Ephemeral shard returns

[m4gpi]

To improve security we want to use a system of ephemeral keypairs for shard returns so that previously returned shards (and therefore secrets) cannot be obtained in the case of SSB identity being compromised.

The need for this is explained in our report 'Security Considerations for Shamir's Secret Sharing' and discussed in this SSB Thread: %2qEtYbJ/tAiFuXHYgdfou7BvERxtIF7Cdq3NmjkSF4w=.sha256

We have developed an Sbot plugin for this and begun work to implement it at the API level. However we have uncovered several issues which makes this quite a lot more difficult than expected:

• Writing tests is difficult as the ephemeral keys are stored in an on-disk database and we need to be able to recreate databases for all participants in the tests. This could take quite some work.
• We need to define methods for deleting the ephemeral keys when the secret is no longer 'needed'. Some design process is required to define how and when this is appropriate.
• We have the opportunity to give a 'context message' which is hashed in with the Diffie-Hellman shared secret and ensures the key is used only for this unique purpose. Defining this needs some consideration.
• We want to use objects as database keys, and are having trouble getting this to work with Leveldb.
• The database keys we are giving (which are identifiers for the root message and recipient identity) are not being recognised, meaning no shards are being returned. This needs fixing. Output follows:

# recover.async.recombine (request v2 shards): Returns the recombined secret 
Key in: {"rootId":"%xNecYPfSM2HBeGsmODV5P9O5C1j3u0HiS1dyyOYr/Tc=.sha256","recp":"@Y7BwStaveqgS2JNYfPmSwYzr5k1PwzVzd7LkMZBXtr0=.ed25519"} 
Key in: {"rootId":"%xNecYPfSM2HBeGsmODV5P9O5C1j3u0HiS1dyyOYr/Tc=.sha256","recp":"@wPbCDZltMC+YpbcHRerXcxSLNh2iqqYLx7Bx8nIgvUI=.ed25519"} 
Key in: {"rootId":"%xNecYPfSM2HBeGsmODV5P9O5C1j3u0HiS1dyyOYr/Tc=.sha256","recp":"@0c/+LuvweMuD/PVAIImAvjHyMWKcI1qOv/Id7CsebtQ=.ed25519"} 
/home/beetroot/software/scuttle-dark-crystal/recover/async/mend.js:16
if (!shards.length) return cb(new Error('no valid shards provided to mend'))

TypeError: Cannot read property 'length' of undefined

• Once this is all working we need to give it a careful security review.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 1000.0 DAI (1000.0 USD @ $1.0/DAI) attached to it as part of the Ethereum Foundation fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $46,527.79 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 2 weeks, 4 days ago. Please review their action plans below:

1) ameba23 has been approved to start work.

• Define tests which take account of ephemeral keys stored on disk for different users
• Write method for deleting the keys when they are no longer needed
• Define an appropriate 'context message' to improve security
• Use objects as database keys for storing the ephemeral keys
• Fix bugs with unrecognised keys

Learn more on the Gitcoin Issue Details page.

2) ashd32 has applied to start work _(Funders only: approve worker | reject worker)_.

I will use next generation ECMAscript to modulate this task. Once refactored, it will be simpler to achieve your goal and resolve this issue.

Learn more on the Gitcoin Issue Details page.

[gitcoinbot]

@ameba23 Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] reminder (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[ameba23]

i've started on this in the two referenced PRs.

[gitcoinbot]

@ameba23 Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] reminder (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[ameba23]

still working on the two referenced PRs

[gitcoinbot]

@ameba23 Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• [x] reminder (3 days)
• [ ] escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[ameba23]

Work is completed.

[x] Define tests which take account of ephemeral keys stored on disk for different users For example see this test [x] Write method for deleting the keys when they are no longer needed See recover.async.deleteKeyPair and recover.async.deleteKeyPairs [x] Define an appropriate 'context message' to improve security Context messege now contains the rootId as well as the feedId of the custodian. [x] Use objects as database keys for storing the ephemeral keys Database keys are 'stringified' objects containing the same information as the context message. [x] Fix bugs with unrecognised keys All tests now passing.

What remains is some design issues around versioning of the 'request' and 'reply' messages. I have implemented this in an opinionated way, maybe not everyone agrees on it.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 1000.0 DAI (1000.0 USD @ $1.0/DAI) has been submitted by:

1. @ameba23

@ceresstation please take a look at the submitted work:

• PR by @ameba23

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $57,509.94 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

The funding of 1000.0 DAI (1000.0 USD @ $1.0/DAI) attached to this issue has been approved & issued to @ameba23.

• Learn more on the Gitcoin Issue Details page
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $54,033.40 more funded OSS Work available on the Gitcoin Issue Explorer