1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
Delivery-date: Tue, 16 Jul 2024 10:57:48 -0700
Received: from mail-vs1-f59.google.com ([209.85.217.59])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDD5RM5R7QJRBFHJ3K2AMGQEUP26UNA@googlegroups.com>)
id 1sTmQu-0002eF-2E
for bitcoindev@gnusha.org; Tue, 16 Jul 2024 10:57:48 -0700
Received: by mail-vs1-f59.google.com with SMTP id ada2fe7eead31-4900d3556b7sf19976137.0
for <bitcoindev@gnusha.org>; Tue, 16 Jul 2024 10:57:47 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1721152662; cv=pass;
d=google.com; s=arc-20160816;
b=KKG+nSzzZ01KXInYcc+tKWMJALM3VePEYe8LV8tPsOJAPSfS7bCVgsQLdelExQsNjV
ymHkwtd4TQ0k8Hit2zl0RvXEAECBX46ssoQQbBUvcYfy6d5l+daDcg1WPm75N4Y5GAaF
Li3tJZSHxX4k4he846dDK7LR8emj0nDM+eLF6uZUAmttFw+AXab4bttJMf7FLWNfRrYG
sbPUPnH3411CVYiICeLyNqTzOVcQXEPexJWrqqI4iuOeR0RTcc8DKh+ITgQe7WYyswXQ
G5zvw4CiFwBdNcjMjIvPMZ318f4faAvLdvLZVjZ1LvojUAhS+SDy6N1OJ5gnZMmvf4Jt
8srA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:in-reply-to:from:content-language
:references:cc:to:subject:user-agent:mime-version:date:message-id
:sender:dkim-signature;
bh=v8az7NQvvletvFBvf1wSgTxBvtncRlVkgrJLn4CAads=;
fh=UFddz5FsfCUoFRKP1BByjflA/702FHZL2L+UkvcsYdA=;
b=lVWRVYtCypPdxILXMoeXD1duMdrsJSjIOLryIyDK0bZLlCmJvMKYo73mu2XykeeedU
YBfrfnTKh19BLUBKI+pULSDYv0T77KY4Zm0iFm+NvoF/y80ReqKPIucFPSR7uNmoHjC2
/hTwbMaEXwzs5/MyTNaX4I8pPs2stTO6hnsfMTHP/gHhAzcnjIoBzx00hT33K/KbzboU
8W/KYijKrKYiLhQp6aA9cv3NX2F74KelKy7Rra8+7ZZFbu2SvAEqnC5nn9Ov4Fyrw69I
Q9C9Hliw5VgRDxwFFLQFVISQ6wZEu0u7ujct9Z5VusMCWKfsnZZTneOwlT2phhfcZ8Y/
Q2zw==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b="cRRk6/T/";
spf=pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1721152662; x=1721757462; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:from:content-language:references:cc
:to:subject:user-agent:mime-version:date:message-id:sender:from:to
:cc:subject:date:message-id:reply-to;
bh=v8az7NQvvletvFBvf1wSgTxBvtncRlVkgrJLn4CAads=;
b=GAeqM0z4x45KajpHLUOTkTgpjxj44LBmWQM6XgYZDa8a7OLFQhIR0U81iqjzG+DluM
DT26YRtONPMFMplRGroBbPhG9HfGI2W/gX4XJkf7uyifglLomw2BXBYMV4Y0tgMilItC
GR8vA+gJ2LuTefN+m0Cy/ovhN3V6l9mF/dAsr5iZ9R+1e3N4huPmEk3Uewetj3MBunGS
jlAT875PSXwcsCfvqEAcGEOqFX1HQNSXZ8rRn8AYWoVCoHroowzpt2ib6t/w53C9X89c
oMsT2nq7HUgwrOTw0yi3YxYYCv0T+Q7jTmQMKJ6CobwiJd1kip6meb32ntLfb9Sf48Ls
KxOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1721152662; x=1721757462;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:in-reply-to:from:content-language:references:cc
:to:subject:user-agent:mime-version:date:message-id:sender
:x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=v8az7NQvvletvFBvf1wSgTxBvtncRlVkgrJLn4CAads=;
b=EGGdDONwAmfCzP5mWILEMCKPQgGdPY6RoOmGPzF73l6GRA1xrI5FZbmH0zTdEa1nc8
XFTZEQhTTrDSN4YutVGPRsZlopFmOA/bK8XWfUk0+u7jZfsJiWIc/ck/dkIv2fphwH5+
