Threshold encryption - group 6

[qstokkink]

@mathewvermeer @marius-pop0 @bas921 @JLauriks @jeffsirocki

You will create your own blockchain, almost from scratch. Your blockchain will be special! Your blockchain will be both fully permissionless, require no miners, provide transparency, and yet still offers solid privacy. All information on your blockchain will be encrypted. It will operate on smartphones exclusively. Together with friends your encrypted blockchain essentially becomes your personal data server; problem such as reliability, backup, and theft-locking become tractable. Two students have created a starting point for you to get going, see project A for details and links on Android Trustchain. You will add the ability to spread information among trusted friends in order to protect it from fraud, theft and abuse. By using threshold encryption you need multiple phones to cooperate to decipher information. From Wikipedia: The message is encrypted using a public key and the corresponding private key is shared among the participating parties. Let {\displaystyle n} n be the number of parties. Such a system is called (t,n)-threshold, if at least t of these parties can efficiently decrypt the ciphertext, while less than t have no useful information. Mature libraries are available to get you started quickly. This project gives you a lot of freedom, you can focus on the encryption part or offer a compelling service. It's up to you.

This ticket will contain information for group 6 of the CS4160 threshold encryption project Feel free to post your important updates and questions in this issue.

Reading material: https://scholar.google.nl/scholar?hl=en&as_sdt=0%2C5&q=key+escrow&btnG=

Search terms:

• Sovrin
• uPort

You can also check out issue 3013 in this repository.

Meeting schedule: Tuesdays weekly 10:30

[qstokkink]

Next week will be our first meeting. Please propose a time to meet the 28th of November 2017, 11:30, 13:30 and 14:30 are already taken.

Please make sure you prepare the following for this meeting:

• Every member of your team should know what key escrow is and how key recovery works in bleeding edge software like Sovrin and uPort.
• Have a planning for your project. Your report is due in the week of the 22nd of January 2018, your presentation is due one week after that.
• Decide on the features your proof of concept will contain (the more features, the higher your grade, but the higher your potential for failure)
• Decide on what software/framework you will use (we have a TrustChain Android implementation for you ready-made)

[mathewvermeer]

@bas921 @JLauriks @jeffsirocki

[bas921]

Hi @qstokkink, thank you for creating the issue. I think the project description is incorrect since we'll be working on the threshold encryption instead of the self-sovereign identity project. Could you confirm this is correct?

[qstokkink]

@bas921 good catch! I corrected it, this was a copy-paste error on my side.

[JLauriks]

@qstokkink would it be possible to schedule the first TA meeting on the 28th 10:30/10:45 (right after the blockchain lecture)?

[qstokkink]

@JLauriks That is fine, I'll wait for you in my office (HB 07.270). See you all next week!

[qstokkink]

For next meeting 5th December 2017:

• Have a basic PK generation implementation
• Have shares implemented for a fixed number of holders

[qstokkink]

I cannot find the invite link to your repository: could you send me an invite link? (to my e-mail)

[mathewvermeer]

@qstokkink https://github.com/key-party/CS4160-trustchain-android/invitations

[qstokkink]

@mathewvermeer thanks, got it

[qstokkink]

First and foremost: best wishes for 2018! Your meeting tomorrow will be in this building: https://www.google.nl/maps/dir//51.9990903,4.3785233/@51.999109,4.3785435,18.08z/data=!4m2!4m1!3e2?hl=en In room 3.420 (third floor).

[bas921]

FTR: an overview of what we've implemented and tested over the past few weeks (subject to change).

When using the Trustchain Android app you have your own private blockchain to keep signed (agreed upon) transactions with other parties. In some ways you could say that your Blockchain contains your identity; a sequence of transactions that is unique to you. This means that the private key - associated with your blockchain - can be seen as the key to your identity, making it incredibly valuable. To make sure that this valuable information is backed up in a secure, user-friendly and distributed way, we have introduced an extension to the Trustchain Android app, enabling users to save so-called "shares" of their private keys with trusted peers using threshold encryption.

Some of the key features:

• Fully working peer discovery and connectivity
• Public keys are automatically exchanged during peer discovery
• Creation of key shares, with a flexible threshold and amount of shares
• Middleware to establish secure off-chain sessions between peers
• On-chain transaction verification of the shares
• Recovery mode to restore shares in a fresh installation

The shares are objects that are transferred securely off-chain, but are kept track of on-chain by transactions that include a digest of the share. This way the share can be verified without actually sharing any usable information about the share on the blockchain. With this technique, the sender/receiver can both be verified as well as the share itself. When recovering, this transaction can be used to verify that the recovery was successful by validating the signatures.

Some screenshots of our progress:

The shares can be created and send using the key management menu item

It is possible to send shares to any peer, their unique peer id (tied to their public key) will allow you to recognize the peers you want to send shares to (WIP)

This peer has received a share, which can be send to any other peer

Using the recovery menu it is possible to put the app into recovery mode, this will allowing any incoming shares to be restored into a new keypair if successful

The chain explorer shows the successful transaction of the shares (including some false ones), the sender will only sign share transactions that it actually send to that peer

[synctext]

Nice stuff. Will try to put that into my Stanford talk Friday.

[synctext]

enabling users to save so-called "shares" of their private keys with trusted peers using threshold encryption.

Please provide details on which threshold encryption algorithm and implementation library you are using. I need those details for my Stanford talk

[bas921]

@synctext Some technical details you might be able to use:

• We use Shamir's Secret Sharing to create the shares (library)
• The off-chain session (protocol) is secured by a Elliptic-curve Diffie–Hellman (ECDH), from which a 256-bit AES key is derived
• The share is sent encrypted by AES-GCM-256
• The digest used in the block transactions is a double-hashed SHA-256 hash (as is done by Bitcoin to generate public addresses)

The encryption stuff like ECDH and AES is done by the SpongyCastle provider, a Java BouncyCastle repackage for Android. This is the same as the original Trustchain Android app uses for the ECDSA keypair.

Just as a side note, any Shamir's Secret Sharing library can be used as a drop-in replacement.

Good luck!

[bas921]

Today we've released v1.0.1 of our Trustchain Android app with key sharing!

Currently implemented is:

• Full peer-to-peer communication with NAT puncturing through a bootstrap node
• Exchanging blocks between peers
• Splitting the private key into shares for distribution among other (trusted) peers
• The sending of encrypted shares to other peers
• Recovery of a private key by shares received from other peers

The source code is available at our Github repository located at: https://github.com/key-party/CS4160-trustchain-android.

Report: Distributed Peer-to-Peer Key Sharing using Trustchain

Our presentation is currently scheduled on Thursday the 15th of February at 11am in room E3.400 (subject to change).

[qstokkink]

On the off chance that I'm not there to pick you up, your presentation will be in room 28 Building Van Mourik Broekmanweg 6 1.W510 BANACH today.