[tahoe-dev] [tahoe-lafs] #217: Ed25519-based mutable files -- fast file creation, possibly smaller URLs
tahoe-lafs
trac at tahoe-lafs.org
Tue Jan 22 14:09:30 UTC 2013
#217: Ed25519-based mutable files -- fast file creation, possibly smaller URLs
-------------------------+-------------------------------------------------
Reporter: zooko | Owner: zooko
Type: | Status: assigned
enhancement | Milestone: 2.0.0
Priority: major | Version: 0.7.0
Component: code- | Keywords: mutable crypto newcaps performance
mutable | research
Resolution: |
Launchpad Bug: |
-------------------------+-------------------------------------------------
Changes (by zooko):
* keywords: mutable crypto newcaps performance => mutable crypto newcaps
performance research
Old description:
> Mole2 and The_8472 and I had a conversation on IRC which leads to the
> following ideas. These are late-night-sleepy and fresh ideas, so they
> may be holey.
>
> To create a new mutable file choose a random seed ''r'', and use it to
> produce a public/private key pair (for concreteness, think
> [http://en.wikipedia.org/wiki/Digital_Signature_Algorithm DSA], so your
> private key is a just the random 256-bit number ''r'' and the public key
> is just ''g''^''r''^ mod a big prime, let's say maybe 4096-bits).
>
> Now let the symmetric encryption key ''k'' be the secure hash of the
> public key!
>
> Now encrypt the file and upload it. Now encrypt the public key and
> upload it. Now if you give someone ''k'' they can read and verify. If
> you give them ''r'' they can read and write (sign).
>
> Let the "location index" be derived from the read-capability.
>
> To squeeze ''r'' you can pick a smaller random number for ''r'', maybe
> 128-bits and use a secure hash to expand it to 256-bits. This is
> cryptographically questionable, but it may be worth asking those
> questions in order to get really nice "printable capability" lengths, as
> well as a pleasing simplicity of crypto structure.
New description:
Mole2 and The_8472 and I had a conversation on IRC which leads to the
following ideas. These are late-night-sleepy and fresh ideas, so they may
be holey.
To create a new mutable file choose a random seed ''r'', and use it to
produce a public/private key pair (for concreteness, think
[http://en.wikipedia.org/wiki/Digital_Signature_Algorithm DSA], so your
private key is a just the random 256-bit number ''r'' and the public key
is just ''g''^''r''^ mod a big prime, let's say maybe 4096-bits).
Now let the symmetric encryption key ''k'' be the secure hash of the
public key!
Now encrypt the file and upload it. Now encrypt the public key and upload
it. Now if you give someone ''k'' they can read and verify. If you give
them ''r'' they can read and write (sign).
Let the "location index" be derived from the read-capability.
To squeeze ''r'' you can pick a smaller random number for ''r'', maybe
128-bits and use a secure hash to expand it to 256-bits. This is
cryptographically questionable, but it may be worth asking those questions
in order to get really nice "printable capability" lengths, as well as a
pleasing simplicity of crypto structure.
--
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/217#comment:69>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-dev
mailing list