FglGWNR7VtURemdIrwNm/IQ7MsjpZ75sDpLXhZdayMKsAVjMaeca2R9bNx/lz0qSHX4j
FYxY3G/Brzz9cAT+wGheVjqBb6pmCA11MVL2uj7DW8pf2TX8OWLBjFDStTI6pP/0PRdL
GZ9F3ID90J1Fi8UwcIr/K+D8SUzUMbqX3t8gDxOiWUQbY94ZrNH/QXRXFSZ+V34lxr86
d+Vw==
X-Forwarded-Encrypted: i=2; AJvYcCV5ByoIBnrMZgbCfUgZWMvVaot0aMriwXhhFhIyJb6V71YpKvQMdIUpoPedxScxBN2rdm/ktg4jD34uDUUkd9vfjZwF1fA=
X-Gm-Message-State: AOJu0YyUW0a2ijXnclbGj6PDnGXlk7/dn/4kcBfYlstXAaz1EAoy4Rk7
3gigRdGq/tXuhx7H7lZyi2FEFWakMnS0EkTHbJat47Bi5nN1nJpb
X-Google-Smtp-Source: AGHT+IFaL7tfYmbBHT1CqKMl0+m7wnw9pavsR4rHqV2Z4uqstrUYAmImGoOH2rYJpTcWwcrczkttAA==
X-Received: by 2002:a05:6102:3746:b0:48f:89cc:dd2b with SMTP id ada2fe7eead31-4915616f471mr228516137.11.1721152661676;
Tue, 16 Jul 2024 10:57:41 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:ad4:57c7:0:b0:6b5:a3b:a77 with SMTP id 6a1803df08f44-6b74b32548dls97835336d6.0.-pod-prod-09-us;
Tue, 16 Jul 2024 10:57:40 -0700 (PDT)
X-Received: by 2002:ad4:4ea4:0:b0:6b5:e284:5713 with SMTP id 6a1803df08f44-6b77f558845mr1976006d6.13.1721152660143;
Tue, 16 Jul 2024 10:57:40 -0700 (PDT)
Received: by 2002:a05:620a:3636:b0:79f:13a0:3096 with SMTP id af79cd13be357-7a18438c5eams85a;
Tue, 16 Jul 2024 10:31:52 -0700 (PDT)
X-Received: by 2002:a05:6512:39d4:b0:52c:d8c7:49ce with SMTP id 2adb3069b0e04-52edef1df2cmr2023039e87.22.1721151109799;
Tue, 16 Jul 2024 10:31:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1721151109; cv=none;
d=google.com; s=arc-20160816;
b=AaYimqddUq9YzGusZiT/X9lLwzkwqGgMv6J5I04TIg148uFTKV27MmNrMiNC8iqYyk
7XJo6V2Hsh8XFmZtAUaN0mXtI1ScH3e/NmM6otFGRXcQtQSmefYUr7ZUdhZDmJQUcu1Q
qkorvQke6HliUnfyPIcCfizi/HIQRYdAF+7r8hjKq8+i4FBn2NLwLtXd1rwIvcliLag3
z7P6PfTm3QRbOrO0AKKf2YVl5CtshvmwX9rJIzyOBHi5ij10OdmC5iKLZbDNUBTZhl+W
lUbx8+FVGWq2EBqnlr/FPTrb+ONL04YP7S4Yh94hx1eJssSaoObO0piCVArMpRz6xYTF
iQnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:in-reply-to:from:content-language
:references:cc:to:subject:user-agent:mime-version:date:message-id
:sender:dkim-signature;
bh=eb5IO53SokXMAHXNA70860o7J6LZZnErlLFsOeX2RRk=;
fh=VZo8vIvmrD8/JTLXAYicEP+ciNPPsCOg9rH1aVGR2nQ=;
b=EDp6aLxQpQ/dWFG2U0e70IRzGR8n4d9pCb00+x+0EMEIoqnUCd3GRUZccnJGvurVf1
xYqf8Bkhzh4UZS69TvGPvNQyDSrfj/w5tyzCgTkb/LU5Lu3d0nHsBVlHB17SBbloUdqS
fqM21QMwywQD+kwa5wmiKo8yYiiwhMsnIv/ITiHW5rHFRMHe4QfSVKmTE9fvJJCezCP2
oMC8IgK5u+38n8eJ8Gk7Rlk2wLgi7nP8r84nlgkeKL29VkdQnn2JOgrFDs6C6zt0KyLc
hkQPcwFAo9olYGvjzBslmEqFOd5ukVKq2IZ7D3B7t0w7IEbUYTZq+FlqvBvVEhOwOd6F
0RNA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b="cRRk6/T/";
spf=pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com. [2a00:1450:4864:20::630])
by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-52ed257c6c7si115751e87.8.2024.07.16.10.31.49
