Try โ€‚โ€‰HackMD

private groups | 2020-06-18

https://github.com/ssbc/private-group-spec/blob/master/vectors/unbox2.json

  • keks: drop the initial unboxed message
    • mix:
      Image Not Showing Possible Reasons
      • The image file may be corrupted
      • The server hosting the image is unavailable
      • The image path is incorrect
      • The image format is not supported
      Learn More โ†’

Direct Message

https://github.com/ssbc/private-group-spec/pull/8/files

  • keks: in my PR I tfk encode the dh_keys for the DM-key derivation

  • mix: is it safe to make a shared DM key with yourself

    • use-case : if I lose all my stuff, how do I get back into the group?

    • keks: aiming for forward security, ideally you couldn't get back in?

      • other solutions: what if there's a private group for just you (like Signal note-to-self?)
      • could add other devices of yours to this group, so you can get back in
    • mix: you could always export your keystore

      • keks: yes and it should be encrypted, dark-crystal?

Envelope spec

https://github.com/ssbc/envelope-spec/tree/master/derive_secret/README.md

TODO: change (for clarity)

function Derive (key, feed_id, prev_msg_id, labels, length) {
  var info = ['envelope', feed_id, prev_msg_id].concat(labels)

  return HKDF.Expand(key, encode(info), length)
}

Private Group Spec

  1. we disallow you from making a shared DM key with yourself
  • keks: I think using a "square dh", is fine. it's slightly weaker, but all our models give the adversary so much more power than is realistic here
  • mix: but what about fwd security, you could bar now to have easier time later?
    • keks: good point
    • mix: propose we put this hard rule in place, and see how it is. later we can relax this is needed
      • mix: ๐Ÿ‘
      • keks: ๐Ÿ‘
  1. there are max 16s slot on a message
  • mix: ๐Ÿ‘
  • keks: ๐Ÿ‘
  1. if there is a group key
    a) there is only 1 group key per
    • mix: ๐Ÿ‘
    • keks:๐Ÿ‘
      b) the group key is in the first slot
    • mix: ๐Ÿ‘
    • keks:๐Ÿ‘๐Ÿ‘๐Ÿ‘

TODO - make sure these changes are in the spec

Timeline

keks: Go side of things we've got the envelope code back up to date.
we're gonna meet again for more private groups

mix: lets look at the vectors and see what needs doing:

  • envelope-spec

    • box1 yes

    • box2 - mix: libsodium didn't let me encrypt an empty buffer.

      • keks: TODO look at it
    • box3 - mix: this blocks against a person not making a unique msgKey

      • keks: yeah I see what you mean but not particularly useful IMO
      • mix: ok, I'll remove TODO
    • cloaked_id1 yes

    • derive_secret1 yes

      • keks: we should mention those are TFK encrypted
      • mix: TODO change this by saying what's TFK to description
    • slot1 yeso

      • mix: TODO change this by saying what's TFK to description
    • unslot1 yeso

      • mix: TODO change type to slot
  • private-group-spec

    • unbox1 yes
    • unbox2 TODO drop the plaintext msg
    • direct-message-key TODO change because of change of spec with TFK encoding
    • groupid1 yes

TIMELINE

  • mix updates READMEs, vectors
    • send to keks / cryptix
  • keks / cryptix pass the "core" vectors
  • we make the READMEs more detailed
  • version 1.0.0 of specs is locked in
    • envelope-spec
    • private-group-spec
  • we make the READMEs more accessible

we both agree the docs are a bit messy

  • maybe it would be good to think about who's gonna be using it?

we talked about cooking

  • does nz have smoked tofu TODO