-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement export functionality of key shares #537
Comments
Some light notes on implementation decisions. The From this perspective, we should probably support one well known pke that is CCA2 secure. I would favor something like ECIES, but there may not be many good libraries out there that provide an implementation, since ECIES requires you to choose an elliptic curve, a KDF, a MAC, and a symmetric encryption scheme. If we can't find a good library we would have to build it ourselves. Although it is not ideal, if it is too difficult to find a good implementation or we don't trust ourselves to come up with one, we could just use RSA-OAEP since the data we want to encrypt is so small. At the very least we must provide very clear documentation on what the schemes are and how to generate a key. We could potentially include a function like When building this we should also keep in mind that this type of functionality could be a pretty dangerous foot gun for users and we should try to make this very clear in documentation as well. |
We’re amending this ticket to try and give users of this library more flexibility in how they choose to implement this functionality. In particular, we would like this function to instead take as input a type that implements a trait called Pke which has method signatures encrypt and decrypt.
to something like
where Pke offers both ** earlier this said we wanted to change the naming from |
The goal of this ticket is to provide backup and restore functionality in tss-ecdsa for private key shares. Specifically, we need the ability for users of the library to export their private key shares securely with a given public encryption key. Participating nodes will use the key to encrypt the key shares and return all of the encrypted shares to the caller of the library.
We will need convenience functions that allow a user of the library to locally decrypt the key shares with a given private decryption key and then recombine into a whole private key. Note that this functionality should not be part of the core library but potentially part of a higher-level wrapper SDK or a separate crate that wraps the tss-ecdsa.
Things to discuss prior to implementation:
The text was updated successfully, but these errors were encountered: