[Proposal] How to use the KRC data structure to implement (keyed) remote capabilities
Uwe
geno.de at public-files.de
Tue Nov 30 23:31:56 CET 2021
With this data structure it is possible to implement
remote capabilities that are keyed to the proper owner
which avoids unintended delegation by solely copying
the data.
For this I modify the algorithm a little bit.
> First you have the points A and B which name the proverbial Alice and Bob, the items
> which should be connected. You need to compute the points K,R and C which make up the
> data structure.
> 1. Choose a random point on the elliptic curve and name it R. (I said it was simple :-)
R isn't random anymore. It's the name point of the ressource the capability makes accessible.
> 2. Choose a random scalar k, multiply it with the generator G and name the result K.
> (Two points down and hardly a sweat. And independend of A or B!)
> 3. Compute R-kA and call it D.
> 4. Also compute R-kB and call it E.
> 5. Hash D (with possibly some identifying string for Alice) to a scalar d.
Here ^ I would use some Information private to Alice to make d computable
only to Alice. That means to:
Insert steps 4a after step 4 and step 5a after step 5.
4a. Send D (and R) to Alice
5a. Receive d back from Alice
> 6. Hash E (with possibly some identifying string for Bob) to a scalar e.
Likewise for Bob.
> 7. Compute k(eB+dA) and name this point C.
> The data structure consists of the points K,R and C and the identifying information
> used in the hash (possibly implicit).
>
> To use that information Alice (for example) computes this:
> 1. Compute R-aK and call it D.
> 2. Hash D (with identifying information) to scalar d.
> 3. Compute C-daK (where 'a' is the private key to A) and call it F.
> 4. Compute daF and call it M.
> M is the same point for both A and B but not for other keys.
The knowledge of M is used to access the ressource. For instance by
calculating a (keyed) MAC to the commands.
To copy a capability the old capability is used to ask the owner of
the ressource to take part in the computing of a new KRC data structure.
And the partner that is receiving the new KRC data structure must also
take part in the calculation. Only if both take part correctly the result
is a valid KRC data structure keyed to both partners (and never to the
copier).
More information about the users
mailing list