it is ready for review.
The first version of envelope
could easily be written in Swift and directly use BCSwiftSecureComponents as its primary dependency. Alternately, we could go ahead and create a C++-based bc-c-secure-components
library and then base an implementation of envelope
on that. The primary tradeoffs being: 1) Using Swift means faster delivery but only runs on macOS (well, Swift can also target Windows now, but I have no direct experience with that) or 2) Using C++ would mean slower delivery but also a ready-to-deploy C++ implementation of SecureComponents and a command line tool that can easily be deployed anywhere. A third option would be to do the implementation for both the library and tool in Rust.
We'd definitely like the community's feedback on these options.
Here is the link to the envelope
CLI tool proposal I mentioned above.
I might risk an off topic flag here since you discussing OSS protocol rather than a commercial product, yet FYI vault12.com had been running an app for number of years now doing exactly that with mobile devices as storage nodes. Owner creates a “Vault” out of friends & family phones, and sends them Shamir’s shards of the seed for safekeeping. We have some pieces open sourced already (About/Tech) along with a few white papers on internals, you might find something useful in there to help your design process.
Our next CSR call is Thursday October 13th at 6pm PDT, using zoom (contact me on signal for zoom link).
Agenda includes:
If you have something you'd like to add to the agenda, or an announcement or demo that you'd like to make during the meeting, add them here.
-- Christopher Allen
Collaborative Seed Recovery, or CSR, is a new system intended to automate the recovery of seeds and other sensitive digital data in a way that is safe, secure, and simple to use. It is not a methodology to prevent compromise, but simply to add resilience to recovery in the case of failure or loss.
CSR allows for the recovery of seeds and other secrets by dividing responsibility for recovery up between multiple devices, some (but not all) of which will be necessary for recovery. Its baseline recovery mechanism uses self-sovereign recovery, while more advanced scenarios allow for social recovery. Backup is meant to be largely automated, especially in the baseline scenario, while recovery may require some user intervention.
CSR is built using SSKR to lock crypto-envelopes of data and to allow recovery using a variety of authentication methods.
Please see the CSR Overview for more information.
TODO: Documentation & Prep
crypto-envelope
with multiple types of SSKR Permits (2 of 3 + 4 of 9) + metadatacrypto-requests
TODO: Specification Work
TODO: Level 0
TODO: Level 1
TODO: Post-Release
This is expected to be a joint project of Blockchain Commons, Bitmark, and Proxy with a planned start date around July 5th.
Essential Links: CSR
Essential Links: SSKR
Essential Links: URs