You are reading content from Scuttlebutt
@Dominic %eYqUfFjpI7Lcru8CLEHxTuML/nbNUz/BL9R72P6CYHc=.sha256
#mmt
Re: %XVS1gYKaq

revoking trust - deleting shares

in my research, I also encountered the idea of renewed shares. This allows you to remove someone from the set of shares. I strongly recommend that dark-crystal adds this to the roadmap.

Trust is not a permanent state - I think it is important that if you can give trust you can also take it back easily. For example - say you share something with your partner - but then go through a difficult breakup - maybe you'd want your security to not depend on them anymore. Another example - one of your shares looses their device -- possibly stolen. Now a potential attacker has one share.

Solution: update the rest of the shares (any maybe add a new peer). If the peers delete then gets hold of one of the new shares, well it cannot be combined with any of the old shares! So the attacker has to acquire a quorum of shares before anyone suspects anything.

The neat thing here when you revoke trust in a share, that share holder doesn't have to do anything. Instead, the share holders you still trust replace the share, and that is enough!

Since ssb is on the record, we can't directly delete shares - but we can if we encrypt them to an ephemeral key.

Something like this:

Alice sends a request to Bob, "hi Bob, can you look after a secret share for me?"
Bob replies "yes, encrypt it to this ephemeral public key bob_e". Bob's stores this key on disk, for now.
Alice also generates an ephemeral key, alice_e and encrypts the share, sending bob alice_e.public, secretbox(share_bob, alice_e*bob_e) then deletes alice_e's private key. (note: alice sends the public key she used to bob, he'll need that to decrypt the share)

Later, she wants to update the share - she sends a message to bob: "please delete that share" and bob deletes his ephemeral key. Now bob can't decrypt that share anymore! So if an attacker gets a hold of bob's device, they won't have that share either.

If bob sent an array of ephemeral keys, then alice could update the share that many times without having to do another round trip.

PS. you'd better also look into how to securely delete files. I think this might depend on the underlying storage architecture sometimes. Or it might be as easy as just writing 0's over the file.

@bobhaugen if you have questions not directly security related, please fork the thread - but this one I'll answer here because it is short: because protecting keys is hard and dark-crystal makes it easier. Especially since it's targeting itself at diverse people.

Join Scuttlebutt now
AGPLv3 © ssb-viewer 38c61a5