Closed perki closed 1 year ago
Hi @perki, I'm glad you are giving this library a try. You are right, the primitives in this "schema1" are not adequate for your use case, it does not scale.
I think your problem can be solved with an additional clever trick on the keys of contributors and recipients, and I believe this is solved in the paper "Cryptographically Enforced Orthogonal Access Control at Scale" by Bob Wall and Patric Walsh.
...allows the decision about the groups to which to encrypt a piece of data to be made independently and asynchronously from the decision about who belongs to a group and can therefore decrypt the data.
That's the foundation of their product of group management and PRE.
Still, there is a cost when an entity is added or removed from the group since keys need to be regenerated iirc.
Hello @aldenml,
Thank you for your answer. My first successful implementation is with Ironcore's library from Bob Wall and Patric Walsh. Now I start testing others PRE flavors such as your implementation.
For my use case, I don't need to "add" / "remove" entities from a group. But I need anyone to able to contribute.
A not fully end-end to encryption, but could be acceptable for my use case, is then to let the proxy encrypt plain text messages with A pk. Then A could generate a reEncryption key (implying that A knows the proxy's secret signing).
Thanks again and kind regards, Pierre-Mikael
Feel free to re-open if you want to continue the thread
Hello,
I'm trying to achieve the following scheme
C
encrypt a message withA
public key and send it to theProxy
A
creates a re-encryption key that the proxy can use to share data withB
I managed to achieve it only if the re-encryption is signed by
C
pre_schema1_ReKeyGen(keysA.sk, keysB.pk, signingC);
This is not very practical in the following situation
A
has a data repository, managed byProxy
anyone can contribute to this data repository by positing messages encrypted withA.pk
A
select who can read these data by creating reEncKey for each recipient.In this situation it would mean that
A
would have to create n reEncKeys for each Contributor/Recipient pair.Do I miss a point that would allow to have only one reEncKey per recipient ?
Here is a sample working code