SIP-27: BLS-12381 Encryption Key Management for Non Private Key Wallet #27
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joyqvq
force-pushed
the
joy/sip-key-server
branch
from
ee87c15
to
4e066f0
Compare
joyqvq
force-pushed
the
joy/sip-key-server
branch
from
4e066f0
to
8b7b5ee
Compare
benr-ml
reviewed
Jun 25, 2024
sips/sip-key-server-temp.md
Outdated
|
|
||
| 1. Server holds a master seed. | ||
| 2. Server defines an endpoint and an authentication scheme. The request contains an unique user ID and an application ID. | ||
| 3. The server validates and authenticate the request, then responds with an encryption key by deriving it from master seed with domain separator as `sub || app_id` using [HKDF](https://datatracker.ietf.org/doc/html/rfc5869). |
There was a problem hiding this comment.
Instead of "domain separator", let's use HKDF(ikm=master key, info = sub | app_if)
benr-ml
reviewed
Jun 25, 2024
| 1. Server holds a master seed. | ||
| 2. Server defines an endpoint and an authentication scheme. The request contains an unique user ID and an application ID. | ||
| 3. The server validates and authenticate the request, then responds with an encryption key by deriving it from master seed with domain separator as `sub || app_id` using [HKDF](https://datatracker.ietf.org/doc/html/rfc5869). | ||
|
|
There was a problem hiding this comment.
HKDF returns a random byte array - Let's say that the output of the HKDF is of length field size + 128 bit -> and the secret key is computed using modulo the field size.
Eis-D-Z
previously approved these changes
Jun 27, 2024
joyqvq
commented
Jun 28, 2024
|
|
||
| The algorithm can be applied to BLS-12381 as well as Ristretto group. The field order for for BLS-12381 is defined [here](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05) as `52435875175126190479447740508185965837690552500527637822603658699938581184513`. | ||
|
|
||
| The `user_id` must be unique to ensure that each user receives a distinct encryption key. |
There was a problem hiding this comment.
mention multiple user ids for multiple encryption keys
There was a problem hiding this comment.
encode info as bcs { index, user_id }, add definition
Eis-D-Z
changed the title
Eis-D-Z
added
the
active
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.