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Tue, 16 Jul 2024 10:31:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::630 as permitted sender) client-ip=2a00:1450:4864:20::630;
Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a77e7a6cfa7so629609166b.1
for <bitcoindev@googlegroups.com>; Tue, 16 Jul 2024 10:31:49 -0700 (PDT)
X-Received: by 2002:a17:906:488:b0:a72:5bb9:b140 with SMTP id a640c23a62f3a-a79eaa73fc1mr206299566b.54.1721151108673;
Tue, 16 Jul 2024 10:31:48 -0700 (PDT)
Received: from [10.11.10.42] (p50879922.dip0.t-ipconnect.de. [80.135.153.34])
by smtp.googlemail.com with ESMTPSA id a640c23a62f3a-a79bc5d2040sm340810866b.84.2024.07.16.10.31.47
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Tue, 16 Jul 2024 10:31:48 -0700 (PDT)
Sender: Jonas Nick <jonasdnick@gmail.com>
Message-ID: <7084f935-0201-4909-99ff-c76f83572a7c@gmail.com>
Date: Tue, 16 Jul 2024 17:31:47 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [bitcoindev] BIP Draft: "ChillDKG: Distributed Key Generation for FROST"
To: "David A. Harding" <dave@dtrt.org>, Tim Ruffing <crypto@timruffing.de>
Cc: bitcoindev@googlegroups.com
References: <8768422323203aa3a8b280940abd776526fab12e.camel@timruffing.de>
<5ce152c9181ea552b8e146c9329f011b@dtrt.org>
Content-Language: en-US
From: Jonas Nick <jonasd.nick@gmail.com>
In-Reply-To: <5ce152c9181ea552b8e146c9329f011b@dtrt.org>
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Original-Sender: jonasdnick@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b="cRRk6/T/"; spf=pass
(google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::630
as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
Thanks Dave. There are indeed potential privacy implications of the recovery
data because only the secret shares are encrypted. Most importantly, the
recovery data contains in plaintext:
- the long-term "host" public keys of the participants
- the final threshold public key that is the result of the DKG
For example, we could imagine a scenario where a DKG participant puts their
recovery data on a cloud hoster and an adversary is able to obtain it. Then the
adversary could use to contained threshold public key to associate on-chain
transactions with the victim.
However, there's nothing preventing the participants from encrypting the
recovery data before backing it up. We do not specify that encryption in the BIP
because it is an operation local to the participants and does not affect the
communication between them. But now that you mention this, I think we should be
a bit more clear in the BIP (and don't call the recovery data "public"). For
example, it may make sense to use the DKG protocol seed to derive an encryption
key, so you don't have to backup any secret data besides the seed.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/7084f935-0201-4909-99ff-c76f83572a7c%40gmail.com.
|